When things break, our natural instinct is to look for someone to blame. Why? Because nothing happens by accident. It’s either done on purpose, a casualty of neglect or lack of preparation. Trust me, as someone who has worked in the security industry for over 20 years, I’ve seen a lot of issues arise and nearly all of them are down to one of the above.
Thanks to news headlines regularly sensationalising the hottest cybercrime gang or shady individuals claiming responsibility for the latest technology outage, you’d be forgiven for thinking that every IT failure, outage or scam, is the result of an attack. The truth is, this perception distorts reality precisely when we need to be very clear on where the real problems lie. Of course, cybercrime occurs, but what we need to worry about are the people who don’t just break stuff, but want to steal it all.
Today’s attackers are not interested in breaking into the Louvre and stealing a Monet, but are more interested in moving in and taking over the entire museum. In many cases, attackers have been shown to not only sneak quietly into IT systems in order to steal information but to actively improve security once they’re in, closing known vulnerabilities and generally giving the place a tidy up. All in an effort to shut out their competition. Yes, shockingly, they’re just like any other business.
Innovation today and in the future
The reality is, every organisation is under pressure to simultaneously respond more quickly to enable business innovation, and at the same time provide a stable, secure, compliant and predictable IT environment. It’s a difficult balance to strike when the threat of IT vulnerabilities grows as the business continuously scales.
It’s no secret that innovation is vital to stay ahead of the competition. However, it cannot come at the expense of business continuity. As a result, modern IT systems have to be more complex. While businesses work hard to make them as robust as possible, when you’re constantly innovating that complexity introduces an element of fragility and unpredictability that can be difficult to manage.
The best way for CIOs to achieve these objectives is to effectively create and deploy innovative business services that are built on the organisations existing IT foundation and layered with new delivery models and platforms. In practice, it’s bridging the old and the new, enabling an organisation to innovate faster at a lower risk. Thankfully, without the need to rip and replace legacy applications.
So as you’re taking a look at your business, here are a few key things to consider:
- Adopt disruptive technology such as cloud and mobility by more easily integrating them into existing business processes in order to deliver more customer services and products, more directly and rapidly, than your competitors.
- Be agile and still manage risk by gaining greater insight into the impact of changes to systems and services through fully harnessing the power of DevOps methodologies. This ability to offer business agility, enabled by technical innovation, will present the competitive advantage businesses need to survive and be successful.
- Develop software that more directly meets the business need so organisations can more predictably design and deliver applications with lower risk.
- If it’s not broken, fix it. Systems which haven’t failed for a while are actually a sign of impending disaster, simply because there isn’t enough experience in working around the problem.
The unfortunate truth is that all systems can, and will, fail. The best approach is to make sure the rest of the infrastructure can pick up the pieces when it does, allowing the IT team time to work on getting the original system back up and running.
The majority of IT threats lie within a business’s own infrastructure. Whether they’ve been overlooked, ignored or were pretty fragile in the first place. That’s why if organisations build, test, and deploy applications in a repeatable, reliable and secure way, it can reduce the company’s exposure to risk and ensure applications are rolled out faster.
Take a page out of Netflix’s playbook, for example. They’ve raised the bar by creating an impressive piece of software called Chaos Monkey that roams the inner workings of the Netflix infrastructure and randomly turns things off. So every hour, of every day, the team are learning new ways of dealing with vulnerabilities, exposing potential threats and discovering better ways of delivering their award-winning service to their customers.
That level of innovation is what sets businesses apart from their competition. Those who can move more quickly will erode market share, steal customers, and capture opportunities that threaten their competition’s survival. So, instead of worrying about whether you’ll be next on the latest cybergang’s hit list, take a closer look at your organisation’s everyday operations, as the key to better resilience could be right under your (or Chaos Monkey’s) nose.