Tech Talk: How To Fortify Cybersecurity Practices and Democratize IT Functions
“Investing in cybersecurity deterrence is like investing in insurance—you cannot operate without its cover.” In this Tech Talk, Vijay Sundaram, chief strategy officer, ManageEngine, shares how CIOs can assess the need to invest in AI and ML to prevent cyberattacks.
Vijay Sundaram, chief strategy officer, ManageEngine, joins Neha Kulkarni to discuss why is the pace of digital transformation so difficult and how can companies withstand the competition. Sundaram talks about how CIOs can measure the success of low-code apps and counter challenges that are presented from the rise of shadow IT.
In this edition of Tech Talk, Sundaram explains how CIOs can assess the need to invest in AI and ML to prevent cyberattacks. He also shares which IT investments will help companies to improve their security posture and lower costs in 2023 and beyond.
Key Takeaways on How To Strengthen Cybersecurity Practices:
- Implement systems and controls that can be federated across the functional groups
- Create common infrastructure for managing, deploying, and auditing all software
- Invest in artificial intelligence and machine learning systems to look for predictable or suspicious patterns
Here are the edited excerpts from our exclusive interview with Vijay Sundaram, chief strategy officer, ManageEngine:
Vijay Sundaram, chief strategy officer, ManageEngine
SWNI: It has been a busy year for the IT tech industry since the dawn of the pandemic. But as the pandemic clouds begin to move away, how should the IT and tech industry gear itself for the next uncertainty?
Vijay: It’s no surprise that IT teams became the enterprise heroes of the pandemic. Without IT rising to the occasion, many businesses would not have survived even the first few weeks, let alone the last two years.
IT’s role dramatically grew from supporting the business to ensuring its survival, gaining a seat at the decision-making table. This is leading to greater decentralization of IT across the enterprise, particularly in the US.
Many IT functions, as they should be, are now handled within departments or lines of business with IT’s oversight, not complete control. This enables an even greater opportunity for IT to influence strategic decisions and guide the company’s overall success while working as a partner to department heads.
See More: Beware Of Cybersecurity Threats Across Your Supply Chain
SWNI: From tech talent shortages to democratizing IT, organizations are facing unprecedented challenges in the post-pandemic era. In your opinion, why is the pace of digital transformation so difficult and how can companies withstand the competition?
Vijay: Digital transformation changes the ways companies have worked through their entire history. There are few precedents to learn from and many obstacles, even if the value is also transformational. It involves changes in almost everything—people, organizational processes, data interchange, and communication.
The massive disruption of the pandemic forced all this change to happen almost instantaneously just for organizations to stay in business. The good news is that it has made clear the value of technology and has showcased how imperative it is for organizations to get on that bandwagon. This transformation requires different groups within the company to work together, share data, and integrate business processes.
CIOs can plan this by starting off with specific objectives. For example, they can start to integrate all customer-facing groups within a company, which can include marketing and lead generation, sales and account management, and customer support and service.
This is a daunting task on its own, but with real benefits, requiring clear articulation from the perspective of the customer. This reduces organization resistance and internal opposition, allowing the company to focus on a smaller set of functional groups and to build working systems that offer early success.
SWNI: Let’s talk about democratizing IT with low-code applications. Several surveys have found that low code applications are not explicitly approved and that presents a major security challenge for IT teams due to the rise of shadow IT. How should CIOs measure the success of low-code apps and counter these challenges?
Vijay: As more workers use low-code and no-code tools, it’s vital that IT personnel are available to help. In ManageEngine’s recent survey, IT at work: 2022 and beyond, almost all (98%) IT decision makers said that at least one department in their organization needs to receive more technical skills training, especially marketing (52%), finance (45%), and sales (43%) departments. Ironically, these teams are the most likely to use low-code and no-code application development tools. This suggests that these teams are misusing or under-utilizing these technologies and need greater support from IT.
CIOs need to first play an education role. They need to make the organization aware of the risks associated with loose cybersecurity, inadequate privacy controls, and the dangers of malevolent actors. These are existential threats to most organizations.
Maverick IT efforts amplify this risk. CIOs can implement systems and controls that can be federated across the functional groups in the company, so they are encouraged to comply without feeling subordinate to central IT groups. Finally, CIOs can create common infrastructure for managing, deploying, and auditing all software in the company—both procured and home-grown systems.
See More: A Big Threat for SMBs: Why Cybersecurity is Everyone’s Responsibility
SWNI: The IT at Work: 2022 and beyond survey highlights that the talent shortage is the most significant barrier to the adoption of IT technology. What quick steps can CIOs take to bridge the talent gap within their organization?
Vijay: CIOs who tend to go after highly experienced individuals should change their hiring practices. This only results in multiple companies bidding for the same scarce talent, driving up costs while making scarcity even more acute.
This means corporations should have long-term plans that bring in, train, and grow their own IT talent.
This may mean looking for people with promise, initiative, and drive for IT careers who may not have the right educational background but can grow into the role and even excel at it.
SWNI: Another trend that the survey highlighted was that 55% of organizations have invested in AI and ML to prevent cyberattacks. However, investment in AI is a costly affair. How can CIOs assess the need to invest in AI and ML to prevent cyberattacks?
Vijay: Cyberattacks are not inconveniences. They are existential threats with huge costs to reputation and liability. Investing in cybersecurity deterrence is like investing in insurance—you cannot operate without its cover. CIOs can look at multiple areas to assess needs for cybersecurity.
The most common attack type is social engineering, like phishing and identity impersonation. These can be addressed through pattern recognition across large volumes of emails and looking for anomalies and warning signals. A related area is authentication.
AI and ML systems can look for predictable or suspicious patterns, like logins happening from multiple devices, from different physical locations, and in short time intervals, so additional checks can be imposed.
As these systems learn from repeated infiltration attempts, they learn and get better with each attempt. This reduces false negatives and results in investments being paid off more quickly.
See More: The Never Ending Journey to Zero-Trust Architecture
SWNI: As the technology paradigm continues to shift rapidly, which IT investments will help companies to improve their security posture and lower costs in 2023 and beyond?
Vijay: Fortifying cybersecurity practices, communicating them to all employees, and ensuring compliance should be a priority for every business that has a digital footprint. However, what we’re seeing in this report is a large discrepancy between who in the enterprise should be responsible for cybersecurity efforts and who is actually responsible.
90% of North American respondents agree that everyone in an organization should play a role in cybersecurity efforts.
However, when asked directly whose responsibility it is to protect their organization from cyberattacks, only 4% of respondents answered “everyone.” Business leaders must close this gap by fostering even greater collaboration between IT and the rest of the organization and putting the onus of cybersecurity on all employees, not just the IT department.
About Vijay Sundaram
Vijay Sundaram is chief strategy officer at ManageEngine and Zoho where he is also responsible for the partner and channel program. He is a prior entrepreneur and company founder, in cloud supply chain software, mobile advertising technology, and renewable energy. He has led products, sales, business development, and finance teams within these organizations. Vijay enjoys working with senior executives, brainstorming and troubleshooting complex business issues that skip across functional and organizational borders.
ManageEngine is the enterprise IT management division of Zoho Corporation. Established and emerging enterprises—including 9 of every 10 Fortune 100 organizations—rely on ManageEngine’s real-time IT management tools to ensure optimal performance of their IT infrastructure, including networks, servers, applications, endpoints and more.
Tech Talk is an interview series that features notable CTOs and senior technology executives from around the world. Join us as we talk to these technology and IT leaders who share their insights and research on data, analytics, and emerging technologies. If you are a tech expert and wish to share your thoughts, write to neha.pradhan@swzd.com
How is your organization fortifying cybersecurity practices and scaling them? Share your findings with us on Facebook, Twitter, and LinkedIn.
MORE ON CYBERSECURITY
