Tech Talk: How to Strengthen Cybersecurity Practices and Democratize IT Functions
Vijay Sundaram, Chief Strategy Officer, ManageEngine, joins Neha Kulkarni to explain why the pace of digital transformation is so challenging and how businesses can stand up to the competition. Sundaram explains how CIOs can measure the success of low-code applications and address the challenges posed by the rise of shadow computing.
In this edition of Tech Talk, Sundaram discusses how CIOs can assess the need to invest in AI and ML to prevent cyberattacks. It also shares IT investments that will help businesses improve their security posture and reduce costs in 2023 and beyond.
Key takeaways on how to strengthen cybersecurity practices:
- Implement systems and controls that can be federated across functional groups
- Create a common infrastructure to manage, deploy and audit all software
- Invest in artificial intelligence and machine learning systems to research predictable or suspicious patterns
Here are edited excerpts from our exclusive interview with Vijay Sundaram, Chief Strategy Officer, ManageEngine:
Vijay Sundaram, Chief Strategy Officer, ManageEngine
SWNI: The IT industry has had a busy year since the start of the pandemic. But as the pandemic clouds begin to pull away, how should the IT and tech industry prepare for the next uncertainty?
Vijay: It’s no surprise that IT teams have become the corporate heroes of the pandemic. Without IT to match the occasion, many businesses would not have survived even the first few weeks, let alone the last two years.
The role of IT has shifted from supporting the business to ensuring its survival, securing a seat at the decision-making table. This is leading to greater decentralization of IT in the enterprise, especially in the United States.
Many IT functions, as they should be, are now managed within departments or lines of business under IT oversight, not complete control. This provides an even greater opportunity for IT to influence strategic decisions and guide overall business success while working as a partner to department heads.
Learn more: Beware of cyber threats in your supply chain
SWNI: From the shortage of tech talent to the democratization of IT, organizations are facing unprecedented challenges in the post-pandemic era. Why do you think the pace of digital transformation is so difficult and how can businesses compete?
Vijay: Digital transformation is changing the way companies have worked throughout their history. There are few precedents to learn from and many obstacles, although the value is also transformational. This involves changes in almost everything: people, organizational processes, data exchange and communication.
The massive disruption of the pandemic has forced all of these changes to happen almost instantaneously, just to keep organizations running. The good news is that it highlighted the value of technology and showed how imperative it is for organizations to jump on this bandwagon. This transformation requires different groups within the company to work together, share data and integrate business processes.
CIOs can plan for this starting with specific goals. For example, they can begin to integrate allg groups within a company, which can include marketing and lead generation, sales and account management, and customer support and service.
It’s a daunting task in itself, but with real benefits, requiring a clear articulation from the customer’s point of view. This reduces organizational resistance and internal opposition, allowing the company to focus on a smaller set of functional groups and build work systems that deliver rapid success.
SWNI: Let’s talk about the democratization of computing with low-code applications. Several investigations have revealed that low-code applications are not explicitly trusted, presenting a major security challenge for IT teams due to the rise of shadow IT. How should CIOs measure the success of low-code applications and address these challenges?
Vijay: As more and more workers use low-code and no-code tools, it’s critical that IT staff are available to help. In the recent ManageEngine survey, IT at work: 2022 and beyond, nearly all (98%) IT decision makers said that at least one department in their organization needed more training in technical skills, particularly marketing (52%), finance (45%) and sales ( 43%). Ironically, these teams are most likely to use low-code and no-code app development tools. This suggests that these teams misuse or underuse these technologies and need more support from IT.
CIOs must first play an educational role. They must educate the organization on the risks associated with loose cybersecurity, inadequate privacy controls, and the dangers of malicious actors. These are existential threats to most organizations.
Maverick IT’s efforts amplify this risk. CIOs can implement systems and controls that can be federated across business functional groups, so they are encouraged to comply without feeling subordinate to central IT groups. Finally, CIOs can create a common infrastructure to manage, deploy, and audit all enterprise software, whether purchased or in-house developed systems.
Learn more: A Big Threat to SMBs: Why Cybersecurity Is Everyone’s Responsibility
SWNI: The Survey of Computing in the Workplace: 2022 and Beyond highlights that the shortage of talent is the most significant barrier to the adoption of computing technology. What quick steps can CIOs take to close the talent gap in their organization?
Vijay: CIOs who tend to seek highly experienced people should change their hiring practices. This results in multiple companies bidding for the same rare talent, driving up costs while making scarcity even more acute.
This means companies need to have long-term plans that attract, train and develop their own IT talent.
This can mean looking for people with promise, initiative and motivation for IT careers who may not have the right education, but who can grow in the role and even excel in it.
SWNI: Another trend highlighted by the survey is that 55% of organizations have invested in AI and ML to prevent cyberattacks. However, investing in AI is a costly affair. How can CIOs assess the need to invest in AI and ML to prevent cyberattacks?
Vijay: Cyberattacks are not inconveniences. These are existential threats with huge reputational and liability costs. Investing in cybersecurity deterrence is like investing in insurance: you can’t operate without its coverage. CIOs can look at several areas to assess cybersecurity needs.
The most common type of attack is social engineering, such as phishing and impersonation. These can be resolved by recognizing patterns in large volumes of email and looking for anomalies and warning signals. A related area is authentication.
AI and ML systems can look for predictable or suspicious patterns, such as connections from multiple devices, from different physical locations, and at short time intervals, so additional checks can be imposed.
As these systems learn from repeated infiltration attempts, they learn and improve with each attempt. This reduces false negatives and allows investments to be amortized more quickly.
Learn more: The Endless Journey to Zero-Trust Architecture
SWNI: As the technology paradigm continues to rapidly evolve, what IT investments will help organizations improve their security posture and reduce costs in 2023 and beyond?
Vijay: Strengthening cybersecurity practices, communicating them to all employees, and ensuring compliance should be a priority for every business with a digital footprint. However, what we see in this report is a significant gap between who in the business should be responsible for cybersecurity efforts and who is Actually responsible.
90% of North American respondents agree that everyone in an organization should play a role in cybersecurity efforts.
However, when asked directly who is responsible for protecting their organization from cyberattacks, only 4% of respondents said “everyone”. Business leaders need to bridge this gap by fostering even closer collaboration between IT and the rest of the organization and by placing the responsibility for cybersecurity on all employees, not just IT.
About Vijay Sundaram
Vijay Sundaram is Chief Strategy Officer at ManageEngine and Zoho, where he is also responsible for the Partner and Channel Program. He is a former entrepreneur and company founder, in cloud supply chain software, mobile advertising technology and renewable energy. He has led product, sales, business development and finance teams within these organizations. Vijay enjoys working with senior executives, brainstorming and solving complex business issues that cross functional and organizational boundaries.
ManageEngine is the enterprise IT management division of Zoho Corporation. Established and emerging businesses, including 9 out of 10 Fortune 100 organizations, rely on ManageEngine’s real-time IT management tools to ensure optimal performance of their IT infrastructure, including networks, servers, applications , terminals, etc.
About Tech Talk
Tech Talk is a series of interviews featuring CTOs and senior technology executives from around the world. Join us to chat with these technology and IT leaders who share their insights and research on data, analytics and emerging technologies. If you are a tech expert and want to share your thoughts, write to [email protected]