Many IT teams are now officially between a rock and a hard place when it comes to digital business transformation and cybersecurity. In the wake of the COVID-19 pandemic, organizations are turning nascent digital business transformation initiatives into full-fledged business continuity strategies. Those efforts are requiring IT teams to accelerate the rate at which new applications are being deployed, mainly in cloud computing environments. The assumption is the cloud is both more resilient and more secure than an existing on-premises IT environment.
The challenge organizations encounter is that the finance team is also telling them they need to dramatically cut back on IT spending. No one knows what lies ahead, but many organizations are looking for ways to cut spending without impacting the quality of the IT experience or compromising cybersecurity.
High compliance costs
Of course, one of the biggest issues with any digital business initiative is compliance. Organizations today often spend millions of dollars a year on compliance initiatives that fundamentally don’t add value to the business. They are by any measure a necessary evil. That doesn’t mean organizations should short shrift the compliance process. Rather, organizations should focus more effort on automating the compliance process to the full extent possible.
Coalfire, a provider of cybersecurity advisory and assessment services, this week published a survey of 500 executives involved in compliance. The survey highlights the degree to which compliance has already become unsustainable from a cost perspective. Developed in collaboration with Omdia, a global analyst consulting firm, the survey finds that more than half of respondents (51%) are spending 40 percent or more of their IT security budgets on compliance. Two-thirds (66%) indicate that automation, visibility, and coordinated assessments are critical to compliance transformation, minimizing audit fatigue, and reducing the cost of compliance.More than half of organizations are spending 40% or more of their IT security budgets on compliance #cybersecurity #complianceClick To Tweet
Compliance is clearly a major cost for any digital business initiative, which means those costs are likely to spiral even higher unless corrective measures are put in place. Nearly 60 percent of survey respondents view compliance as a barrier to entering new markets. That is a critical issue at a time when many organizations are trying to accelerate their digital business transformation.
Of course, savvy cybersecurity professionals know well that achieving compliance is not a substitute for cybersecurity. However, compliance can provide a baseline from which cybersecurity can be achieved. The challenge has always been to minimize the costs of achieving that compliance baseline so there are enough funds left over to meaningfully address cybersecurity.
Cybersecurity as business enabler
Unfortunately, cybersecurity is still all too often an afterthought when it comes to digital business transformation. However, with billions of dollars in revenue at stake during a major downward slide in the global economy, many organizations will view cybersecurity as a critical business enabler. Just as many in a rush to build something quickly are likely to make a critical mistake.
Cybersecurity professionals need to find a way to proactively insert themselves into these projects. The issue is doing that has become harder to accomplish at a time when most of the stakeholders driving those projects are working from home. In fact, it’s not clear those stakeholders will ever be coming back into the office.
Like everyone else, cybersecurity professionals will need to find a way to adjust to the new normal as quickly as possible. The unspoken part of the adjustment, however, will be finding a way to do much more with much less. One obvious place to focus on to achieve that goal is the cost of compliance.
Mike Vizard has covered IT for more than 25 years, and has edited or contributed to a number of tech publications including InfoWorld, eWeek, CRN, Baseline, ComputerWorld, TMCNet and Digital Review. He currently blogs for IT Business Edge and contributes to CIOinsight, The Channel Insider, Programmableweb and Slashdot. Mike also blogs about emerging cloud technology for SmarterMSP.