Tech Talk: How To Fortify Cybersecurity Practices and Democratize IT Functions
Vijay Sundaram, Chief Strategy Officer, ManageEngine, joins Neha Kulkarni to discuss why the pace of digital transformation is difficult and how organizations can stay ahead of the competition. Sundaram talks about how CIOs can measure the success of low-code apps and address the challenges posed by the rise of Shadow IT.
In this edition of Tech Talk, Sundaram explains how CIOs can assess the need to invest in AI and ML to prevent cyberattacks. He also shares which IT investments will help companies improve their security posture and reduce costs in 2023 and beyond.
Key Findings to Strengthen Cybersecurity Practices:
- Implement systems and controls that can be federated across functional groups
- Build a common infrastructure to manage, deploy, and audit all software
- Invest in artificial intelligence and machine learning systems to look for them predictable or suspicious patterns
Here are the edited excerpts from our exclusive interview with Vijay Sundaram, Chief Strategy Officer, ManageEngine:
Vijay Sundaram, Chief Strategy Officer, ManageEngine
SWNI: It has been a busy year for the IT industry since the start of the pandemic. But as the pandemic clouds clear, how should the IT and tech industry prepare for the next uncertainty?
Vijay: It’s no surprise that IT teams have become the corporate heroes of the pandemic. Without IT, many companies would not even have survived the first few weeks, let alone the last two years.
IT’s role grew dramatically from supporting the business to ensuring its survival and earning a place at the decision table. This is leading to greater decentralization of IT across the enterprise, particularly in the US.
Many IT functions, as they should be, are now handled within departments or lines of business under IT’s oversight rather than full control. This gives IT an even greater opportunity to influence strategic decisions and drive the overall success of the business while working as a partner to business leaders.
See more: Beware of cybersecurity threats throughout your supply chain
SWNI: From the shortage of technical talent to the democratization of IT, companies face unprecedented challenges in the post-pandemic era. Why do you think the pace of digital transformation is so difficult and how can companies stay competitive?
Vijay: Digital transformation is changing the way businesses work throughout their history. There are few precedents to learn from and many obstacles, although the value is also transformative. It involves changes in almost everything – people, organizational processes, data sharing and communication.
The massive disruption of the pandemic forced all of these changes almost instantly just to allow companies to stay in business. The good news is that it has demonstrated the value of technology and how important it is for companies to jump on board. This transformation requires different groups within the organization to collaborate, share data and integrate business processes.
CIOs can plan for this by starting with specific goals. For example, you can start to integrate all customer-facing processesG Groups within an organization that may include marketing and lead generation, sales and account management, and customer care and service.
This is a daunting task in itself, but with real benefits that require clear articulation from the customer’s perspective. This reduces organizational drag and internal resistance, allowing the company to focus on a smaller set of functional groups and build working systems that offer early success.
SWNI: Let’s talk about democratizing IT with low-code applications. Multiple surveys have revealed that low-code applications are not explicitly approved and this is a major security challenge for IT teams due to the rise of Shadow IT. How should CIOs measure the success of low-code apps and address these challenges?
Vijay: As more employees use low-code and no-code tools, it’s important to have IT staff on hand to help. In the recent ManageEngine survey IT at work: 2022 and beyondAlmost all (98%) IT decision makers indicated that at least one department in their organization needs more training in technical skills, specifically the marketing (52%), finance (45%), and sales (43%) departments. Ironically, these teams are most likely to use low-code and no-code application development tools. This indicates that these teams are abusing or underusing these technologies and need more support from IT.
CIOs must first play an educational role. You must make the organization aware of the risks associated with lax cybersecurity, inadequate privacy controls, and the dangers of malicious actors. These are existential threats to most organizations.
Maverick IT efforts amplify this risk. CIOs can implement systems and controls that can be connected across functional groups in the organization, encouraging compliance without feeling subordinate to central IT groups. Finally, CIOs can create a common infrastructure for managing, deploying, and auditing all of the software in the enterprise—both procured and homegrown systems.
See more: A major threat to SMBs: why cybersecurity is everyone’s responsibility
SWNI: The IT at Work: 2022 and beyond survey highlights that talent shortage is the number one barrier to IT technology adoption. What quick steps can CIOs take to close the talent gap in their organization?
Vijay: CIOs who are more likely to rely on highly experienced employees should change their hiring practices. This only results in multiple companies bidding for the same scarce talent, driving up costs and making the shortage even more acute.
This means companies should have long-term plans to bring in, train and grow their own IT talent.
This may mean you are looking for promising, initiative and driven IT careers that may not have the right educational background but can grow into the role and even excel at it.
SWNI: Another trend the survey highlighted was that 55% of companies have invested in AI and ML to prevent cyberattacks. However, investing in AI is a costly proposition. How can CIOs assess the need to invest in AI and ML to prevent cyberattacks?
Vijay: Cyber attacks are not inconveniences. They are existential threats with huge reputational and liability costs. Investing in a cybersecurity deterrent is like investing in insurance – you cannot operate without its coverage. CIOs can look at several areas to determine cybersecurity needs.
The most common type of attack is social engineering, such as phishing and identity theft. These can be addressed by pattern recognition in large volumes of email and looking for anomalies and red flags. A related area is authentication.
AI and ML systems can look for predictable or suspicious patterns, such as B. Logins from multiple devices, from different physical locations and at short time intervals, so that additional checks can be performed.
As these systems learn from repeated infiltration attempts, they learn and get better with each attempt. This reduces false negatives and means that investments pay for themselves more quickly.
See more: The never ending journey to zero trust architecture
SWNI: As the technology paradigm continues to rapidly shift, what IT investments will help organizations improve their security posture and reduce costs in 2023 and beyond?
Vijay: Strengthening cybersecurity practices, communicating them to all employees and ensuring compliance should be a priority for any organization with a digital footprint. However, what we see in this report is a huge disconnect between the people in the company should be responsible for cybersecurity efforts and who is actually responsible.
90% of North American respondents agree everyone in an organization should play a role in cybersecurity efforts.
However, when asked directly whose responsibility it is to protect their organization from cyberattacks, only 4% of respondents answered “everyone”. Leaders need to bridge this gap by fostering even closer collaboration between IT and the rest of the organization, and by shifting cybersecurity responsibility to all employees, not just the IT department.
About Vijay Sundaram
Vijay Sundaram is the Chief Strategy Officer at ManageEngine and Zoho, where he is also responsible for the partner and channel program. He is a former entrepreneur and company founder in the fields of cloud supply chain software, mobile advertising technology and renewable energy. Within these organizations, he led product, sales, business development, and finance teams. Vijay enjoys working with executives, brainstorming and troubleshooting complex business problems that cut across functional and organizational boundaries.
About ManageEngine
ManageEngine is the enterprise IT management division of Zoho Corporation. Established and emerging companies – including 9 out of 10 Fortune 100 companies – rely on ManageEngine’s real-time IT management tools to ensure optimal performance of their IT infrastructure, including networks, servers, applications, endpoints and more.
About TechTalk
Tech Talk is an interview series with notable CTOs and senior technology executives from around the world. Join us as we speak to these technology and IT leaders as they share their insights and research into data, analytics and emerging technologies. If you’re a tech pro and want to share your thoughts, write to [email protected]
How is your organization strengthening and scaling cybersecurity practices? Share your results with us on Facebook, Twitterand LinkedIn.
MORE ABOUT CYBERSECURITY