By Kanwar Loyal, Director, UK & Ireland, CrowdStrike
We might think of technology growth at many companies as operating around a trifecta of different forces: ‘slow’, ‘go’, and ‘no’.
Balancing the requirements of these forces is what occupies IT decision-making and establishes the success and failure of projects, strategies and the overall likelihood of a company’s success.
In one corner of the triangle, there is the network and traditional infrastructure. The network can support growth; it’s a known, accepted approach to achieving it, but it’s going to take a long time to happen at most companies. They need to specify, cost, compare approaches, commission, build, test, refine and test some more. We might reasonably describe this as the ‘department of slow’.
In another corner, there is almost the opposite force, the demand to upscale and innovate rapidly to increase or maintain competitive advantage. Agility is recognised here as a leading factor in the business’s trajectory. This ‘department of go’ demands considerable pace from the company and from IT, and has embraced the cloud fully, alongside other agile approaches like DevOps and Continuous Deployment.
Then, in the remaining corner, sits security, which has historically been the ‘department of no’. The imperative to protect the business has prevented projects from happening, innovations from occurring and agility has been hampered. It’s created an unfortunate status for security at many companies. It’s similar, perhaps, to insurance. It’s something we know we need. It’s something we pay for. But it’s quite difficult to realise the value, the real contribution it’s making to the company’s forward momentum. That’s all changing.
Making the triangle point forward
This trifecta remained unchanged for many years, but in recent times, the creation of cloud-based cybersecurity, alongside the emergence of market-disrupting agile startups has really shifted the dynamic. Companies know they can no longer accept practices, habits and traditions that mean the answer to innovative projects is frequently ‘no’ or ‘slow’. They seek infrastructure and security solutions that can create a frictionless experience around new procedures, products and services. Solutions that allow agility to flourish rather than be constrained are now valued at all kinds of companies, and they equally recognise that time to market is a key indicator of the likelihood of growth.
It’s this goal of frictionless progress that’s now driving cloud adoption. We know now that cloud does not always provide the supposed holy grail of cost-competitiveness that people imagined it would be. But it does allow agile companies to get to market very quickly and disrupt markets, as we’ve seen with the new breed of digital-first banks, like Starling and Monzo, for example.
And even the slowest-moving industries are looking now to the cloud to see how it can make them more agile. We’re now seeing quite conservative financial institutions that, 5-6 years ago said, “We’ll never move to the cloud”, making those moves because staying relevant requires it. We’ve moved beyond the typical ‘chasm of doubt’ around new technologies and up the bell-curve of acceptance: now, all of these institutions are describing themselves as ‘cloud-first’.
Companies now want to be able to solve problems and purchase a capability in as little time as possible: almost like buying a car. If you can’t buy it off the forecourt, then you’re prepared to wait 1-2 weeks, maybe a little longer for something special. But people aren’t prepared to wait for 12-24 months any more, like they used to for traditional IT projects, projects which regularly failed because the requirements and the problems that need solving evolved during the period they were being worked on.
Fortunately, being cloud-based, with only a minimalistic sensor app to install to endpoints, we’re able to roll out our cybersecurity technology to large organisations quickly. That’s game-changing for several reasons.
Speed bumps and guard rails
The barriers to adoption for new innovations have changed in the advent of cloud technologies. It’s not really about cost or time any more, but risk. Any innovation involves some risk, and ultimately companies need to decide their appetite for risk.
That appetite can’t be zero, because otherwise they’d never do anything, but they need to be in a position where they have developed both the technology to reduce those risks, and a calculated level of resilience that provides a match for the risks they’re planning to face. Bad things might happen, but their robustness in cybersecurity means the likelihood of that is reduced, plus, they can recover and move on when they’re attacked. They have the technology, but also the layers of planning and policy that mean even serious issues don’t pose a lethal threat to the business.
Reducing these risks at speed, so security is now much more aligned with the ‘department of go’, has had radical implications. Security can now assist where innovation requires the use of service partners that don’t have the same regulation as our clients, such as mainstream cloud environments like Amazon or Azure. We’re able to help to provide guard rails for innovation, so projects can go ahead, even in heavily regulated industries, but with much-reduced risk, including the necessary controls and meaningful contingency plans required by the likes of the FCA. And the necessary protection can be deployed at the same speed, with the same lack of friction, as these innovative projects.
The new motivators
The technology growth agenda has very much shifted. There are three key motivators for many customers right now, and they each revolve around time. The first is time to deploy. They want to deploy very quickly without any disruption, as we’ve discussed. The second is time to operation, so they’re able to derive the technical benefit of the project equally quickly. And the third is time to value, which is the end result of the first two drivers.
Creating value at pace is the real advantage in cloud-based security. Costs are something you pay, but value is something you start to accrue from the moment the rollout is operational. So, then, there’s a big difference in the value calculation between projects that take two weeks compared to those that take two years. For cloud-based cybersecurity, that value means both doing the fundamental work required to protect the business, but also helping to de-risk the business’s forward momentum. The best of both worlds.