B U S I N E S S T E C H N O L O G Y L E A D E R S H I Pwww.cio.com

SPONSORED CONTENT

IDG COMMUNICATIONS INC.

Securing the Digital WORKSPaCERisk and rewards: fueling innovation while securing today’s modern workers

PlUS

ExClUSIvE Digital WORKSPaCE RESEaRCh RESultS frOM IDG

2  | www.cio.com

INSIDE 3 Executive Viewpoint: Best-in-Class Security for the Modern Workspace

4 A Test of Generational Priorities

6 Point/Counterpoint: Views on Security

7 Redefining the Cube

8 The Digital Workspace: A Paradigm for Bridging the Security Generation Gap

12 What is Security’s Role in Digital Transformation?

14 CIOs Need to Consider the Human Side of Digital Transformation

copyright © 2018 cio.com. All rights reserved. Reproduction in whole or in part in any form or medium without express written permission of cio.com is prohibited. cio and cio.com and the respective logos are trademarks of international Data Group inc.

SPONSORED BY:

Citrix solutionsHow you unlock innovation anywhereThe building blocks for the future of work lie within three categories: Digital workspace, Networking, and Analytics. Together, they provide the most com-plete solution for accessing apps and data, managing iT infrastructure, and unleashing employee productivity.

Securing theDigital WORKSPaCE

Q. How can executives best manage user identity and access control? A. We address and manage that by standardizing the information we’re gathering and logging. With unified logging, we can run analytics and machine learning to help us filter out the noise. We’ve gotten better at identifying anomalous activity by adding in telemetry from an individual’s behavior and usage patterns. It’s when you see something abnormal or anomalous that you need to spend time investigating it.

Q. What is your advice for handling the human element? A. When there’s a cyber event going on, we frame it in two ways: one, what does it mean to you and our company? And two, what does it mean to you, your family, and your loved ones? Heartbleed was a massive attack and in the news constantly, which caused fear and uncertainty in many. That’s a teaching opportunity and an opportunity for partnership. We engaged our internal and external audiences to explain the situation and share best practices for keeping work and personal information secure. By making the information relevant and useable, you’re creating a partnership with your users and making security their business as well as yours. When you personalize the experience of the service you’re delivering, you’re in a partnership. It’s about [applying a] human touch to technology.

Q. How do you see the digital workspace evolving? A. For the first time in computing history, anyone providing a service is focused almost solely on the experience. What I’m seeing now is applications being designed to push content and information to the edge where processing can occur. You can do a bit of processing on your mobile device. Therefore, if you have a bad connection back to corporate or to the cloud, you don’t have a problem, because you’re getting served the small piece of data you need.

As the digital workspace evolves, so too must strategies for securing this changing environment and the data that users and external sources generate. We spoke with Stan Black, chief security and information officer for Citrix, to learn his thoughts on creating a world-class security strategy.

Q. What approach can best secure today’s digital workspace? A. Any service we consume via the cloud has to be secure from end to end. When you connect to the cloud, you have to think about who controls it and makes it secure.

It’s important to ensure [cloud service providers] have the proper certifications, that they use third-party testing and continue to do so. Achieving a certification is not a once-and-done process. It requires continuous testing and improvement, especially in an agile environment where you’re constantly changing, modifying, and updating. You need to make sure all the correct components for security and compliance are there and that you clearly understand the lines of control for delivery and access of sensitive company applications and data. The nice thing about the cloud is if it’s properly instrumented, you can automate security validation to ensure that the proper permissions are required and that unusual activity or behavior is flagged for investigation.

Q. How can ITDMs maintain flexibility, stay secure, and remain agile? A. Stop using methods and approaches we have used historically, because they haven’t worked. We need to prioritize simplification and remove technology that isn’t useful. Simplification and automation give us the ability to glean insights about productivity, experience, and security that we’ve never had before. We have the ability to tailor and tweak in ways we couldn’t before, so we’re providing an experience users love—hopefully eliminating Shadow IT—and spending our resources on technology that we know will help maintain both security and compliance.

We must build in automation from the fabric of the service we’re delivering. These services can get deep and rich information 24 hours a day that you can tailor and deliver accordingly to scale and meet the needs of your business and your customer’s business.

Best-in-Class Security for the Modern WorkspacePROVIDING A SECURE AND FLEXIBLE DIGITAL WORK ENVIRONMENT FOR TODAY’S USERS REQUIRES A FINE-GRAINED APPROACH TO SECURITY.

EXECUTIVE

VIEWPOINT

STAN BLACK, CISSP, is the SVP and Chief Security and Information Officer at Citrix where he is in charge of the secure delivery of applications and data. Black is a seasoned veteran with 25+ years of experience in cyber security, business risk, threat intelligence, corporate data protec- tion, infrastructure simplification, and crisis management.

For more information about Citrix security and products, visit CITRIX.COM/IT-SECURITY

Sponsored Content

IDG Communications, Inc.

BUSiNESS TEcHNoLoGY LEADERSHip  | 3

EXECUTIVE

ViEwPOINT

STAN BLACK,

Citrix.com/it-security

Q. What approach can best secure today’s digital workspace?

Q. How can executives best manage user identity and access control?

Q. What is your advice for handling the human element?

Q. How do you see the digital workspace evolving?

Q. How can ITDMs maintain flexibility, stay secure, and remain agile?

Best-in-Class Security for the Modern WorkspaceProviding a secure and flexible digital work environment for today’s users requires a fine-grained approach to security.

4  | www.cio.com

it leaders face a mountain of complexity at every turn. Their mandate—drive

innovation and increase productiv-ity—is challenged by legacy systems, shadow IT, and cloud platforms that must work together as a holistic, dynamic environment. Compounding the problem is a shortage of skilled IT talent and multiple generations of users bringing different knowledge of and expectations for emerging tech-nologies. To top it all off, IT must secure this dynamic environment against a backdrop of increasingly sophisticated cyber threats without sacrificing employee engagement.

Instead of losing sleep, leading-edge CIOs and IT decision makers are looking to a digital workspace to help solve this complex puzzle. As one of the core pillars of a modern work environment, the digital workspace encompasses a wide range of digital assets such as applications, virtual desktops, files, and content, extend-ing the remote desktop to deliver a contextualized, highly personalized experience. Digital workspaces tap into a wide range of technologies, from email and collaboration apps to mobility and security functionality, to deliver content and business services in the context of specific workflows, regardless of location, while adher-ing to the proper safeguards. The result is an intuitive and engaging user experience that can significantly boost employee productivity without compromising security.

An exclusive IDG/Citrix survey of 201 US IT executives at compa-nies with more than 500 employees confirmed that the digital workplace is viewed as a critical foundation for

future organizational success. Nine out of 10 respondents flag a digital workspace strategy as important or critical to a productive business opera-tion, and a similar number (93%) say a sound digital workplace strategy is a key enabler for their business accom-plishments moving forward.

Getting security right is instrumental to the deployment of a digital workspace. That is evidenced by the preponderance of survey respondents (86%) who rank digital workspace security as a top investment priority. Seventy-seven percent of survey respondents go even further, hailing security as the #1 pri-

ority as they push ahead with a digital workspace roadmap.

While security issues took prece-dence on the deployment agenda, the survey reveals challenges associated with traditional approaches and a disconnect between existing security paradigms and the new ways of work-ing inspired by the digital workspace. Mobility, a core tenet of a digital workspace, is called out for security challenges. More than one-third of survey respondents (41%) say that the requirement to support multiple devices as part of a digital workspace interferes with good security practices.

Securing the Digital WorkSpace:

A Test of Generational Priorities

SHU

TT

Er

STO

Ck

PH

OTO

BUSiNESS TEcHNoLoGY LEADERSHip  | 5

At the same time, many of the core technology pillars of the modern digital workspace open up security avenues that weren’t issues in tradi-tional IT environments. New meth-ods like biometric security (66%) are causing the most concern among respondents, but there are issues with well-established technologies as well. Sixty-two of survey respondents raise security concerns related to the use of Wi-Fi, email (60%), and laptop computers (59%), underscor-ing the need for IT organizations to reexamine traditional fragmented approaches in favor a more holistic security paradigm that delivers vis-ibility across the entire environment.

As organizations introduce new security approaches in the context of a digital workspace, there is a balancing act between adding new safeguards and maintaining a positive user experience. The vast majority of survey respondents (77%) believe it is possible to advance security without having to choose between sacrificing user experience or degrading safeguards. That’s not necessarily true when it comes to Millennial respondents, however: The IDG/Citrix survey found they are twice as likely to view the exercise as a zero-sum game.

At this time, most organizations (87%) are employing multifactor authentication (MFA) techniques as part of their digital workspace security roadmaps. Of those, 30% are using one-time passcodes, while another 30% are working with hardware and software tokens. More specifically, nearly three-quarters (72%) of responding organizations are leveraging user name/password combinations and single sign-on methods to validate credentials to access a secure digital workspace. However, use of newer technologies is also on the rise (including biometrics, employed by 22% of respondents), along with push notifications, in place for 17% of survey respondents.

The Security Generation Gap

When mapping a strategy for the digital workspace, IT organizations are likely to encounter generational differences that will create headaches related to security. For one thing, gen-erations prioritize security differently based on their willingness to share information and their appetite for risk. Non-Millennials are fully onboard with robust security planning, with 87% of those respondents calling it the #1 priority as they map a digital workspace strategy. In comparison, only 58% of Millennial IT executives feel the same, the survey found.

There are differences in the kinds of security threats the generations worry about (see figure 1).

Given the priority they place on security, non-Millennial respondents are most sensitive to security measures being too invasive, causing work-ers to opt out. Eighty-one percent of non-Millennial respondents agree

that security measures cannot impede worker productivity compared to only 67% of Millennials. In a similar vein, the IDG/Citrix survey found that non-Millennials are more likely not to want to compromise security at the expense of worker productivity (81% non-Millennial vs. 58% Millennial respondents). By a long shot, non-Mil-lennial respondents are more likely to agree that Software as a Service (SaaS) and cloud app security are impossible without a digital workspace (81%)—a sentiment not fully embraced by their Millennial IT counterparts (58%).

The Bottom Line

There’s no doubt that securing the digital workspace is a top priority for organizations. However, the task is complicated by generational differ-ences, putting pressure on IT organi-zations to come up with new strategies that will mitigate security risks with-out degrading employee engagement and the user experience.

SoURcE: iDG

Biometric security

wi-Fi

Email

Laptop computers

File sharing and collaboration

Virtual reality & Agmented reality

Virtual desktops

collaborative applications

Digital workplace optimization

Telepresence

Desktop computers

mobile apps

Non-millennials millennials

76%

62%65%67%64%58%57%59%65%56%58%

62% 62%

59%

59%

53%

50%

48%

51%

52%

49%

43%

48%

46%

Figure 1: Concern over Security by Generation

6  | www.cio.com

1 September 2018 market pulse online survey among 201 US-based iT decision makers at companies with 500+ employees.

point/counterpoint

Views on SecuritySurvey after survey confirms that security is a top priority among IT decision makers. But what do end users think?

ISTO

Ck

PH

OTO

For IT leaders, worrying about data security doesn’t stop. As attacks become more sophisti-

cated, there’s always more work to do. That’s why security is the #1 business concern as organizations prepare for the future, according to a recent sur-vey conducted by IDG and Citrix.1

End users are aware of security risks and their company policies, but some of their actions and uses of technology are worth noting.

The View from IT

Employees now have a digital work life that extends beyond cubes and offices and into their homes, on the road, and out of the country. In the IDG research, IT leaders recognized this trend’s impact:

 92% say a digital workspace strategy is important or critical to their company’s success

 77% say the security of these digital workspaces is their #1 priority

IT decision makers (ITDMs) have

concerns about many of the technolo-

gies that make the digital workspace possible. Topping their list are bio-metric security, Wi-Fi, and email.

Interestingly, instant messaging, web apps, and mobile devices fall at or near the bottom, yet end users list these as their favorites to get work done. In fact, email is among the apps they try most to avoid, instead gravi-tating toward texts from their mobile devices and any app that has inte-grated chat like Salesforce and Slack.

The View from End Users

IT leaders have done a good job artic-ulating the importance of data secu-rity within their organizations. The eight stakeholders interviewed for this article understand the importance of protecting their personal information and their company’s data.

“I’ve got to protect customer infor-mation,” says a 29-year-old sales man-ager for a logistics company. “It’s like a game of cards; I don’t want someone to see what I have in my hand.”

That said, users don’t necessarily recognize the risks in their actions.

Several workers whose companies restrict access to social media admit they somewhat regularly go off the company network to access these sites. All but one use Google with company devices for personal reasons—includ-ing chat, docs, and shared drives.

Overall, when asked if they have any security concerns when using tech at work, end users say it’s not their responsibility.

“Security is not my job, that’s someone else’s problem,” says a 51-year-old business process analyst.

And frankly, employees shouldn’t have to outthink security tech-nologies, says Kurt Roemer, chief security strategist at Citrix. “The workspace needs to be intelligent enough to present users only the applications and data that are risk appropriate,” he says.

That’s where analytics, machine learning, and automation will help as well as a cultural understanding of how employees want to work.

“How do you express culture and code? That’s going to be a big chal-lenge for everybody moving forward in designing the workspace of the future,” Roemer says.

7  | www.cio.com

“I like working in different locations—at home and in our different offices across the US. It’s great to be able to break from routine.” —48-year-old graphic designer for a consumer goods company

SHU

TT

Er

STO

Ck

PH

OTO

employees now move fluidly between desks, conference rooms, and project groups, car-

rying their work devices with them. They check email while eating lunch at the café and work from home, the road, and abroad.

“Technology makes it possible to do a job without a physical office and enables me to work remotely with seamless transitions from city to city,” says a 32-year-old project manager for a consumer goods company.

She’s currently in Bogota, participat-ing in Remote Year, a program that facilitates traveling and working in a new location each month. After wrapping up three months in Peru and Columbia, she’s heading to Mexico City.

“My main concern was having

clients or colleagues being able to reach me,” she says, “but with voice calling apps and technology, it hasn’t been too difficult. No one has asked me ‘Where in the world are you?’”

While this may be an extraordi-nary example of the new workspace, employees have come to expect a digital work style that gives them greater flexibility. This article sum-marizes how eight end users 29 to 62 years old, across the United States and in a variety of industries, view getting work done today.

Flexibility: Ups and Downs

The days of being tied to a specific desk are waning, which is seen as a sig-

nificant benefit of digital work today. “So many applications are now web-

based; I can access them anywhere,” says a 62-year-old public services librar-ian. “Years ago, there were things I had to do at my desk. Now I can do them at different desks and at home if I want.”

The digital life has also made workers more efficient. For example, a 29-year-old sales manager for a logistics company says his work technology “keeps me organized and focused even when I’ve got 12 things going on at once.”

Having multiple apps, especially when they’re not tied together in some way, can become overwhelming. End users cite obstacles such as having multiple unique logins and the inabil-ity to pull data from one source.

Only one worker interviewed, the 29-year-old sales manager, has a sin-gle digital interface, gained through an identity and access management system. He says prior to his company deploying the solution, “I had to pivot from app to app to gather informa-tion. It was double the work.”

Another challenge to the new digi-tal work style is more philosophical. “It’s hard to unplug,” says the 38-year-old director of a real estate investment company. “It’s almost seen as a stigma to tell people you’re unreachable.”

As the librarian says: “The work never ends.”

Redefining the CubeToday’s employees enjoy flexing their work muscles beyond traditional physical office boundaries.

BUSINESS TECHNOlOGY LEADERSHip  | 7

8  | www.cio.com

the days of work-issued technology being a state-of-the-art status symbol are long

over. Workers used to the seamless customer interactions driven by Apple, Amazon, and Google in their personal lives have come to expect a similar, unfettered experience in their professional lives—only to be frustrated when security or other barriers to mobility get in the way.

Enter the digital workspace, a set of technologies redefining the modern work environment while serving as a springboard to boost productivity and security. More than a collection of apps or a remote desktop, the digital workspace delivers a contextualized, personalized experience that allows employees to work securely on any device, from any location, providing easy access to the full complement of tools, systems, and content required to get their job done.

A digital workspace ultimately fos-ters engagement and better decision making. “It’s helping users understand their dynamic role within the context of work and empowering them to be as productive and engaged as pos-sible,” says Kurt Roemer, Citrix chief security strategist.

Enterprise interest in the digital workspace is rapidly growing. According to an exclusive IDG/Citrix survey1, 92% of respondents flagged a sound digital workplace strategy as key to their success, and 93% were bullish on the technology’s ability to foster employee productivity. These organizations are not merely giving lip service to the concept: 96% of respondents confirmed digital work-space optimization already is or will be available to the vast majority of their workers.

Much of the push for a more flex-ible and highly intuitive way of work-ing stems from the swelling ranks

of Millennials, who are estimated to comprise about three-quarters of the global workforce by 2025. Millen-nials who come of age in the digital world expect a flexible and integrated experience in their professional envi-ronment, yet they are hardly alone. Baby Boomers and Gen X workers are also demanding support for a variety of working styles. And all generations are hungry for mobility solutions that support multiple devices: By 2020, IDC estimates that mobile workers will make up nearly three quarters (72.3%) of the US workforce.

Security in the Crosshairs

While the digital workspace can be a boom for worker productivity, it presents significant challenges to IT organizations, specifically in the area of enterprise security. Existing enter-prise systems and work environments are burdened by outdated security frameworks that restrict productivity and impede flexibility.

According to the IDG/Citrix survey, most organizations are using some form of multifactor authen-tication (87%) including one-time passcodes (30%) and hardware and

Defining Generations

BABY BOOMERS:1946–1964

GENERATION X (Xers):1965–1980

MILLENNIALS:1981–1996

SoURcE: pEw RESEARcH

1 September 2018 market pulse online survey among 201 US-based iT decision makers at companies with 500+ employees.

The Digital Workspace: A Paradigm for Bridging the Security Generation Gap

SHU

TT

Er

STO

Ck

PH

OTO

software tokens (30%). However, consumerization of user experience is having an impact. The idea of having to invoke tokens or remember mul-tiple passwords for different devices is a turnoff for users, causing many to turn to Shadow IT to circumvent what they see as cumbersome enter-prise security practices.

Not surprisingly, 41% of IT deci-sion maker respondents say that supporting multiple devices has a neg-ative impact on their security strategy. Specifically, they cite a number of issues, the most prominent being less control over enterprise data access (40%), difficulty providing IT sup-port for the large variation of personal devices and platforms in a bring your own device (BYOD) environment (39%), and limits on their ability to forensically investigate attacks (37%) as chief challenges. Devices that were set up to bypass outbound filters are another hurdle, cited by 37% of respondents, since they elevate risk of noncompliance with data privacy laws and other regulatory requirements.

Varying expectations from dif-ferent generations in the workforce adds yet another wrinkle to securing the digital workspace. Older workers may be more willing to put up with cumbersome security policies and practices, but Gen X and Millennial workers are not, mounting pres-sure on IT to rethink security for the modern digital workspace. In addition, the security challenge is compounded by Millennials’ predis-position for oversharing, which could lead them to inadvertently cross enterprise security boundaries such as sharing IP on a site like GitHub when they are simply looking for peer-to-peer feedback.

The result is a growing disconnect between the freedom of the digital workspace and traditional security frameworks, which tend to get in the way rather than enhance the overall work experience. “Historically, there’s been a home life persona and a work life persona, and you were not

able to co-mingle those two environ-ments,” says Stan Black, Citrix senior vice president and CISO. “We need to be able to enable people to do their jobs quickly and easily without getting in the way and allow them to have the rest of their life as well.”

A People-Oriented Security Paradigm

To meet the challenge, digital work-spaces require a new way of thinking about security. Rather than the long-

standing device-centric model, the digital workspace demands a shift to a people-centric approach that puts the user at the center of the security framework.

Using technologies such as artifi-cial intelligence, machine learning, virtualization, and analytics, this new security model collects and synthe-sizes everything known about users and their behavior to provide con-textual access and security controls. This ensures that the right levels of security are there but not in the way of the user experience. Applying user behavioral analytics pushes the new security paradigm even further, monitoring patterns of behavior and analyzing them using sophisticated algorithms to detect anomalies such as signs of a potential threat or abuse and initiating proactive responses to mitigate risk.

The new security model also shifts identity and access control away from the IT organization to line of business people who own the business processes, thus better specifying what’s required from a security standpoint. Taking other factors under consideration— for example, the device in use, the location of access, and user activity at the time—provides fur-ther contextualization and personal-ization, bolstering security without impeding the flexibility of the user experience.

“IT is no longer the bottleneck or godfather deciding who should access what,” says Christian Reilly, vice president and CTO at Citrix. “Secu-rity is dynamically adapted and risk appropriate across those situations.”

Employees are demanding flex-ible and highly personalized digital workspaces that allow them to work unencumbered yet secure. To accom-modate the needs of a modern work-force, IT organizations need to shift away from a security-as-enforcement mode to a people-centric model that will foster engagement and boost innovation and productivity.

Security Challenges with Supporting multiple Devices

Specific Challenges

41%

SoURcE: iDG AND ciTRiX

Supporting multiple devices has a

negative impact on security strategy

Difficulty providing support for varied

devices and platforms in a

BYoD environment

Limits ability to forensically

investigate attacks

Elevates risk of noncompliance with

devices set up to bypass outbound

filters

39%

37%

37%

BUSiNESS TEcHNoLoGY LEADERSHip  | 9

BUSiNESS TEcHNoLoGY LEADERSHip  | 10

Digital transformation (DX) is about digitizing processes and services so businesses can be more agile and operate more efficiently, from delivering customer service to

improving processes with supply chain partners. It is the mar-keting team that wants to transform how it promotes product, the HR division that wishes to improve recruitment, and the IT team that wants to iterate online services in an instant.

To initiate a DX project, organizations need to bring together people, process and technology in the planning and strategy phase, offering them an opportunity to see where technologies like data analytics, internet of things (IoT), mobile and social can make a difference. However, many believe that information security is too often left out of the loop.

Security-less digital transformation increases risk

As IT and business fast-track initiatives like agile and DevOps to improve speed to market, security’s role is confined to asking questions afterwards about the knock-on impact on risk and

By Doug DrinkwaterCSO.com

What is Security’s Role in Digital Transformation?

Digital transformation is front of mind for many senior executives, but too often security is left behind.

11  | www.cio.com

no longer work in the new era of digital innovation,” cited the Gartner report.

Is security being left behind with digital transformation?

Existing DX projects often fall down because they involve security late or not at all. Research from Dell and Dimensional Research sug-gested this to be the case, with chief among the reasons that business executives feared their digital trans-formation efforts could be hampered or blocked by the intervention of the security team.

Small signs indicate that the tide is changing. Record numbers of breaches, buggy IoT software, and the security-by-design movement (no doubt bolstered by the EU’s GDPR) have seen greater focus across the board on security. “Today, we are now seeing security has become a top-tier agenda item for all organiza-tions and CIOs,” says analyst Nick McQuire, who leads CCS Insight’s enterprise research practice.

“Over 70 percent of businesses we survey across the US and Europe have indicated their security budgets are increasing, with close to half saying it is likely they will be hit by a cyberattack in the next few years. Data security is the top investment

priority for digital workplace and the main challenge to rolling out mobile applications, often the tip of the spear for digital transformation strategies,” says McQuire. “What has certainly changed is that today security has become not only a key technical prior-ity but also a business one as well.”

This view isn’t shared by everyone. “My experience talking to many companies is that they pay lip service to security and that it is not a major component of the digital transfor-mation process,” says Jack Gold, founder and principal analyst at J. Gold Associates, LLC.

This, he says, is down to CEOs who know it’s important but don’t know what it means, as well as technological “patchwork” involving a variety of solutions from different vendors. “It’s really difficult to bring it all together,” Gold says.

McQuire admits that companies do struggle to keep up with the technological progress. “Many firms are simply unable to keep up with the rapid technology changes. The threat landscape is transforming before our eyes with malware, ransomware, and phishing attacks all rising rapidly,” he says. “There is also significant regulatory change occurring in the form of GDPR, which adds new pressures and holds those with weak security and privacy processes finan-cially accountable.”

“For those in a ciSo or similar role, enabling your organization’s adoption of new business models and new technologies is the new norm, and is a base requirement for your role.” —DoUG CoPLEy, principal Analyst at Duo Security

Digital transformation (DX) is about digitizing processes and services so businesses

can be more agile and operate more efficiently, from delivering customer service to improving processes with supply chain partners. It is the mar-keting team that wants to transform how it promotes product, the HR division that wishes to improve recruitment, and the IT team that wants to iterate online services in an instant.

To initiate a DX project, orga-nizations need to bring together people, process and technology in the planning and strategy phase, offering them an opportunity to see where technologies like data analyt-ics, internet of things (IoT), mobile and social can make a difference. However, many believe that informa-tion security is too often left out of the loop.

Security-less digital transformation increases risk

As IT and business fast-track initiatives like agile and DevOps to improve speed to market, security’s role is confined to asking questions afterwards about the knock-on impact on risk and security. In short, digital transformation is so rooted in giving value to the customer (or equivalent) that little consideration is giving to the impact on core secu-rity functions.

The rise in data breach and vulner-ability figures has led some to suggest that security-less digital transforma-tion leaves organizations at greater risk. Gartner recently pre dicted that 60 percent of digital businesses will suffer major service failures by 2020 due to the inability of security teams to manage digital risk.

“Digital business moves at a faster pace than traditional business, and traditional security approaches designed for maximum control will

BUSiNESS TEcHNoLoGY LEADERSHip  | 12

“You combine this with a general lack of security talent in most firms and the fact that most run a complex web of legacy security technologies that don’t properly protect them from employees who now access work infor-mation across a mix of devices and cloud apps, and you have a security market that is booming,” McQuire adds. “This is why newer security technologies such as cloud access security, user behavior analytics and machine learning, identity as a service, multifactor authentication, and mobile threat defense for example are on the rise. These technologies represent the new layers of a modern security stack that protects organizations that must protect more and more company data that lives outside their perimeter.”

What is security role’s with digital transformation?

DX has a number of phases, but it’s unclear where security naturally fits in. Going by Altimeter Group’s six stages of business as usual (same old, same old), present and active (pock-ets of innovation), formalized (scal-ing out), strategic (business-wide collaboration begins), converged (dedicated DX teams), and innova-tive and adaptive (digital transfor-mation becomes new normal), it is arguable that security could and should be involved in all stages, or at

least in the latter phases.CISOs, it appears, are trying to

be present throughout the entire DX process. For instance, Los Angeles CISO Timothy Lee recently said that CISOs that embrace digital transformation may help an orga-nization adapt to a rapidly evolving global marketplace. “Our job is not just about managing opportunity and risk. Our role is shifting toward making cybersecurity a business enabler and part of the foundation of digital transformation,” Lee said.

Meanwhile, Xerox CISO Alissa Johnson (former deputy CIO at the White House) has also said that CISOs need to put “security in the very beginning of the design pro-cess,” and that by blocking innova-tion, these same CISOs “can hinder your company’s ability to compete and stay relevant.”

Former CISO and chief privacy officer Doug Copley, now principal analyst at Duo Security, captures the digital transformation quandary by suggesting that CISOs simply have to respond both culturally and techno-logically to the new “building blocks” of an information age dominated by IaaS, microservices and APIs. “For those in a CISO or similar role, enabling your organization’s adop-tion of new business models and new technologies is the new norm, and is a base requirement for your role.”

Discussing the stages where secu-

rity gets involved, McQuire agrees that security should be involved from the very start.

“Security should be at the forefront of all digital transformation initia-tives, ideally at the planning and design stages right at the beginning. Too often, I see projects that get delayed or railroaded because they are not designed with security in mind or the right principles from the outset. Therefore, when the security team does finally get involved, the entire project gets red flagged,” he says. “Firms that ensure security is part of the digital transformation effort…right from the beginning…are those that I have seen not only succeed in the long run but also move faster in terms of getting to market in today’s climate as well.”

Does digital transformation require new security solutions?

It is little surprise, then, in this digital age where we’re told security is as much now about response as preven-tion, that McQuire sees a demand for new technologies to bolster security.

“The requirements for security are changing as the perimeter disap-pears,” he says.

McQuire thinks we are seeing a shift in focus now from cus-tomers having a complex mix of largely defensive security products that in many cases don’t speak to one another to requiring a more integrated and complete security platform that enables detection and response as well.

“The shift in need from defense mainly to defense, detect and response is largely fueled by the need for visibility across their infrastruc-ture - across devices, networks and apps both on premises and in the cloud,” McQuire continues. “This has been a massive change as companies need to be able to detect threats across a wider attack surface

“What has certainly changed is that today security has become not only a key technical priority but also a business one as well.”

—NICk McQUIRE, Lead Analyst at ccS insight

13  | www.cio.com

CIOs Need to Consider the Human Side of Digital TransformationDigital transformation is happening faster than ever, putting pressure on IT to change. As change happens, it’s critical that CIOs focus on transitioning employee skills, as well as deploying new technologies.

With the push for digital transformation, we see a growing need for dif-

ferent IT skills. This is nothing new, but this time it’s happening faster.

Technology and skills evolutions of the past

Prior to being an analyst, I was in corporate IT and witnessed firsthand the impact technology evolution can have on people. I started my career as a Unix and Windows admin-istrator at a time when 90 percent of the world was working on IBM mainframes. I was the fourth open systems person hired into a company that had more than 100 mainframe administrators. Within three years, we had almost 200 Windows/Unix people and almost no mainframes — and none of the existing mainframe people made the jump to the new world.

When VoIP came around, a simi-lar thing happened. The “legacy” team didn’t understand networking,

and members were quickly replaced with newer talent. This has hap-pened time and time again in a num-ber of different technology markets, and we are living it again with the rise of digital transformation.

Digital transformation and the impact on IT

I believe this time, though, the impact to IT will be different. Not only is technology changing, but IT control itself has moved. When I was in IT, we owned every bit of technol-ogy — lock, stock, and barrel. This included the endpoints, operating systems, procurement, applications, and security. Today, that paradigm has changed, as more control has moved into the lines of business. The role of IT has become more of a service organization to support the business rather than a corporate function.

This shift in the role of IT requires the technical professionals to learn a number of new skills. While this

isn’t an exhaustive list, here are few examples of areas where CIOs have told me they are experiencing a tal-ent shortage or expect to in the near future:

 Data analytics. IT infra-structure is generating massive amounts of data. This needs to be turned into business insights to help the lines of business tweak what they do.

 Machine learning/artificial intelligence. Similar to the above, this is the process of generating insights from data but done in an entirely different way. Instead of “connecting the dots” data manually, it’s faster and more efficient to train machines to do it.

 Business liaison. Business units want more control over how they spend IT dollars. However, most business professionals, don’t really know what they don’t know when it comes to technol-ogy. IT pros should be learning more about the business and

By Zeus KerravalaCIO.com

BUSiNESS TEcHNoLoGY LEADERSHip  | 14

then help map these require-ments to cloud services or other technology to ensure all the requirements are being met.

 Cybersecurity. This has always been a hot area, but what secu-rity professionals need to do is changing. It’s not so much about programming firewalls and IPSs, but about understanding business risks and how to mini-mize them. This requires tight alignment with company leaders.

 Software skills. I want to be clear on my definition here. I don’t want to add to the rhetoric that everyone needs to become a programmer, because that’s not true. However, all engineers need to be comfortable working with software, including cloud services. This means work-

ing with orchestration tools, understanding basic scripting, and making API calls. Hunting and pecking at a command line should be a thing of the past and replaced with modernized software skills.

offload day-to-day tasks to enable skills transformation

CIOs need to be mindful of the human side of this transition and ensure the current group of IT pro-fessionals is able to transition their skills. But this can’t be done unless you first find a way to offload many of the day-to-day tasks associated with running IT. Automation can certainly help, but that’s not the only solution.

Another approach is to leverage the cloud to entirely change the way IT operates. For example, a service such as Zscaler can be used to sim-plify security. Instead of managing a bunch of on-premises security devices, some or all of that func-tionality could be done in the cloud, giving the security team the time it needs to transition its skills.

I understand businesses need to move fast, as that’s a key to success in the digital era. However, CIOs also have to consider how it brings the IT staff along. Trying to do things the old way but faster likely won’t work. Finding new ways of operating, such as leveraging the cloud, can lead to success for the company, as well as the people.

15  | www.cio.com

PLACED GRAPHICS: 43655_GettyImages-107697742_edit3_R2_SMP2.tif (CMYK; 472 ppi; 63.49%), Citrix_Logo_White.eps (23.55%), CIT_How_Mark_NoShadow_Outlined_cmyk.ai (37.03%)

Pub: None

ROUND #

1FONTS: Citrix New Sans (Regular, Bold)

COLORS Cyan, Magenta, Yellow, Black

FILE NAME

JOB#

DESCRIPTION

CLIENT

LAST MODIFIED

PREVIOUS USER

LIVE

TRIM

BLEED

GUTTER

SCALE

ACTUAL

PRINTED

7.375” x 10”

7.875” x 10.5”

8.125” x 10.75”

None

1”

1”

None

Citrix_CIOPrintAd_20180906_MECH1.indd

None

CIO Print Ad

CITRIX

9-7-2018 1:27 PM

Daniel Kubicek

SA: Dan Kubicek

PP: None

PRF: None

AD: None

ACD: None

CD: Greg Hawkins

CW: None

AE: None

AS: Jason Stroud

ART: None

PM: None

BOOST PRODUCTIVITY AND MOBILITY WITHOUT INCREASING RISK

Work is moving beyond the office and into the home, at the hotel, on the

road. Citrix digital workspaces give organizations a people-centric security

approach that fosters innovation while keeping data safe everywhere.

This is how the future works

citrix.com/how

S:7.375”S:10”

T:7.875”T:10.5”

B:8.125”B:10.75”