Home Posts tagged overcoming

Tag: overcoming

Posted on Posted in Digital transformation, General topics Tagged with , , , , ,

By Haider Pasha, Sr. Director and Chief Security Officer for Emerging Markets at Palo Alto Networks

Cybersecurity has long been one of the most complex landscapes an organization must navigate; with each new threat or vulnerability, complexity continues to grow. This is especially true for organizations that have traditionally taken a point product approach to their security because implementing new security measures properly and reliably takes time and expertise. Today, as more businesses look to digitize their services, dealing with these cybersecurity challenges is no longer optional.

Every new tool must be installed, tested, and validated, and then people must be trained to leverage them well. On average, organizations are adopting dozens of different products, services, and tools for their cybersecurity. So, finding ways to make implementing cybersecurity smoother, faster, and more efficient has become a key goal for cybersecurity professionals. As businesses plan for a post-pandemic and digitally accelerated era, many CISOs across multiple industries strive for simplicity and focus on reducing their security vendor blueprint as part of their annual KPIs. Implementation, in particular, has always been an important consideration for successful cybersecurity programs because of the time, expense, personnel, and expertise often required not only to implement individual point products but to stitch them together in order to avoid security gaps while also eliminating redundancies. In the event of a serious incident, security operations center (SOC) analysts typically confess to switching between multiple vendor consoles and event types in order to decipher alerts. Organizations and teams need a better approach, so they’re not either continually exposed or overworked from the alerts created by overlap.

Implementation Benefits of Cybersecurity Platforms

Research conducted by Palo Alto Networks with a wide range of its customers, supplemented by additional first-person, one-on-one interviews, highlighted a range of implementation benefits that result from taking a platform approach to cybersecurity architecture. By definition, a platform is the culmination of integrated points, such as integrated threat intelligence using automation and orchestration across a variety of security tools to take action against incidents in real time and as one system. This approach helps ease the procurement, management, and operations of the cybersecurity stack while reducing cyber risk. Deploying multiple products from different vendors typically requires a level of expertise beyond the capabilities of many in-house teams. Rather than “buying” implementation resources from consultants or cybersecurity services companies, organizations are looking for a more integrated approach to solutions implementation. Platforms, such as those provided by Palo Alto Networks, smooth and facilitate implementation while reducing the risk often associated with integrating different products in a seamless manner

Identifying the Top Areas of Value

Respondents surveyed on the implementation benefits pinpointed five specific areas where a platform approach delivers tangible value:

Reducing solutions complexity and the number of integration pointsDecreasing deployment timeCutting the risk of time and budget overrunsTrimming deployment effort and personnel “touches”Reducing the amount of practitioner and user training

On average, respondents said that our platforms helped them reduce solution complexity and the number of integration points by 29%, while each of the other four benefits resulted in savings of approximately 23.3%. As organizations evolve their cloud infrastructure, for example, taking a platform approach helps reduce the number of vendors required to secure multiple instances on the cloud, such as containers, serverless systems, and traditional virtual machines. By binding the cloud security tools under one management system, the complexity of deployment as well as the procurement process means that customers are able to scale their cloud infrastructure much faster than before.

This generally translates to cost savings in the form of faster security policy updates, incident management lifecycles, and reduction of alerts. In fact, according to calculations made by Palo Alto Networks related to customers’ actual implementation costs, a typical organization can achieve an annual economic benefit of more than $500,000 by utilizing a cybersecurity platform model for solutions implementation. In customer interviews, those operational and financial benefits of implementation were brought into greater focus.

“Earlier on, we had at least four to six different integration points just for firewalls and endpoint security before we went with Palo Alto,” said one customer. Using Palo Alto Networks platforms, customers are able to standardize and unify security policies and reduce their risk exposure due to the likelihood of reduced human errors.

As a platform-based approach encourages an open consortium of cybersecurity vendors, customers see the value of this ecosystem: “Having one ecosystem really does get a lot of efficiencies with integrations being so seamless.” Yet another client put it succinctly: “People already know how to do troubleshooting.”

Another tangential yet very important implementation benefit to platforms is the ability to overcome the much-discussed cybersecurity skills gap. By consolidating all cybersecurity tools under the same architecture with easy integration and common connectors, organizations alleviate the need for armies of technical staff—each with different certifications and experiences—to integrate new tools as the need occurs.

As organizations look for comprehensive solutions and services to secure the network, cloud, and endpoint and optimize their SOC, our Palo Alto Networks portfolio of platforms allows them best-in-class capabilities along with leading third-party evaluations and efficacy tests, and together, deliver coordinated security enforcement across our customers.

Read the full research study here.

About Haider Pasha:

Haider Pasha is Sr. Director and Chief Security Officer for Emerging Markets at Palo Alto Networks. Over the course of his 20 year IT career, Mr. Pasha has held various certifications, including CCNP, CCSP, CISSP, CCIE (Security) and CEH.

Cyberattacks, IT Leadership

Posted on Posted in Digital transformation, General topics Tagged with , , , , , , , , ,

In the first of this two part CIO webinar series ‘Driving business success with true enterprise applications’, a group of leading tech leaders heard from DXC Technology, customer Ventia and analysts Ecosystm about the challenges and benefits of “Overcoming barriers to application modernisation with SAP.

As we all know, enterprise applications were only really put on the c-level agenda when organisations had outgrown their legacy systems.

But as the hyper-competitive digital landscape continues to evolve, and with it ever more powerful and innovative capabilities in the cloud, businesses really need to make deployment of enterprise applications a strategic priority.

For many organisations, legacy technologies are actually impeding their efforts to modernise, while they face increasing threats from new-entrant competitors unburdened by the past.

That said, not all legacy is bad, with the onus on CIOs and other technology leaders to derive value from existing investments where possible.

In fact, Alan Hesketh, principal analyst with Ecosystm defines ‘legacy’ as anything you turned on yesterday.

“Because once in production, those things just increase the legacy that you have in place and that you need to be able to manage – and every organisation really wants to focus on new activities, not the things that they’ve actually done previously,” he says.

“And there are now so many alternative sources of application services, that with each component that you implement – and shadow IT is a particular challenge here – increases the complexity of your environment. And as your complexity increases, so do dependencies.”

The upshot, Hesketh stresses, is unless organisations figure out how to address this complexity and develop more effective application frameworks, they will see their lead times for delivering products and delivering value balloon.

Merging app ecosystems

The challenges of managing sprawling application ecosystems are especially acute during major M&A projects, something Karen O’Driscoll, group executive for digital services with Ventia and Michelle Sly, business development leader with DXC Technology can certainly attest to.

Back in late 2019, the already formidable Australian infrastructure services company agreed to merge with rival Broad Spectrum Infrastructure to form a true powerhouse generating more than $5 billion in annual revenues, providing operational and maintenance services to a wide range of private sector and government clients and their customers. Ventia itself was formed back in 2015 through the merger of latent contractor services, Thiess Services and Vision Stream, further underscoring the integration challenge.

“[With the] the historical acquisitions and mergers of companies, and the way in which the business was structured, there was quite a lot of work to do to be able to bring the platforms and the systems together, and also to standardise those across multiple divisions and operating entities,” explains Karen O’Driscoll, digital services executive with Ventia.

And deciding that this would happen within 12-18 months introduced a whole new degree of difficulty which led to an “awkward silence” followed by questions like “you want to get it done by when?”.

“Whilst we were excited about the opportunity, [we were] pretty daunted .. around the timeline that we wanted to get this done in.”

O’Driscoll and her team opted for the tighter deadline in a bid to reduce costs and ultimately deliver value faster. But the board took some convincing given the task was much more than a ‘lift and shift’.

“You know, there’s a lot of change management required there as well. And a lot of things that we knew that we could break, if we went so fast that we weren’t careful about what we were doing.”

One plus one

The project was run according to the mantra ‘one plus one equals one’.

So we wanted to run the combined organisation at the same cost as we ran one organisation from an IT overhead perspective,” O’Driscoll adds.

“There was a big objective to be able to quickly deliver the value of the integration of the two companies.”

Ventia had also listed on the stock exchange part way through the program, adding further pressure on the team to succeed.

The strength of its partnership and natural cultural fit with DXC Technology was evident at the start, becoming even more apparent as the project progressed, requiring increasingly intense “storming sessions” during which frank discussions often occurred, with more than a few disagreements along the way.

Michelle Sly, business development lead at DXC Technology, recalls a degree of discomfort at the level of risk Ventia appeared to be taking on.

“From our perspective it was very complex, and the aggressive timeframes were quite scary initially.”

“But Ventia knows their business far better than another supplier does and they probably looked at DXC thinking ‘you’re a little bit risk averse’.”

With so much at stake it was agreed that DXC would commission an independent review.

“That independent review gave us other options, and the ability to have very open and transparent conversations with Ventia, which then meant they could see where we were coming from,” Sly notes.

No project is the same, with large undertakings like this underscoring the importance of having a genuine partnership to properly navigate all of the many moving parts, O’Driscoll notes. “You can’t force it – the partnership approach enabled us to pivot and drive to a successful outcome”.

In addition to bringing a strong sense of collaboration to the table, she adds that DXC also brought a highly experienced, disciplined team able to quickly come to grips with the Ventia and Broadspectrum businesses. Furthermore, M&As are also in DXC’s DNA, informing part of their extensive suite of tools, templates and overall knowledge-base developed over many years.

For Ventia, while DXC did seem to bring a more conservative approach to the table, its decision to go with them was nevertheless somewhat unorthodox compared with the alternative of one of the big accounting firms.

Working together the two companies were able develop more agile working teams and processes that led to real value being delivered incrementally throughout the project. And this  was key to maintaining support from the executive.

“What we wanted to do is to be able to not call something that we couldn’t make it until we really couldn’t make it,” O’Driscoll explains.

“DXC would tell us a couple of months before, ‘we’re not sure we’re going to make it’ and we’re like ‘we don’t have to make that decision yet’.”

“And so we pushed DXC to not make those decisions too early in the programme and to actually go further along with us making decisions on the way until we got to a point in which we could go with that phase or wherever we were. And actually every phase, we were able to achieve on time.”

SAP