The Risk of Hanging on to Obsolete Technologies

 

IT and Information Security practitioners have been struggling with how to embrace emerging technologies while protecting the company’s entire computing environment.  Over the past several years, we’ve been hearing more about companies that want to expose their environments through open APIs, integration with hybrid cloud technologies, and the Internet of Things (IoT).

Your business is going to demand more from you during this time of digital transformation.  Your business wants to be competitive and offer more ways to interact with its customers.  Technology will be the cornerstone in making this happen, but are you ready to scale and protect your environment while aligning to these demanding changes?

Another consideration—how will you protect your computing environment with legacy Information Security solutions?  Most Information Security technologies haven’t evolved much in over 15 years.  The old way of protecting the business has not only changed, but some of the legacy technology is obsolete, making it impossible to defend against advanced cyber criminal and criminal gangs’ advanced attacks.

I’d like to socialize several ideas to assist you with your IT and Information Security decisions moving forward:

  1. Create a dedicated lab for testing and evaluating emerging IT and Information Security technologies.  With the explosion of technology solutions leap-frogging each other more frequently than before, your plans must include how to test and defend against advanced threats.
  2. Incorporate IT and Information Security as part of your onboarding projects.  Regardless of how fast your company is moving or the size of your organization, it is critical to include both IT and Information Security as part of the onboarding process with all projects.  One successful way to accomplish this is to embed IT and Information Security exit criteria into project intakes.  Another way – typically for larger organizations that have dedicated teams of project managers - is to include IT and Information Security as part of the Project Management Office (PMO).
  3. Change the reporting structure of your organization – have your Chief Information Security Officer (CISO) report to the CEO or your Board of Directors (BoD).  It’s critical now – more than ever – for your executive leadership team and your Board to understand the risks that reside within your environments.

For those businesses that embrace emerging technology without including IT and Information Security decision-makers, it becomes impossible to make informed decisions about threats, risks, and how investments should be made in these new technologies to support business requirements. However, those businesses that truly embrace emerging technologies and let go of some of your old tech can really drive additional business value and reduce their risk.


Demetrios "Laz" Lazarikos
InfoSec Strategist

Demetrios Lazarikos (Laz), a recognized visionary for building Information Security, fraud, and big data analytics solutions, is the vArmour Chief Information Security Officer (CISO). Laz has more than 30 years experience in building and supporting some of the largest InfoSec programs for Financial Services, Retail, Hospitality, and Transportation verticals.

More about Laz