A growing governmental focus on cybersecurity issues has contributed to a marked upswing in cybersecurity investment that is now often being driven from the board level, according to the head of Cisco Systems’ local security business.
The company, which has been pivoting from its roots in networking and connectivity to offer a broader portfolio of security solutions, is “flat out selling a lot more in security than we have ever done,” the company’s ANZ general manager of security sales, Anthony Stitt, told CSO Australia in the run-up to the company’s annual Cisco Live! conference in Melbourne.
“Many customers are spending more on security, and more often than not that is being driven from the top down,” Stitt continued. “Funding has often been an impediment in this space, but it feels like the funding issue is less acute than it has been in the past.”
Budgets are indeed growing, with 27 percent of IT-security executives in a recent VMware survey expecting a major increase in their security budget this year and next.
The growing focus on cybersecurity funding coincides with the growing promotion of cybersecurity investment by the federal government, which has not only worked to support Australia’s fledgling security expertise but has been building centres of excellence to capture and commercialise that expertise.
The government has also been working to offer guidance to help businesses protect their information assets, with the Australian Signals Directorate recently overhauling and expanding its best-practice guidelines from four to eight key points.
“When you’re making macro changes at a high level the ship moves pretty slowly,” said Stitt, “but I think the government has been pushing on this front for enough years that it is starting to make a difference.”
Even though many executives are warming to the importance of cybersecurity, but many are still approaching the space from an outcomes perspective – a stark contrast with IT-security specialists’ focus on secure code and infrastructure improvements. Asked in the VMware survey to name their key priorities around security, C-suite executives nominated issues such as company reputation and private internal communications while IT leaders were most concerned about regulated data and customer information.
Unifying these goals remains a key element of cybersecurity policy development. Yet even if this trend has escaped the notice of some Australian business executives, they can’t have missed the implications of recently passed breach notification laws, which will soon hold them accountable for data breaches with a level of transparency that Australia’s business community has not been used to.
Both subjects will be hot topics of conversation amongst the 6000 business and technical experts attending Cisco Live!, said Stitt, for whom each March offers a chance to position the activities of his business unit within the broader context of Cisco’s rapidly transforming business.
Additions to the program this year are designed to improve engagement with the company’s customers and prospects, all of whom are looking for guidance in the face of an escalating cybersecurity threat. The Cyber Security Experience has over 130 sessions, including a standalone Security Innovation Day, a Cyber Security Insight program track, online streaming of free event content and discussions about issues around getting more women into IT.
“We’re trying to be more inclusive with security,” Stitt explained, noting that both the target audience of the content and its subject matter have been designed to capture as many use cases as possible.
Many of these relate to the growing reliance of even conventional businesses on managed services, monitoring of which is pushing companies to develop new capabilities in areas related to deployment and management of cloud services.
“Whether you’re setting up services to run your business in the cloud or consuming SaaS for other things, the landscape is changing – and it makes it a little more difficult to manage in that environment because you don’t necessarily own the infrastructure. Many customers just don’t have the visibility they wish they did.”
Given the sheer volume of individual security tools being brought to market, a key focus for Cisco has been to help customers unify their capabilities in a way that offers simplified visibility of ongoing activities. This ties in with Cisco’s core push towards software-defined networking (SDN), which has been embraced by many vendors as a way of better unifying security policy and enforcement at the network level.
“Quite a bit of focus is around software defined networking and that foundational layer where security plays in when you’re building a networking architecture,” Stitt said. “Customers are often very surprised by the integrations we’ve built into the products, and how we’ve brought them together for a common goal to make it easier for them to work together.”
“It’s a constant source of aggravation for most customers, to go buy a bunch of stuff and try to make it work together; sometimes it’s OK but more often than not there are gaps. There are interesting things going on at all levels.”
If you're not on top of it, attackers will be: Cisco 2017 Annual Cybersecurity Report