Leave security to those who can best provide it| 2nd September, 2016
Focus only on core technologies that provide key business differentiation
There was a time when organizations talked about core competencies—a concept in management theory introduced by C. K. Prahalad and Gary Hamel.
As a concept, core competencies are resources and skills that distinguish a firm in the marketplace. Prahalad and Hamel published an article in 1990 titled, "The Core Competence of the Corporation". In that breakthrough piece, they argued that to succeed in an emerging global market, it is more important to build core competencies rather than vertical integration. NEC, for example, utilized its portfolio of core competencies to become a key player in the semiconductor, telecommunications and consumer electronics market.
The IT revolution that soon got unleashed in the late 1990s after the major success of the personal computers somewhat blinkered the view of many organizations. While they still talked about core competency, they got sucked into the magical world of technology. Now, they wanted to be an IT company too, with huge IT teams.
When IT budgets shrank and money became tight, outsourcing and offshoring made the first dent into that model. Mobility and cloud made the status quo obsolete. But, as they say, old habits die hard. Some organizations are still in denial of these sweeping changes and are treating many IT-related functions as business as usual. Instead of focusing only on core technologies that provide key business differentiation, they are managing everything on their own, including security.
Such businesses need to take a hard look at themselves, and refocus on the idea of core competencies. What is their main business? Is security their core competency? Is it their main line of business?
Because if it is not, then they must stop wasting their energies and resources on it. Rather, they should focus on what their main business is, on what they deliver to their customers, and on what distinguishes them in the marketplace.
For example, if you are a cloud provider or a service provider, then your business is IT. For anyone else—from retail to manufacturing, from banking to government—the core business is “supported” by IT, but IT is not the business.
This, therefore, implies that any IT investment that is detracting from investments into the business should be stopped right away. The investment should be focused only on applications and systems that drive competitive differentiation.
IT security, therefore, is not one of these offerings (that drive competitive differentiation) as everyone needs different levels of security. A manufacturing company’s security requirements are different from that of a bank or a retail organization. By opting to outsource or “cloudify” some of the systems in a business, this burden of risk could be shifted to the provider who, as explored in our previous blogs, are inherently more secure as security is a core competitive differentiator to their business.
The security experts are predicting that security is going to get tougher to manage in the future. For example, IDC predicts that by 2020, half of all AP electronic transactions will be authenticated biometrically, driven by the widespread adoption and use of biometric-enabled mobile devices. By 2019, geopolitical divisions and global economic instability will result in cyberattacks targeting suppliers, forcing businesses in AP to increase spending by 35% or more to mitigate supply chain risks.
The question to ask is: Are you as a company prepared to invest your time and resources in dealing with such complex challenges in security? Or do you want to leave it to the experts—the cloud providers?
I think the answer is quite clear. Leave security to your cloud provider and focus on your applications and key technologies in your domain that distinguishes you in the market.