Bottom Line: LogicMonitor knows first-hand how much pressure DevOps teams are under to produce high-quality code in record time during the pandemic. Acquiring Airbrake proves they get it: DevOps has a high need for speed right now.
LogicMonitor Aims To Solve Today’s DevOps Paradox
The pandemic is forcing every business to make DevOps a core part of their DNA faster than any of them expected. The competitive strengths many banked on in a pre-pandemic world aren’t as relevant as having a steady pipeline of new apps, platforms, and digital channels are. It’s creating a paradox for DevOps: on the one hand, they’re expected to deliver perfect code, and on the other, it needs to be delivered in record time. Pre-pandemic, a typical DevOps team in a $500M+ enterprise has over 200 concurrent projects in progress, with over 70% dedicated to safeguarding and improving customer experiences according to IDC. Today, there are up to 2X more projects, and up to 80% are focused on cybersecurity.
No organization is perfect at DevOps today. Everyone is at various stages of maturity and growth. The pandemic puts a lot of pressure on DevOps teams to get their code right quickly and into a released app in record time. LogicMonitor must see it in their customer base every day. The trade-offs DevOps teams have to make for speed versus quality – and even security – when pushing out a release are real and often tend to overlook diagnostics. That’s why the Airbrake acquisition makes so much sense today. LogicMonitor bought Airbrake to help DevOps teams do what they do best.
The often-quoted Boston Consulting Group (BCG) article, Going All In With DevOps, illustrates the typical pressure DevOps is under to perform, including catching bugs early, solving them, and getting code into test and deployment. According to Airbrake, 73% of their DevOps customers are pushing code multiple times per week – and many said they were deploying code “multiple times per day.” What makes Airbrake a perfect fit for LogicMonitor is how their developer-centric application error and performance monitoring service provides detailed diagnostics beyond the first layer of a bug or problem. In the context of the BCG graphic below, LogicMonitor buying Airbrake gives DevOps teams the diagnostics they need to move faster through error detection and into the test, deploy and release phases.
36% of DevOps team members are struggling to keep up with increased dev speeds and demands, according to Checkmarx’s survey.
55% of DevOps team members have taken on more security responsibility during the pandemic, according to Checkmark’s survey.
DevOps teams are struggling to keep up with their workloads today. LogicMonitor believes that by automating more monitoring processes and providing deeper contextual data and insight, DevOps teams can improve their response times and quality.
Automation pays off with more efficient continuous integration and deployment (CI/CD) cycles across DevOps teams, speeding up time-to-market and improving software quality in the process. Buying Airbrake extends LogicMonitor into developer environments and enables their shared customers to gain visibility into CI/CD workflows while reducing risk and ensuring every code release meets customer expectations. The following graphic illustrates how the CI/CD pipelines support DevOps. The more efficient continuous integration, testing, delivery, and operations, the more code releases DevOps can deliver at a higher quality, on time, and to customers’ expectations.
Source: Deloitte, DevOps Point of View, An Enterprise Architecture perspective, Amsterdam, 2020
The best aspect of LogicMonitor acquiring Airbrake is how practical, pragmatic, and immediately useful their vision of providing unified observability is in supporting DevOps teams under pressure to perform today. Airbrake is LogicMonitor’s second acquisition in just over a year, having also acquired Stockholm-based log analytics company Unomaly in January 2020. LogicMonitor’s Airbrake page provides additional information.
According to Burning Glass Technologies, the two tech job skills paying the highest salary premiums today and in 2021 are IT Automation ($24,969) and AI & Machine Learning ($14,175).
The average salary premiums for the most in-demand tech skills range from $4,204 to nearly $25,000.
Startups valued at $1 billion or more are 33% more likely to prioritize one or several top ten tech job skills in their new hire plans versus their legacy Fortune 100-based competitors or colleagues.
These and many other fascinating insights are from Skills of Mass Disruption: Pinpointing the 10 Most Disruptive Skills in Tech, Burning Glass Technologies’ latest research study published earlier this month. Their latest study provides pragmatic, useful insights for tech professionals interested in furthering their careers and earning potential. Burning Glass Technologies is a leading job market analytics provider that delivers job market analytics that empowers employers, workers and educators to make data-driven decisions.
Using AI To Find The Most Valuable Job Skills
Using artificial intelligence-based technologies they’ve developed, Burning Glass Technologies analyzed over 17,000 unique skills demanded across their database of over one billion historical job listings. The study aggregates then define disruptive skill clusters as those skill groups projected to grow the fastest, are most undersupplied and provide the highest value. For additional details regarding their methodology, please see page 8 of the report.
The research study is noteworthy because it explains how essential acquiring skills is to translating new technologies’ benefits into business value. They’ve also taken their analysis a step further, providing technical professionals with additional insights they need to plan their personal development and careers.
Key takeaways from their analysis include the following:
IT Automation expertise can earn technical professionals a $24,969 salary premium, the most lucrative of all tech job skills to have in 2021. Burning Glass Technologies defines IT Automation as the skills related to automating and orchestrating digital processes and workflows. Six of the ten job skills are marketable enough to drive technical professionals’ salaries above $10,000 a year. At an average salary uplift of $8,851, proactive security (cybersecurity) job skills’ market value seems low. Future surveys in 2021 will most likely reflect the impact of the SolarWinds breach on demand for this skill set. The following graphic compares the average salary premium by tech job skill area.
Software Dev. Methodologies (DevOps) expertise is the most marketable going into 2021, with 634,600 open positions available in North America based on Burning Glass Technologies’ analysis. Employers initiated 1,714,483 job postings requesting at least one disruptive skill area between December 2019 and November 2020. With each skill predicted to grow at least 17%, technical professionals have several lucrative options for their personal and professional development plans. The following graphic compares job openings by skill areas for the time frame of the study:
Quantum Computing, Connected Technologies, Fintech and AI & Machine Learning expertise are predicted to be the fastest-growing tech job skills in 2021 and beyond. Demand for technical professionals skilled in building and optimizing quantum computers and their applications will be in high demand for the next five years based on the study’s findings. Connected Technologies refers to skills related to the Internet of Things and connected physical tools and the telecommunications infrastructure needed to enable them. Fintech skills are related to technologies, including blockchain and others, that make financial transactions more efficient and secure. The following graphic compares the top ten tech job skills predicted to grow the fastest in 2021.
AI & Machine Learning, Cloud Technologies, Parallel Computing and Proactive Security (Cybersecurity) are the most distributed across industries, translating into more diverse job opportunities for technical professionals with these skills. Professional Services leads all industries in demand for nine of the ten tech job skills, except Parallel Computing, the most in-demand skill in Manufacturing. Factors contributing to Professional Services leading all industries in demand for technical job skills include the following factors. First, their business models need to continue pivoting fast to stabilize during the pandemic. Second, better risk and compliance controls of remote operations are urgently needed. Third, better visibility into services costs across all systems to ensure financial reporting accuracy is a must-have, according to the CFOs I spoke with regarding the survey results. The following graphic compares demand for tech skills by industry sector.
Demand for AI and Machine Learning skills is growing at a 71% compound annual growth rate through 2025, with 197,810 open positions today. Technical professionals with job skills in this area see salary premiums of $14,175. Top positions include Data Scientist, Software Developer, Network Engineer, Network Architect, Data Engineer and Senior Data Scientist.
Positions requiring IT Automation job skills are predicted to grow 59% over the next five years and have 282,380 positions open today. Besides being the most lucrative job skillset to have, IT Automation job skills lead to positions including Software Developer, DevOps Engineer, Senior Software Developer, Systems Engineer and Java Developer or Engineer.
Bottom Line: Flint Brenton’s vision for the future of Centrify and cybersecurity, in general, prioritizes the need for privileged access management to become core to the multi-cloud architectures and DevOps environments he sees pervading customers’ enterprises today.
Every new cybersecurity company CEO is writing their vision of the future by their decisions and the priorities they are based upon. From tech dominance to sales success, each CEO has their own long-term strategy and idea of what they and the company need to excel at to succeed.
Defining Cybersecurity As A Core Part Of DevOps
It is always fascinating to speak with new CEOs at cybersecurity companies and see what their vision for the company is after they’ve been there a few months. I recently had the opportunity to sit down and talk with Flint Brenton, who joined Centrify as President and CEO in July of this year. Flint leads the strategic direction and execution of the company’s vision drawing from an exceptional track record of accelerating growth through product innovation and sales execution. He recently served as president and CEO of CollabNet VersionOne, which pioneered the Value Stream Management market. He previously held president and CEO positions at AccelOps and Tidal Software and has successfully led engineering teams at NetIQ, Compaq, BMC Software, IBM and more.
Flint sees the needs of enterprise developers creating new apps using DevOps as pivotal to the future of Centrify, specifically and cybersecurity in general. A core part of those developers’ needs is securing privileged access management (PAM) in multi-cloud environments while supporting agile development.
My interview with him provided five key insights into why cybersecurity will increasingly be defined by how well it can be incorporated into “DevSecOps,” and how Centrify’s vision for the future looks to capitalize on that demand and drive PAM into the DevOps pipeline to further automate built-in security practices:
Cybersecurity providers’ cloud-based architectural platforms will define the competitive landscape for the next several years in the industry. Since accepting the CEO role in July, Flint has been spending most of his time talking with customers to gain in-depth insights into their greatest challenges. He is hearing about the challenges customers face when attempting to make different cybersecurity vendors’ solutions work together and function in a multi-cloud architecture. “Having a clear architectural advantage where features can be added quickly is going to be key in cybersecurity for years to come,” he explained.
Any cybersecurity company’s vision needs to consider the speed at which infrastructure and workloads are moving from on-premise to the cloud – it’s faster than predicted. One of Centrify’s financial services customers in APAC is launching a virtual bank and wants the new venture to be entirely cloud-based. Like many Centrify customers, they are considering a multi-cloud architecture, including Amazon AWS, Google Cloud and Microsoft Azure. Flint explains they will need a security model and identity management controls that run in the cloud to accommodate their current and future computing plans. The FinTech is relying on Centrify to secure privileged access for administrators to its multi-cloud environment.
Viewing every enterprise customer as a software business first helps remove roadblocks to delivering more value faster. Cybersecurity companies need to consider how they can streamline DevOps and DevSecOps cycles by providing enterprise developers with new tools to integrate identity management efficiently. “The developer is now building identity management into apps and frequently those apps are built using container-based models and they are then deployed either into cloud, on-prem, or a combination of both,” Flint said.
Design in flexibility for the many different buying communities you’re trying to serve early on and continually monitor them to learn about what’s most valuable to them. DevOps leaders’ buying community is among the most self-sufficient, willing to download a trial, install it and buy it. Enterprise sales are more research and time-intensive. Flint observed that a company’s vision needs to encompass each buying community’s unique nature and be willing to extend platform-level features and DevOps tools if necessary.
Buy-in from the DevOps community will become increasingly important in cybersecurity in general and is a core part of Centrify’s vision. Prior to taking the helm at Centrify, Flint was the CEO of CollabNet VersionOne, where he helped define value stream management as a market standard. I asked him if he sees any parallels with value stream management’s success and the vision he has for Centrify. “The key with value stream management is to understand how developers wanted or needed to build software more successfully in the future. So you have to get the buy-in of the development community to include it in what they’re building, rather than making an appetite of adding it after it’s already been deployed. So I think that’s a major focus in the DevSecOps market. Make it part of what is built. Don’t allow it to become an afterthought,” Flint said. The future of cybersecurity will increasingly be defined by how easily Identity Access Management (IAM) and Privileged Access Management (PAM) can be designed at the beginning of DevOps and DevSecOps cycles.
What I find most compelling about his vision is how essential every person is to breaking apart complex cybersecurity problems and solving them. Flint’s vision of providing DevOps teams with the tools they need to design in identity access management is groundbreaking. No one is talking about design wins in this area of the market today.
Centrify is quickly turning into a company that actively seeks out their customers’ most difficult obstacles and uses them to challenge itself to grow and do excellent work. They are looking for cybersecurity leaders with cloud-based development skills, AI skills and automation skills who are up for the challenge.
Bottom Line: DevOps and security teams need to leave one-time gating inspections in the past and pursue a more collaborative real-time framework to achieve their shared compliance, security and time-to-market goals.
Shorter product lifecycles the need to out-innovate competitors and exceed customer expectations with each new release are a few of the many reasons why DevOps is so popular today. Traditional approaches to DevOps teams collaborating with security aren’t working today and product releases are falling behind or being rushed to-market leading to security gaps as a result.
Based on conversations with DevOps team leaders and my own experience being on a DevOps team the following are factors driving the urgency to integrate security into DevOps workflows:
Engineering, DevOps and security teams each have their lexicon and way of communicating reinforced by siloed systems.
Time-to-market and launch delays are common when engineering, DevOps and security don’t have a unified system to use that includes automation tools to help scale tasks and updates.
Developers are doing Application Security Testing (AST) with tools that aren’t integrated into their daily development environments, making the process time-consuming and challenging to get done.
Limiting security to the testing and deployment phases of the Software Development Lifecycle (SDLC) is a bottleneck that jeopardizes the critical path, launch date and compliance of any new project.
Adding to the urgency is the volume of builds DevOps teams produce in software companies and enterprises daily and the need for having security integrated into DevOps becomes clear. Consider the fact that Facebook on Android alone does 50,000 to 60,000 builds a day according to research cited from Checkmarx who is taking on the challenge of integrating DevOps and security into a unified workflow. Their Software Security Platform unifies DevOps with security and provides static and interactive application security testing, newly launched software composition analysis and developer AppSec awareness and training programs to reduce and remediate risk from software vulnerabilities.
Synchronizing Security Into DevOps Delivers Much Needed Speed & Scale
DevOps teams thrive in organizations built for speed, continuous integration, delivery and improvement. Contrast the high-speed always-on nature of DevOps teams with the one-time gating inspections security teams use to verify regulatory, industry and internal security and compliance standards and it’s clear security’s role in DevOps needs to change. Integrating security into DevOps is proving to be very effective at breaking through the roadblocks that stand in the way of getting projects done on time and launched into the market. Getting the security and DevOps team onto the same development platform is needed to close the gaps between the two teams and accelerate development. Of the many approaches available for accomplishing this Checkmarx’s approach to integrating Application Security Testing into DevOps shown below is among the most comprehensive:
Making DevOps A Core Strength Of An Organization
By 2025 nearly two-thirds of enterprises will be prolific software producers with code deployed daily to meet constant demand and over 90% of new apps will be cloud-native, enabling agility and responsiveness according to IDC FutureScape: Worldwide IT Industry 2020 Predictions. IDC also predicts there will be 1.6 times more developers than now, all working in collaborative systems to enable innovation. The bottom line is that every company will be a technology company in the next five years according to IDC’s predictions.
To capitalize on the pace of change happening today driven by DevOps, organizations need frameworks that deliver the following:
Greater agility and market responsiveness – Organizations need to create operating models that integrate business, operations and technology into stand-alone businesses-within-the-business domains.
Customer Centricity at the core of business models – The best organizations leverage a connected economy to ensure that they can meet and exceed customer expectations. By creating an ecosystem that caters to every touchpoint of the customer journey using technology, these organizations seem to anticipate their customer needs and deliver the goods and services needed at the right time via the customer’s preferred channel. As a result, successful organizations see growth from their existing customer base while they acquire new ones.
Have a DNA the delivers a wealth of actionable Insights – Organizations well-positioned to turn data into insights that drive actions to serve and anticipate customer needs are ahead of competitors today regarding time-to-market. These organizations know how to pull all the relevant information, capabilities and people together so they can act quickly and efficiently in making the right decisions. They are the companies that will know the outcome of their actions before they take them and they will be able to anticipate their success.
BMC’s Autonomous Digital Enterprise framework, shown below highlights how companies that have an innovation mindset and the three common traits of agility, customer centricity and actionable insights at their foundation have greater consistency and technology maturity in their business model characteristics compared to competitors. They also can flex and support fundamental operating model characteristics and key technology-enabled tenets. These tenets include delivering a transcendent customer experience, automating customer transactions and providing automation everywhere seeing enterprise DevOps as a natural evolution of DevOps, enabling a business to be more data-driven and achieving more adaptive cybersecurity in a Zero-Trust framework.
Meeting the challenge of integrating security in DevOps provides every organization with an opportunity to gain greater agility and market responsiveness, become more customer-centric and develop the DNA to be more data-driven. These three goals are achievable when organizations look to how they can build on their existing strengths and reinvent themselves for the future. As DevOps success goes so goes the success of any organization. Checkmarx’s approach to putting security at the center of DevOps is helping to break down the silos that exist between engineering, DevOps and security. To attain greater customer-centricity, become more data-driven and out-innovate competitors, organizations are adopting frameworks including BMC’s Autonomous Digital Enterprise to reinvent themselves and be ready to compete in the future now.
Startups’ ambitious AI-based new product development is driving AI-related investment with $16.5B raised in 2019, driven by 695 deals according to PwC/CB Insights MoneyTree Report, Q1 2020.
AI expertise is a skill product development teams are ramping up their recruitment efforts to find, with over 7,800 open positions on Monster, over 3,400 on LinkedIn and over 4,200 on Indeed as of today.
One in ten enterprises now uses ten or more AI applications, expanding the Total Available Market for new apps and related products, including chatbots, process optimization and fraud analysis, according to MMC Ventures.
Rapid advances in AI-based apps, products and services will also force the consolidation of the IoT platform market. The IoT platform providers concentrating on business challenges in vertical markets stand the best chance of surviving the coming IoT platform shakeout. As AI and ML get more ingrained in new product development, the IoT platforms and ecosystems supporting smarter, more connected products need to make plans now how they’re going to keep up. Relying on technology alone, like many IoT platforms are today, isn’t going to be enough to keep up with the pace of change coming. The following are 10 ways AI is improving new product development today:
14% of enterprises who are the most advanced using AI and ML for new product development earn more than 30% of their revenues from fully digital products or services and lead their peers is successfully using nine key technologies and tools. PwC found that Digital Champions are significantly ahead in generating revenue from new products and services and more than a fifth of champions (29%) earn more than 30% of revenues from new products within two years of information. Digital Champions have high expectations for gaining greater benefits from personalization as well. The following graphic from Digital Product Development 2025: Agile, Collaborative, AI-Driven and Customer Centric, PwC, 2020 (PDF, 45 pp.) compares Digital Champions’ success with AI and ML-based new product development tools versus their peers:
61% of enterprises who are the most advanced using AI and ML (Digital Champions) use fully integrated Product Lifecycle Management (PLM) systems compared to just 12% of organizations not using AI/ML today (Digital Novices). Product Development teams the most advanced in their use of AL & ML achieve greater economies of scale, efficiency and speed gains across the three core areas of development shown below. Digital Champions concentrate on gaining time-to-market and speed advantages in the areas of Digital Prototyping, PLM, co-creation of new products with customers, Product Portfolio Management and Data Analytics and AI adoption:
AI is actively being used in the planning, implementation and fine-tuning of interlocking railway equipment product lines and systems. Engineer-to-order product strategies introduce an exponential number of product, service and network options. Optimizing product configurations require an AI-based logic solver that can factor in all constraints and create a Knowledge Graph to guide deployment. Siemens’ approach to using AI to find the optimal configuration out of 1090 possible combinations provides insights into how AI can help with new product development on a large scale. Source: Siemens, Next Level AI – Powered by Knowledge Graphs and Data Thinking, Siemens China Innovation Day, Michael May, Chengdu, May 15, 2019.
Eliminating the roadblocks to getting new products launched starts with using AI to improve demand forecast accuracy. Honeywell is using AI to reduce energy costs and negative price variance by tracking and analyzing price elasticity and price sensitivity as well. Honeywell is integrating AI and machine-learning algorithms into procurement, strategic sourcing and cost management getting solid returns across the new product development process. Source: Honeywell Connected Plant: Analytics and Beyond. (23 pp., PDF, no opt-in) 2017 Honeywell User’s Group.
Relying on AI-based techniques to create and fine-tune propensity models that define product line extensions and add-on products that deliver the most profitable cross-sell and up-sell opportunities by product line, customer segment and persona. It’s common to find data-driven new product development and product management teams using propensity models to define the products and services with the highest probability of being purchased. Too often, propensity models are based on imported data, built-in Microsoft Excel, making their ongoing use time-consuming. AI is streamlining creation, fine-tuning and revenue contributions of up-sell and cross-sell strategies by automating the entire progress. The screen below is an example of a propensity model created in Microsoft Power BI.
AI is enabling the next generation of frameworks that reduce time-to-market while improving product quality and flexibility in meeting unique customization requirements on every customer order. AI is making it possible to synchronize better suppliers, engineering, DevOps, product management, marketing, pricing, sales and service to ensure a higher probability of a new product succeeding in the market. Leaders in this area include BMC’s Autonomous Digital Enterprise (ADE). BMC’s ADE framework shows the potential to deliver next-generation business models for growth-minded organizations looking to run and reinvent their businesses with AI/ML capabilities and deliver value with competitive differentiation enabled by agility, customer centricity and actionable insights. The ADE framework is capable of flexing and responding more quickly to customer requirements than competitive frameworks due to the following five factors: proven ability to deliver a transcendent customer experience; automated customer interactions and operations across distributed organizations; seeing enterprise DevOps as natural evolution of software DevOps; creating the foundation for a data-driven business that operates with a data mindset and analytical capabilities to enable new revenue streams; and a platform well-suited for adaptive cybersecurity. Taken together, BMC’s ADE framework is what the future of digitally-driven business frameworks look like that can scale to support AI-driven new product development. The following graphic compares the BMC ADE framework (left) and the eight factors driving digital product development as defined by PwC (right) through their extensive research. For more information on BMC’s ADE framework, please see BMC’s Autonomous Digital Enterprise site. For additional information on PwC’s research, please see the document Digital Product Development 2025: Agile, Collaborative, AI-Driven and Customer Centric, PwC, 2020 (PDF, 45 pp.).
Using AI to analyze and provide recommendations on how product usability can be improved continuously. It’s common for DevOps, engineering and product management to run A/B tests and multivariate tests to identify the usability features, workflows and app & service responses customers prefer. Based on personal experience, one of the most challenging aspects of new product development is designing an effective, engaging and intuitive user experience that turns usability into a strength for the product. When AI techniques are part of the core new product development cycle, including usability, delivering enjoyable customer experiences, becomes possible. Instead of a new app, service, or device is a chore to use, AI can provide insights to make the experience intuitive and even fun.
Forecasting demand for new products, including the causal factors that most drive new sales is an area AI is being applied to today with strong results. From the pragmatic approaches of asking channel partners, indirect and direct sales teams, how many of a new product they will sell to using advanced statistical models, there is a wide variation in how companies forecast demand for a next-generation product. AI and ML are proving to be valuable at taking into account causal factors that influence demand yet had not been known of before.
Designing the next generation of Nissan vehicles using AI is streamlining new product development, trimming weeks off new vehicle development schedules. Nissan’s pilot program for using AI to fast-track new vehicle designs is called DriveSpark. It was launched in 2016 as an experimental program and has since proven valuable for accelerating new vehicle development while ensuring compliance and regulatory requirements are met. They’ve also used AI to extend the lifecycles of existing models as well. For more information, see the article, DriveSpark, “Nissan’s Idea: Let An Artificial Intelligence Design Our Cars,” September 2016.
Using generative design algorithms that rely on machine learning techniques to factor in design constraints and provide an optimized product design. Having constraint-optimizing logic within a CAD design environment helps GM attain the goal of rapid prototyping. Designers provide definitions of the functional requirements, materials, manufacturing methods and other constraints. In May 2018, General Motors adopted Autodesk generative design software to optimize for weight and other key product criteria essential for the parts being designed to succeed with additive manufacturing. The solution was recently tested with the prototyping of a seatbelt bracket part, which resulted in a single-piece design that is 40% lighter and 20% stronger than the original eight component design. Please see the Harvard Business School case analysis, Project Dreamcatcher: Can Generative Design Accelerate Additive Manufacturing? for additional information.
Greenfield, D. (2019). Advice on scaling IIoT projects. ProFood World
Hayhoe, T., Podhorska, I., Siekelova, A., & Stehel, V. (2019). Sustainable manufacturing in industry 4.0: Cross-sector networks of multiple supply chains, cyber-physical production systems and AI-driven decision-making. Journal of Self-
Bottom Line: Every organization needs to digitally reinvent their business, starting at the system level to safely sell and serve customers with minimal physical interaction.
The hard reset every business is going through creates a strong sense of urgency to increase the agility, speed, and scale of selling, as well as customer service options that protect the health of employees, customers, and partners. Customer experience needs to be the cornerstone of digital transformation, with the customers’ health and welfare being the highest priority. Businesses need to realize that digitally reinventing themselves is no longer optional. Every customer-facing system is going to need the best infrastructure, security, and stability for any business to survive and grow.
Securing Infrastructure Needs To Come First
COVID-19 was a wake-up call that companies need to operate as multi-channel players, allowing for physical but, more importantly, virtual presence. For instance, in retail, only those that will step up their efforts in building on-line ordering and associated nation-wide logistics networks will survive in the longer-term. If the cloud was considered an option in the past, it now is mandatory. In turn, the need for security has increased.
Starting with infrastructure, hybrid- and multi-cloud environments need to be augmented with additional system support, new apps, and greater security to support the always-on nature of competing in a virtual world. Providing self-service sales and support across any device at any time and keeping all systems synchronized is going to take more real-time integration, better security, more precise pricing, and so much more.
Consumer electronics manufacturers’ biggest challenge is reinventing their infrastructure while selling and serving customers at the same time. Part of their biggest challenge is protecting privileged access credentials that have become fragmented across hybrid- and multi-cloud environments. Everyone I’ve spoken with is balancing the urgent need for new revenue through new channels on the one hand with intensity to secure infrastructure and the most valuable security assets of all, privileged access credentials.
According to a 2019 study by Centrify among 1,000 IT decision-makers, 74% of respondents whose organizations have been breached acknowledged that it involved access to a privileged account. These are typically used by a small set of technical personnel to access the most critical systems in the IT estate, including modern technologies such as cloud, DevOps, microservices, and more. The CIO of a local financial services and insurance company, who is a former student and friend, told me that “it’s often said that privileged access credentials are the keys to the kingdom, and in these turbulent times they’re the keys to keeping any business running.”
CIOs, CISOs, and their teams are focusing on four key areas today while digitally reinventing themselves to provide more flexible options for customers:
Secure every new self-service selling and service channel from breaches.
Fast-track cloud projects to become 100% virtual and available.
Simplify infrastructure management by integrating IT and Operations Management across hybrid and multi-cloud environments.
Improve compliance reporting as well as reduce audit costs and associated fines.
Legacy Privileged Access Management (PAM) Can’t Scale For Today’s Threats
Sophisticated social engineering and breach attempts are succeeding in misdirecting human responses to cyber threats, gaining access to valuable privileged access credentials in the process. Legacy PAM systems based on vaulting away shared and root passwords aren’t designed to protect hybrid cloud and multi-cloud environments. These DevOps systems include containers and microservices, APIs, machines, or services. Furthermore, multi-cloud environments create additional challenges because access management tools used for one vendor cannot be used with another.
Switching from in-person to self-service selling and service creates new challenges and an entirely new series of requirements for identity and access management. These requirements include securing a continually-increasing number of workloads that cause the amount of data in the cloud to grow exponentially. There’s also the need to centralize identities for consistent access controls across hybrid and multi-cloud environments – all happening while a business is busy digitally reinventing itself. Compounding all of these challenges is the need to excel at delivering an excellent user experience without sacrificing security in an increasingly self-service, always-on, 24/7 world.
Securing Privileged Access In A Post-COVID-19 World
If you’re looking for a sure sign any business will be around and growing in twelve months, look at how fast they are digitally reinventing themselves at the infrastructure level and protecting privileged access credentials first. Digital-first businesses are taking a more adaptive approach to consistently controlling access to hybrid infrastructure for both on-premises and remote users now.
Centrify and others are making rapid progress in this area, with Centrify’s Identity-Centric PAM taking a “never trust, always verify, enforce least privilege” approach to securing privileged identities. Centrify’s approach to Identity-Centric PAM establishes per-machine trust so it can defend itself from illegitimate users – whether human or machine – or those without the right entitlements. It then grants least privilege access just-in-time based on verifying who is requesting access, the context of the request, and the risk of the access environment as is illustrated in the graphic below:
Improving customer experiences needs to be at the center of any digital transformation effort. As every business digitally transforms itself to survive and grow in a post-COVID-19 world out of necessity, they must also improve how they secure access to their cloud and on-premises infrastructure. Legacy PAM was designed for a time when all privileged access was constrained to resources inside the network, accessed by humans, using shared/root accounts.
Legacy PAM was not designed for cloud environments, DevOps, containers, or microservices. Furthermore, privileged access requesters are no longer limited to just humans, but also include machines, services, and APIs.
Privileged access requesters need greater agility, adaptability, and speed to support DevOps’ growing roadmap of self-service and increasingly safer apps and platforms. While privileged identities must be protected, DevOps teams need as much agility and speed as possible to innovate at the rapidly changing pace of how customers choose to buy in a post-COVID-19 world.