January 26, 2023
CDW Exec-Connect | Top Tech Trends for 2023 (Part 2)
In the second article of the two-part series finale, five CDW leaders lay out the CIO's guide to long-term strategic growth and digital innovation.
Introduction: Tara Barbieri, VP & GM, Orchestration
Welcome to 2023! In December, our roundtable of CDW Vice Presidents talked about the IT skills gap, the benefits of automation to defer labor costs, leveraging business logic and workflow processing, prioritizing data security, and consolidating legacy systems. The gang’s all here, and ready to explore more IT Trends to accelerate digital transformation in the coming year.
This year is bound to be a game-changer from an innovation perspective. Already, tech news spilling over from 2022 is proliferating our newsfeeds with discussions about chatbots that produce human-like responses and surreal AI portraits generated with lightning speed. The Consumer Electronics Show and the NRF Retail’s Big Show made headlines about breakthrough tech that is touching many different industries. Implementing breakthrough tech will require new insight into how to manage data, storage, and security, all while training the workforce on how to leverage new technologies for better business outcomes. So, let’s jump in.
This interview has been edited for length and continuity.
We’ve mentioned security quite a lot already, and that's a great opening to talk more about security. What do you think will be the challenge of building a secure cloud, whether on prem, in a public cloud or in the hybrid environments?
The biggest risk is when security is an afterthought and it’s not built in or designed from the beginning. You have to look at security from an infrastructure, data and application perspective. Unfortunately, companies fall short to look at all three.
So, do you think that CISOs will be spending a lot more time and money trying to identify patches and vulnerabilities that are caused by shadow IT now that people are working remotely?
It's not just a concern going into 2023. Shadow IT has been a top concern of our customers for several years. The proliferation of data being managed by application workloads, backbone infrastructure and sources not under the direct control of that IT organization continues to grow.
In that case, should organizations be locking things down?
If you lock it all down, you have total control, but then you don't have capabilities. So, the idea is, how do you find that balance where you push it to the edge so the remote coworkers can do what they want and can take advantage of the technology without putting the company at undue risk.
A lot of times the internal IT security department doesn't even know what the lines of business are doing. There's a whole lot of acquisition and merger activity going on in the market, and I suspect there will be more of that across industries in 2023. That makes it more of a challenge for customers, because they don’t know about the infrastructures they’ve inherited.
Organizations that can quickly identify issues and can remediate fast provide options to the business versus always trying to lock things down. The old model of building better walls just is not going to work in today's kind of environment.
Automation and machine-intelligent reporting will help with that, but another driver is that VPN is not enough. Cybersecurity insurance providers don’t even underwrite insurance policies anymore unless organizations are doing more than just using a VPN. They are looking at Multifactor Authentication (MFA) layered on top of a password vault or some privileged access control model to safeguard data assets against malicious external or internal threats. We at CDW are promoting a Zero Trust Framework because we understand that a security mesh is needed to really de-risk the threats associated with Shadow IT.
Shadow IT has been a security risk and concern for years due to the loss of central management, monitoring and auditing of appropriate security controls. Also, many companies only think of securing infrastructure and apps. Your data is just as important as understanding how it’s secured, who has access and how to restore it from a Disaster Recovery standpoint is critical.
Absolutely. This means that even if a digital identity has successfully and legitimately authenticated into a system, we need to still repetitively challenge that identity’s validity as it passes through devices, application workloads and data stores. And this concept doesn’t just apply to human-based digital identities. We’re also dealing with APIs, Bots and RPAs (Robotic Process Automation), so we want to be extremely cautious about applying the correct context to an identity and correctly assess how privileged or sensitive the data is that the identity is trying to access.
I know we've talked about creating a federated model, especially when it comes to API creation and controls. So, for example, creating standards for APIs, governing bodies, and centers of excellence, as well as rights management. While not everyone needs access to financial forecasts, putting the data that makes sense into the hands of the teams empowers decentralized decision-making and faster responses to change.
Of course, you must ensure that those applications and solutions are secure, you have to vet them properly and do cost controls, but at the same time, if you're thinking user-back about the selections you make that makes the control easier.