Retail, as an industry, is well versed in disruption. Digitization, a global health crisis, data and privacy laws, technology obsolescence, component shortages — you name it, retail has been on the front line. Added to that, we now see spiraling energy costs and the resultant impact on consumer price inflation.
True, most sectors are also in a state of flux – very much in recovery mode – but retail often feels the effects of these macro events first and, arguably, hardest. So, what better time to convene with two industry leaders that can provide fresh insights that CISOs, CTOs and CIOs can plug into their own modernization program and come back stronger?
I was recently joined for a panel discussion by Colin Williams, CTO Networking and Security at Computacenter, alongside Gavin Cartwright, Partner – UKI Cyber Security Lead at EY. What followed was an incredible inside/outside perspective of the cyber trends in retail. But, personally, what I got out of this debate was a candid view on how CISOs can become more responsive to the voice of the customer.
Less metal, more mettle
Our panel talked in vivid terms about the current mission statement for retail brands — to give the customer a “harmonized” omnichannel experience where their “digital identity” is essentially the same across all touch points. To do this, our experts believed that CISOs needed to shift away from the old, legacy ways of collecting, storing and processing in the hardware — and embrace a more software-defined approach to customer management. This, Colin and Gavin both felt, would benefit the customer experience and rationalize the IT estate by reducing retailers’ reliance on physical security.
Analogous to this point, one word of caution comes through from our debate. “Legacy” is a misunderstood term that the industry has come to think of as old, inadequate and obsolescent. Instead, CISOs and their teams need to evaluate technologies based on their usefulness, not age. The consensus was that decisions on modernization (and therefore spend) become easier based on the amount of value these technologies bring in terms of generating good, available and secure data.
COVID legitimizes the cloud
COVID-19 has impacted the business community in ways many could never imagine, but silver linings are beginning to emerge, according to Colin Williams. For one, he believes that the retail sector has — out of necessity — been forced to adopt cloud solutions due to the lack of access to data centers (during lockdowns). This, he believes, has undoubtedly “legitimized the cloud” in many people’s eyes, even the most skeptical. But does this present new challenges?
Both Gavin and Colin suggest that adding cloud to the mix has far-reaching and, ultimately, welcome implications. Firstly, they both highlight that the level of cloud/hybrid knowledge within security teams is often lacking. It’s certainly not at the level of “on-premises” knowledge and skill set, Gavin argues.
From a client-side perspective, Colin agreed. “Different flavors of cloud” need to be better understood, he admits, “to avoid an unstructured move to the cloud with multiple providers and a complex mesh of responsibilities across IaaS and PaaS.” Beyond this, retailers would need to invest in a number of upskilling areas, such as outsourcing, training and growing their own academies. This will have the net effect of making data more important and, therefore, the security conversation wrapped around it much easier.
Re-wired for revolution
In the final part of our panel discussion, we turned to the role of the CISO in all this change. Tanium’s own research points to the fact that IT security teams are now more responsible for breaches than before the pandemic. So how is that going down within the profession?
Colin’s perspective as a technology leader at Computacenter is that “a complete change in the psyche is required.” He points to the traditional setup where teams operate in silos dictated by their specialist skill sets. “We need new IT professionals that have a more rounded view” so that they can deliver business-level insights beyond their primary competency, he says. To do this, team leaders need to be comfortable with defining and translating the problem for operational people and senior management. “Not enough CISOs and heads of security are ready to deliver what the business needs to hear,” he warns.
However, due to the chain of events over recent months and years, both panelists think that cybersecurity is better placed to bring value to the customer experience and help grow brand equity. The profession simply has some “catching up to do,” which means more modernization of the IT estate and its architecture instead of simply upgrading it. The main takeaway — It’s an opportunity for revolution, not evolution.
This blog post is a summary of a one-hour, wide-ranging panel discussion that you can watch on-demand. Click here to access the recording and view it on your own time.