In the year 1453, the Ottoman Empire under Sultan Mehmed II was able to accomplish what none before them had ever been able to achieve. For more than a millennium, Byzantium had remained a bastion of the Orthodox faith, the great kingdom of the East. The hordes and barbarians that had caused the downfall of so many other empires had been unable to conquer this unconquerable city. Until one day when it all changed.
There are many reasons why Mehmed was able to break the great states’ formidable defenses, and why with this empiric victory an Empire that had stood for almost 2,000 years was no more. If you look back in history, the seeds of destruction were sewn years before and the cities’ betrayal by the Fourth Crusade and Richard the Lionheart’s followers did not help. However, the key to this unlikely event was the development of firearms, specifically the artillery. The Byzantium’s knew about it but were either unable or unwilling to change their defensive strategy to account for it. The walls that had withstood all the Huns, Bulgars and various Muslim empires could throw at them crumbled as did the defensive towers that formed the second line of defense. The problem wasn’t the will of the defenders to fight or the maintenance of those walls, it was the failure to acknowledge the risk the new threat posed, the failure to change a defensive strategy that had been successful for over a thousand years.
This crossroads is where we find ourselves in the changing world of commerce and industry today. The shift to a digital world is only accelerating. There are multiple reasons for this, and to some of us the cons of this move are so obvious. They should be obvious to everyone.
I believe the two key reasons for the shift, and most would agree, are convenience/access and price. Convenience is a state of mind and doesn’t mean the same thing to everyone. For example, I will buy any and every commodity I can online (as long as I don’t need it right now), however I wouldn’t consider making a house purchase online without seeing the house in person (unless there were mitigating circumstances). In other words, what’s convenient can change. There are several factors that influence what convenience is. They are no different in the digital world, and in the physical world we often forget that everything in the digital world maps to something in the physical world. Sometimes we think there is no direct correlation but that’s only because the digital world hasn’t matured to the point where it has a one-to-one equivalent yet, but it will and it is.
[You might also like: Cloud WAF: Why a Checkbox Isn’t Enough]
A good target industry for illusion purposes is retail. It is no secret that online retailers are growing at a much faster rate than their brick and mortar counterparts. Many traditional retailers are in fact shrinking. However, I think this trend will eventually slow down and maybe even reverse. Today it is an uneven playing field. Online retailers are not hamstrung with the same cost basis as a brick and mortar store. This is changing and it is changing quickly. Remember my original premise that nothing in the digital world exists without a physical world equivalent. In some cases the change is a change in how business is done, i.e. Amazon opening regional distribution centers (becoming more brick and mortar-like). In other cases it’s having to add more digital security (alarm systems, security guards, security tags in the clothing, video surveillance) follow more compliance (building codes, health inspections, fire codes, etc.) have more redundancy (multiple locations) or have better performance (location).
Change in the digital arena started years ago but is gathering steam and importance. Over the past 10 years we have seen the rise of compliance and regulation (PCI, HIPPA, NERC etc.) that have increased cyber security readiness and stability. However, this is/was just the beginning. The digital world always follows the physical world. PII data laws have been coming out fast and furious, and it is our belief that the IT infrastructure will ultimately be subject to the equivalent of building codes (today there are IT frameworks that can be very comprehensive, but they are not enforced). As our economy, our wellbeing, and indeed our very lives continue to rely on technology more and more, frameworks need to make way for enforced compliance.
Most of us will cringe at the idea that forced compliance can exist in our relatively free digital world, but when do risks outweigh the benefits? If you see this future in the same light as we do, then it is incumbent upon us as IT professionals, and in many cases a business leader, to take pre-emptive steps to be in control of our companies’ own destiny.
Taking pre-emptive action in this case is not as complicated as one would think. We can always use an existing framework (ITIL COBIT etc. ) in order to say that we are doing our due diligence, and there are numerous tools in place to help audit our practices and make sure that the framework remains in place and updated. Alternatively, we can take a simpler approach and map all components in our digital environment to those things that exist in the physical world. Then do a gap analysis vs the physical world. This, while by no means being a comprehensive approach, would help give us a basis for building a solution and saying that we have taken due care in ensuring we have built a robust environment to meet standard business needs.
We all have a choice; be like the Romans and pretend that the defenses/systems that have protected us since time immemorial are good enough, or evolve and stay ahead of the curve. We can and should expect more from our technology partners and we should be looking for companies that recognize this evolution. We believe that a comprehensive approach to technology as opposed to bolt-on functionality is the way to go when possible. The key is to find organization that have asked the question from the customers’ point of view and make round pegs for round holes. Organizations that have a mission and a focus area can expand their core capabilities, but this expansion is always in place to enhance the company’s core messaging and solutions.