InfoSec and the Great War

"Determined to never again repeat the devastating trench warfare during World War I, France undertook a strategy to build an impregnable line of defense along their eastern border with Germany. At a staggering cost of over $3.5 Trillion in today's U.S. dollars, France built a 300+ mile line of fortifications, obstacles, and underground networks commonly known as the Maginot Line. This system was manned by 10's of thousands of specially-trained troops and equipped with state-of-the-art technology. The Maginot Line stood as a marvel of military engineering and the cornerstone of the French defensive strategy.

Meanwhile, Germany had made use of technological advances in airplanes, engine motors and radio communications to develop a new form of warfare--Blitzkrieg. Blitzkrieg, or "lightning war", is the coordinated employment of infantry, tanks, and aircraft to out-number, out-maneuver, and encircle an enemy. By the spring of 1940, Germany had re-defined and transformed modern warfare while the French had perfectly prepared for traditional, trench warfare. What happened next is known as one of the greatest strategic blunders in all of military history.

Instead of attacking the Maginot Line directly, the Germans simply went around it--faster than anyone thought possible.

Rigid, Monolithic Structures Get Bypassed

Like the Maginot Line, the traditional tech (and infosec) delivery model is very effective when stakeholders are required to engage that model directly. The strategic weakness to that approach is that if our services aren't customer-friendly and easy-to-use, then the business will find a way around us--just like the Germans bypassed the Maginot Line in 1940. And as Germany re-defined modern warfare through Blitzkrieg, the rise of the digital enterprise is also re-defining today's businesses.

Digital Transformation: The Technology Blitzkrieg

The digital transformation can best be understood as the accelerating change of businesses activities in response to new expectations brought about by technology "disrupters". In other words, new technologies (such as cloud and mobile computing, converged infrastructures, Internet-of-things, social, and "anything"-as-a-service) are fundamentally changing customer expectations of businesses and services. It's not just new tech. Its new tech combined and applied that changes the human experience. Put simply, the digital transformation is a behavior shift that changes the consumer-provider relationship. This shift is also true of internal consumers of IT and infosec services.

To keep pace with this transformation, our business customers and stakeholders require greater speed and agility from our tech/infosec services. As service providers, we are a critical link in the new customer-centric value chain--but a link that is ill-prepared for the pace of decisions and value realization that defines the new, digital landscape. Returning to the historical analogy, traditional IT/infosec delivery models are built for trench-warfare tactics, while the business is employing lightning warfare (or a "Technology Blitzkrieg").

Re-defining Infosec Service Delivery

So what steps can IT and cyber security leaders do to adjust their strategy for this digital transformation?

   Evaluate processes and activities from a customer-centric perspective. Step across the counter and understand what the customer wants from your service.

   Run your service like a business. Define/re-define your value proposition under a new equation where Value = Benefits - Cost + Experience. "Experience" can either add to, or subtract from, your value.

   Make your services/capabilities easy-to-consume. Where possible, create tech stacks and code libraries that have security baked-in. Evangelize and "sell" your services.

   Cultivate new skills and behaviors in your people and stakeholders. Help technologists think like customer-oriented business owners. Coach stakeholders to make security part of their solutions early in the process."