SAP's Elena Kvochko: Is 2021 the Year Cybersecurity and IT Finally Converge?

INTEROP DIGITAL — Expect collaboration between cybersecurity and IT teams to become the norm. That’s the prediction from SAP’s Elena Kvochko.

Kvochko serves as chief trust officer for the business process software vendor. She headlined the Interop Digital event on Thursday, discussing cybersecurity’s changing role in IT. (Interop Digital is run by Informa Tech, the parent company of Channel Futures.)

SAP’s Elena Kvochko

Traditionally, Kvochko noted, cybersecurity and IT professionals have not worked hand in hand. That’s shifting — and, no surprise, COVID-19 is either to thank or blame. As the pandemic pushed organizations into remote work, bad actors took advantage. Ransomware and other attack vectors spread not just through networks and email, but into employees’ mobile devices. They threatened cloud applications, too.

“We definitely saw a change in the volume of attacks and types of attacks,” Kvochko said.

That activity shows no signs of letting up, and as a result, cybersecurity and IT experts must join forces. Everyone “has to prioritize cybersecurity to keep organizations running smoothly,” Kvochko said.

That has to happen now, she added.

“The pandemic showed that … we’re still not yet ready for a large-scale disaster,” Kvochko said, referring to the industry as a whole. “And we don’t really have the luxury of waiting.”

Everyone in the organization has a role to play in ensuring security, she said. However, achieving this level of cooperation requires trust. Cybersecurity and IT professionals can facilitate that by sharing information openly and acting on that information, Kvochko said. It’s also critical to set responsible policies and processes.

“We all welcome continuous innovation,” she said. “We are inclined to trust the technology we rely on a daily basis … it’s our priority to help organizations find the balance between security, privacy and growth.”

Creating a ‘Culture of Collaboration’

Effective collaboration between IT and cybersecurity means following some key steps. Kvochko first recommended providing clarity. Make sure people have, and understand, procedures and rules, especially in case of a cyber crisis, she said. Also, help security and IT teams know what should be trusted, as well as what qualifies as valuable and actionable. To do that, build reliable controls that work. Establish governance and policy frameworks, and check them for resilience, adherence and implementation. Finally, educate all stakeholders, including end users, on what to do during a cybersecurity event. Distinguish factual from non-factual reporting, she said.

That alone “will enable organizations to mature,” Kvochko added.

Further, taking Kvochko’s advice should help cement trust within and among organizations. That confidence, she said, is “increasingly a value of doing business.”

But that all starts with “a culture of collaboration” between cybersecurity and IT, Kvochko said.

“We think by implementing those action items and focusing on strategic objects, we all can help minimize the risk surface around our organizations,” she said.

Along the way, Kvochko suggested hiring “the best people for the job.” Cybersecurity and IT roles need the best talent to guide organizations; to be sure, such experts are in high demand. They understand the products, services and practices germane to security and can identify where investments will yield the greatest benefit. And they will do so as teams, she noted.

Cybersecurity and IT professionals “will have more opportunities to work together to create safe environments. Instead of working in siloes, IT and security should come together … to build controls and mitigate risks.”

COVID-19 has shown that organizations remain vulnerable, Kvochko said. But aligning IT and cybersecurity will go a long way toward fixing that. As a result, customers and internal data will gain more protections — a vital outcome.

“No matter how the landscape changes, that alignment will continue to stay a core focus for organizations,” Kvochko said.

Whether or when cybersecurity and IT will converge has turned into a hotter topic within the channel in recent months. The combination looks ever more likely. Indeed, Alex Au Yeung, head of product at Symantec, agreed with Kvochko. Speaking in a fireside chat at Thursday’s Interop event, Yeung said, “COVID-19 has accelerated the convergence of security and IT.”

“Security as a mindset is permeating across the entire organization,” he added.