Author: Don Elledge, CEO
Where we came from, where we are today, and how we will be connecting you with leaders in our world
In the mid-1990’s, just shortly after the Web was born, my co-founder Dean Fantham and I were both stationed in Silicon Valley, working for Deloitte & Touche — where I was a partner — one of the “Big Four” firms that were just then learning to address the disruption the digital world was about to unleash.
It would be hard to exaggerate what we learned — relatively early in our careers — from the vantage point of the epicenter of the digital world. Practically everything about security was changing. We began working in the security space but saw an opportunity for a focused practice in the business space, seeing the businesses had to look at security differently.
Let’s start with the transformation of the enterprise.
What we saw, first hand, were the early signs of a new era of corporate transformation where business leaders were strategically embracing technology, though perhaps not quite understanding the new risks that were associated with that transformation. One big area of risk: as time has passed, the enterprise has become more and more distributed — with employees, partners, and information everywhere — creating value and at the same time creating risk. The borders of the enterprise began to change at the turn of the century, though many enterprises, even today, have not fully adjusted to this new reality.
Many things were changing. The network was becoming distributed. The user endpoints were becoming more diversified and more personal. Data began to flow much more easily, and people were becoming more computer savvy. The internet was becoming the center of the universe for business and people’s personal lives.
We made mental notes at the time, and have continued refining our thinking ever since: digital transformation will inevitably happen, to every company in every industry. But the opportunity and challenge is not to get in the way of that transformation, but rather to help that transformation happen safely, securely, and sustainably.
In other words, we saw the emergence of the modern enterprise that is digitally driven while intelligently protected against the new spectrum of risk. We coined the term: business-aligned security. It’s proactive — not reactive — and in sync with what the modern enterprise needs to do.
Second, we foresaw the transformation of the enterprise’s top security professional.
At the Big Four firms — and practically everywhere else at the time — at least three distinct areas of competency were emerging inside the enterprise: access, governance, and threats we called “cyber.” By far, the biggest focus was governance — due to regulations such as Sarbanes Oxley — which basically demanded that businesses follow checklists to ensure that everything was covered.
The early focus obscured a reality that would only become visible years later: all areas are related, and what the enterprise would soon begin to demand is a C-level executive who not only understood the new tech requirements, but had the social /political skills to get the job done.
Finally, we foresaw the transformation of the security consulting firm, and the competencies such a firm would need to build.
To meet the needs of the modern enterprise, we understood that we would have to approach security consulting as set of services that were focused on enabling clients to meet their top-line business objectives. Security should not be approached as a cost center, but a growth enabler. Second, to meet the needs of the top security professional inside the enterprise — sometimes the Chief Information Security Officer (CISO), sometimes the Chief Risk Officer (CRO) — and build meaningful bridges between the big practice areas, and bring them all together.
What we have done is to embrace the capabilities necessary to support the modern enterprise, and address the problems facing companies moving in this direction: how do deal with flat, global networks; data when it travels outside your enterprise; IoT. It’s not just being business-aligned. It’s about creating solutions that address the problems facing the modern enterprise, and being liberated and unencumbered from legacy thinking and models from the past.
But we also saw another challenge: delivering the right kinds of services, at the right time to our clients, according to where they are in their maturity cycle.
To meet this particular challenge, we set out to hire the world’s greatest strategists and practitioners in IAM, GRC, and cybersecurity. And then — in more recent years — we developed a model for delivering strategy, implementation, and managed services to meet the changing needs of our clients as they mature. We launched Edgile in 2001, and today we operate in dozens of cities nationwide, serving leaders in the Fortune 1000, with some of the best security consultants on the planet.
We’ve come a long way. And, of course, it’s all because we had the benefit of listening to our clients, which include leaders across a broad spectrum of industries.
And now we’d like to pay it forward.
Today, with this post, we are relaunching the Edgile blog with the mission of sharing the voice of the modern enterprise.
In a style we believe is more conversational and instructive, we will be interviewing some of the world’s top CISOs, CROS, and, yes, CEOs on the opportunities and challenges of digital transformation.
We will also be interviewing a number of leading subject matter experts — inside and outside of Edgile — to share how they are supporting enterprise leaders around the world.
Finally, we will be using the blog to share links, articles, and other relevant content to keep you, the security-tech leader, abreast of what’s new and relevant. We began our firm with the unfair advantage of being in a place where the future can almost be predicted and foretold. We’d like to create a virtual place — in the form of a blog — that can help spread the knowledge throughout our ever-widening community.