In professional baseball, a “Triple Crown” refers to leading the league in three of the most important batting statistics: average, home runs, and runs batted in – the number of runners who cross the plate as a result of a hitter’s efforts.
Winning the Triple Crown is a rare and admirable feat. In the American League, Miguel Cabrera was the last to win one in 2012. It hasn’t happened in the National League since 1937, although St. Louis Cardinals first baseman Paul Goldschmidt could come close this year.
What makes it so admirable is that it requires total dominance in a number of disciplines. A batter must connect with the ball often enough (average), pack enough power to leave the park frequently enough (home runs), and secure enough overall runs (RBIs) to lead in every category. In other words, Triple Crown-level talent only combines in rare, transformational talents.
Similarly, achieving a digital transformation requires a business to excel in multiple IT disciplines. It must connect to the applications that enable productivity from anywhere, whenever. Users need the power to access applications seamlessly, or their productivity and experience will suffer. And all of this has to be done securely, without giving bad actors the opportunity to probe networks for weaknesses and move laterally once compromised.
In short, total digital transformation is a Triple Crown in its own right, and achieving it requires outstanding performances in the fields of applications, network connectivity, and cybersecurity. When leading in all three, organizations can reduce risk, limit complexity, and cut costs.
Here are the three areas you must master to win your own transformation Triple Crown.
From the data center to IaaS, Paas, SaaS
As many as three-quarters of apps used by businesses today are SaaS-based, according to some studies. Since Salesforce became the first hugely successful example of the model in 1999, the migration from on-premise data centers to the cloud as the hub for productivity tools has advanced relentlessly.
The widespread adoption of solutions like Microsoft 365 means terabytes of data once hosted locally now reside in public clouds like Azure, AWS, and the Google Cloud Platform. This includes critical, customer-facing applications as well the internal productivity apps that drive the bottom line. Data now lives everywhere and must be accessible from anywhere.
Securing this data requires moving from network-based access to identity and context-based access. Only those users, IoT/OT devices, or workloads with any business accessing a resource are allowed to do so. Beyond just the identity requesting access, permission decisions can be further informed by context including when the request is being made, from where, and from what device.
This transition from the data center to the cloud has been happening since before Cabrera won the last Triple Crown. What’s been slower to adapt, however, has been the way we think about architecting our networks.
Hub-and-spoke to direct connectivity
Despite this mass migration of critical apps to the cloud, many businesses have pursued business as usual in terms of how they build and defend their networks. As a result, enterprises today are saddled with legacy IT architecture where traffic from branch offices, production facilities, and OT systems must be hair pinned back through a central data center in order to clear its security stack.
Even in the Majors, with its notoriously grueling 162-game season, no one would expect the New York Yankees to play the Los Angeles Angels, Boston Red Sox, and then the Seattle Mariners on the same road trip before returning home. Routing all traffic through a centralized data center is a bit like that.
This old way of doing things is slow, inefficient, and eminently breachable. That’s because these networks’ attack surfaces remain discoverable from the open internet. Any cybercriminal with a little know-how can follow the tried-and-true method of discovering applications, probing them for weaknesses, moving laterally through those networks, and ultimately, stealing valuable data. Since even “cloud” security solutions like virtual firewalls and VPNs are IP-based, they can still be easily discovered on networks.
Connecting users directly to applications is also more cost-efficient. This method allows enterprises to do away with expensive MPLS networks in favor of secure local breakouts made up of micro-tunnels and inside-out connections that keep applications from being exposed to the open internet.
Castle-and-moat to zero trust architecture
Of course, direct-to-app access renders legacy security methods effectively useless. Without routing all traffic back through a centralized stack, those expensive boxes tasked with URL filtering, load balancing, SSL inspection, sandboxing, and the like don’t get their chance.
And that’s okay. Because, aside from being inefficient (as we’ve already covered), they’re also expensive to replace and need to be upgraded often. The stack seems to grow higher each year as more and more point products are added to the lineup.
With zero trust, organizations can capitalize on all the benefits of the cloud – scalability, reduced CapEx, reliability – while expanding their defensive capabilities. Leading cloud security providers offer additional services like posture control, data loss prevention, or inline and out-of-band SSL inspection. Think of it like stocking a team’s farm system with talent rather than going all out on a marquee player every few seasons.
Becoming a complete player
Digital transformation isn’t any one thing. It refers to a range of IT capabilities you must master in order to usher a business into a new era. It involves overhauling applications, networks, and security. As with baseball’s Triple Crown, only well-rounded CXOs are in the running. But achieving this feat means being on the top of your game – and the competition.
What to read next
SaaS, IaaS, and PaaS: What the shared responsibility model means for zero trust