The digital revolution is creating unprecedented levels of innovation and with it unprecedented security challenges.
CEOs and company boards know they cannot abstain from the digital revolution. Either they transform their businesses or they will be consumed by competitors, whether they be traditional rivals or start-ups. They also know that their existing IT security operations struggle to cope with the current threat environment and that digital has the potential to increase their problems.
Company leaders know the financial and reputational risks associated with data breach, and fear that digital, which depends on opening up and using many more data sources, will make that data more vulnerable. They understand that mobile is central to the digital world, but data on the move through a mobile workforce and the delivery of customer services via mobile increases risk.
The same is true with the cloud. It is an essential tool in digital transformation, but it brings security and compliance issues with it.
The challenge for company leaders and business technology professionals is to turn the digital revolution from a potential security problem into part of the solution. It is to stop the failings of old-school enterprise IT security – a lack of visibility and the inability to effectively respond to security threats – from inhibiting digital transformation or carrying over into the new digital operations.
CEOs, CIOs and CISOs know that a tick box approach to security and compliance is no protection against the damage that a successful cyber attack can bring. They also know that traditional approaches to IT security are simply not viable in a world dominated by data, analytics and ubiquitous connectivity, with complex and changing regulatory regimes, in the face of a global shortage of skilled security personal.
There is evidence that, in the short term, organisations are throwing money at the problem. Analyst group Forester, for example, reports that in 2016 security budgets rose to 28% of organisations’ IT spend, from 22% in 2014, but warns this isn’t sustainable, with firms’ security efforts lagging far behind digital transformation programmes.
A baseline for security in the digital world must be that threats are ever-present and growing, and they are driven at all levels from state-sponsored attacks to teenage bedroom hackers trying their luck.
At the end of last year, former US President Barack Obama expelled Russian diplomats amid allegations of hacking attacks aimed at influencing the outcome of the US election and ordered the CIA to devise cyber warfare plans against Russia.
Also in December 2016, the troubled online giant Yahoo had its potential acquisition by Verizon thrown into doubt after admitting that up to one billion subscriber account details had been stolen, in addition to 500 million account details the company had earlier admitted to being hacked.
There have been equally worrying breaches in the UK. In November 2016, Three, one of Britain’s largest mobile operators, revealed it had a major data breach that could put millions of its customers at risk after hackers accessed its customer upgrade database using an employee login. Names, phone numbers, addresses and dates of birth of its customers were obtained,though not any financial information.
The same month, Tesco Bank admitted that 40,000 customer accounts had been compromised, with half of them having money stolen from them. Sage, the FTSE 100 accounting and HR software firm,also suffered a significant breach, with employee data of up to 280 UK customers representing a large number of individual users potentially put at risk.
The list of such disasters is long and there isn’t a magic bullet solution to the crisis of cybersecurity. No single new product, service or innovation will crack the problems faced by organisations, from the largest government department to the smallest local business.
A new mindset, a new frame of reference for cybersecurity could,however,create the same opportunity for innovation and transformation in security as it does for business and services as a whole.
Currently, even the best run security operations use a vast number of different security tools, some integrated into core enterprise systems, some best of breed point solutions. Dimension Data, the digital infrastructure services provider, estimates that the clients engaging with its security services arm typically have between 35 and 50 different security controls or vendors’ products within their infrastructure.
This level of complexity brings problems of management and patching. It makes it difficult for firms to create clear policies on threat detection and clear responsibilities on who should act on threat information.
Just as significant,it limits the ability of an organisation’s technology team to innovate,whether that be in streamlining on-premises infrastructure or bringing in new cloud services to deliver new products and services to internal clients and external customer.
This scenario can create a downward spiral as business unit managers react to the inability of the technology team to give them what they need by adopting point, or cloud, solutions that may, inadvertently, bring additional, unquantified risk into the organisation.
There is a way out, though. In the digital age creating a fixed infrastructure for a company, and with it, a fixed technology and security architecture and security strategy, no longer makes sense. A focus on risk, looking at what can be done to mitigate unacceptable risk and what levels of risk an organisation is comfortable with, can enhance its security capability, while also enabling its digital transformation.
Pete Hulme, Data Centre Technical Lead at Dimension Data, says,
“In the digital era, an organisation’s data and the network on which that data travels, as much as an organisation’s core applications and its datacentre, are the platforms for business.
“This means enterprises need new ways of looking at security and risk, and new sourcing practices that make less use of point solutions and significantly more use of cloud and managed services.
“We are trying to help customers build in security to all aspects of their digital transformation. One of our fundamental approaches is to embed managed security services into our hybrid cloud products and to offer enhanced service management platforms for hybrid IT. This allows organisations to enhance security and compliance, and boost their digital offerings and capability.”
None of this is easy. As enterprises embrace digital transformation, with all the opportunities and challenges that brings, security architectures must transform to anticipate, not respond to, changing business requirements.
That means addressing mobile device and application proliferation, cloud service adoption, social media use, and ever expanding third-party dependencies.
Few, if any, organisations can tackle this on their own. Enterprises need support on that journey and business technology and security professionals will need to evaluate sourcing strategies to find partners that can help them on the route.
This article was brought to you by - Dimension Data