Data is at the heart of the digital revolution, but the more data is transported and shared, the more it is potentially at risk.
CIOs and information security leaders cannot use security fears to hold back digital transformation initiatives, but equally, they cannot hide from the potential risks their organizations face.
Cloud, mobile and analytics dramatically increase the amount of data on the move. New technologies, such as the Internet of Things, significantly increase the attack plane open to cybercriminals, while the digital revolution is breaking down the traditional boundaries of the enterprise.
All this means that traditional approaches to enterprise security – throwing more money at the problem, attempting to secure the enterprise perimeter and adopting a tick-box approach to compliance – which were never adequate, could prove catastrophic in future.
Digital transformation not only requires organizations as a whole to change, it both requires, and enables, new approaches to enterprise cybersecurity.
To evaluate the state of enterprise security as the digital revolution powers ahead and the strategies organizations have to respond to the new threat vectors, global enterprise communications giant Level 3 commissioned a major Europe-wide research study by IDG Connect.
Not surprisingly, the survey found CEOs, CIOs and managers had a range of cybersecurity concerns, including:
- Reputational damage caused by data breaches (64%)
- Inability of current security infrastructure to handle all attacks (58%)
- Disruption to business operations (57%)
- Maintaining effective security provision as systems and networks evolve (54%)
- Cost of clean up after a security incident (52%)
- Compliance with industry and government regulation (47%)
Andrew Edison, senior vice president sales EMEA region at Level 3, said, “Compliance is vital, but it is good to see that the core business issues – around earning and keeping the trust of your customers, coping with new attack vectors as digital develops and the cost to business of cleaning up after a breach – are the primary drivers of security concerns as digital takes hold.”
Drilling down into the perceived key change factors around security, the survey found the following:
- The growing diversity, volume and sophistication of attacks (58%)
- Mobile device related data, application and service vulnerabilities (57%)
- Potential reputational damage from breaches (57%)
- Greater reliance on cloud services (53%)
- Expansion of business operations involving more staff and locations (52%)
- Larger fines issued by regulators and governments (43%)
With digital security now emphatically a board level issue, it is not surprising that the survey found most organizations had multiple people, with different roles making data security implementation and policy decisions. Some 64% of those surveyed highlighted selected two or more decision makers.
IT managers were the most common person making data security implementation and policy decisions in 70% of organizations, followed by CIOs (54%) and chief information security officers (48%). CEOs, while delegating much security decision making are very much involved (27%) and internal legal and compliance officers are represented on 19%.
In a sign of just how complex the security challenges are in the era of digital transformation, most of those surveyed expected their security budgets to increase by 10% over the next two years.
However, spending alone is not enough to win the battle with the cybercriminals, let alone the war. Enterprises and public sector organizations will always struggle to win in an arms race with the cybercriminals. Successful cybersecurity today requires new strategies, new technologies and new partnerships.
A large amount of cybersecurity spending is now focused on wrapping security round the data within the enterprise’s firewalls and data centres, rather than in trying to maintain an impenetrable perimeter. And this data must not only be stored securely, it must be safe from manipulation in transit.
For Level 3’s Kathy Schneider, senior vice president of product and marketing, EMEA region, digital offers enterprises the chance to go further – to put security at the heart of transformation. “Enterprises now have the chance to start designing-in security to every new process, rather than bolting it on as an afterthought.
“They should also be looking for network providers who can bring economies of scale to security operations, and at managed security services to get more bang for your security buck. Last, but not least, they should start investigating the use of analytics and automation to improve the enterprise’s security landscape.”
The stakes are high, but the digital revolution brings real solutions, as well as potential problems to enterprise security.
For more discussion on this subject and more information on Level 3 Communications, one of the world’s leading communications and services providers, follow this link http://www.level3.eu.com/EMEAConnectedEnterpriseUK
IDG Connect surveyed executives, CIOs, CTOs, CDOs, CISOs, and managers in in organisations from 25,000+ to 500+ employees, with multiple offices worldwide and based in the UK, France, Netherlands, Belgium and Germany