The good news about the next era of digital transformation is how companies are becoming intelligent enterprises. They’re using hyper-connected data, analytics, AI, and other technology advances to fundamentally change how business gets done. The results are new efficiencies, greater profits, and more satisfied customers. At the same time, digital transformation exposes companies to increased risk.
In fact, research reveals that many of today’s intelligent enterprises aren’t taking adequate steps to protect themselves as they forge ahead with digital transformation. According to IDC research, in partnership with SAP, only 33 percent of companies have a formal vulnerability and management process to remediate security flaws in enterprise applications. However, almost 40 percent of respondents said eliminating security vulnerability was a top priority.
To close this gap, organisations need to also transform security. I recently talked with Robyn Westervelt, research director of Security and Trust at IDC, who shared three tips to secure today’s intelligent enterprise:
People: Make security a group effort
Longstanding problems, such as managing encryption and addressing application vulnerabilities, are catching up with companies as hybrid and multi-cloud environments become the norm. What is new is how IT security is not alone in addressing these challenges.
“There is this lack of visibility and control felt not only among IT security personnel, but also with line-of-business IT and operations personnel,” said Westervelt. “Security is increasingly working with data analysts and data owners — even on the issue of data quality. And, the regulatory environment is driving enterprises to address privacy and trust like never before. They have to answer two most important questions: where are my most critical assets and who has access to them?”
Connected businesses need to embed security across the organisation, managing it as a holistic problem that isn’t siloed in different departments. At the least, businesses need enterprise-level visibility of identity and access management, while security teams should work closely with the people who own the data within teams and departments company-wide.
Processes: Do not overlook security basics
Given the growth of high-profile data breaches and cyberattacks, you would think companies would not get caught without fundamental security measures in place.
Westervelt disagreed. She shared how one consumer goods manufacturer had no modern backup systems when it was hit with a ransomware attack. The massive losses cost the company millions.
“They couldn’t run production lines…and senior management had to call in retirees to figure out formulas for several longstanding products,” she said. “They now have a chief information security officer building a security program from scratch — beginning with authentication and identity and access management, and moving straight through to data security, encryption, and more.”
With data from many devices across different systems, both inside and beyond organisational walls, it is no wonder that over 40 percent of IDC survey respondents said they were challenged to securely manage information access and integration. Still, that is no excuse for not taking preventive steps, such as patch updates.
Having the right patches and protocols in place can make the difference between deflecting digital risks like ransomware, or facing unexpected high costs. Updated application patches are essential to basic security hygiene.
Partners: Commit to a risk-based security framework and take your ecosystem with you
Identifying the most critical security risks and allocating resources appropriately are crucial for every company. Westervelt said the most successful companies commit to a security framework. The good news is that there are several, easily accessible trusted frameworks that hundreds of thousands of developers are already following.
“I’m a believer in secure software development and injecting security in at the earliest stages because bolting on security is costly after the fact,” said Westervelt.
In a cloud-based world, it is vital to consider the cascading potential for threats across an organisation’s ecosystem. Attackers can enter an organisation through customer or partner systems, so it’s important to engage with your customers and looking at the key security requirements of your own business, so you can extend these demands across your portfolio.
Just like digital transformation, security is never finished. Businesses need to continuously evolve security management, including policies and responses. Foiling cybercriminals and protecting private data will only get more difficult. But by focusing on factors within the company’s control – including employees, processes, and partners – intelligent enterprises can transform security in sync with every aspect of digital transformation.