Raconteur

Digital Transformation Special Report 2017

Issue link: https://raconteur.uberflip.com/i/843342

Contents of this Issue

Navigation

Page 5 of 19

DIGITAL TRANSFORMATION RACONTEUR.NET 06 30 / 06 / 2017 Design security in and keep the hackers out SECURITY In an increasingly connected digital world, the opportunities for cyber crime are multiplying making security a central issue D igital transformation is revolutionising business, with technologies such as mobile computing, big data analytics and the internet of things (IoT) entering every aspect of an organisation from customer ser- vice to high-level decision-making. However, Gartner predicts that by 2020, 60 per cent of digital busi- nesses will suff er major service fail- ures due to the inability of IT secu- rity teams to manage digital risk. The more connected devices an organisation uses and the more data it collects, the greater the possibilities for a breach and the bigger the incentive for hackers. EMMA WOOLLACOTT Meanwhile, by its ver y nature, transformation is ripe with the possibility of unforeseen effects, so security should be central from the outset. It's not something that project teams will necessarily be keen on, as there's a common per- ception that focusing on security too early can cause delays and put too many constraints on a project. In fact, though, the opposite is more likely to be true, as an early focus on security can save project teams from going down the wrong path. "When undergoing a digital transformation project, always in- volve security people from the very start – it saves a lot of pain and backtracking later on," says Owen Connolly, Europe, Middle East and Africa vice president at research firm IOActive. "We really do like to do the blue-sky thinking too and we actually have ideas to contribute." As Simon Leech, chief technolo- gist on Hewlett Packard Enterprise's digital solutions and transformation team, points out, the widespread adoption of IoT has already provided examples of what can happen if secu- rity isn't properly considered in the design phase. "The recent Mirai botnet preyed upon IoT devices, including IP cam- eras and home routers, infecting those with default passwords and outdated Linux kernel versions. Infected devices were added to a botnet which was then controlled to launch DDoS [distributed deni- al-of-service] attacks," he says. "It wou ld have been fa irly t r iv ia l to include cont rols at t he desig n sta ge to enforce users to cha nge defau lt pa sswords a nd deliver system updates, but a la s t hese de- vices are typically built to a budget a nd too of ten t here is not enoug h budget to ta ke a mat ure approach to r isk a ssessment." Gartner predicts that 8.4 billion connected devices will be in use worldwide in 2017, rising to 20.4 billion by 2020. And according to Cisco, these devices will generate more than 400 zettaby tes – 400 trillion gigaby tes – of data ever y year by 2018. It's a huge challenge for securi- ty professionals, for whom tradi- tional perimeter protection is no longer enough. "Digital transformation inevita- bly adds more devices and ways to attack the business," says Piers Wil- son, head of product management at Huntsman Security. "Blocking every possible attack route is impossible. Instead, concentrate on knowing what 'normal' behaviour looks like, so security teams can spot and ad- dress suspicious activity instantly." Adaptive, self-defending systems are coming into their own, exploit- ing machine-learning and real-time analytics capabilities. They can autonomously identify intruders and detect unusual access to data and systems from inside the net- work. Role-based controls limit the user's access to data by job role and two-factor authentication double-checks identity. But it's important to note that effective security is a continuous process, and this is particularly the case in a digital organisation, which is far more likely to be mak- ing business changes rapidly and all the time. HAVE VISIBILITY Rapid change need not reduce security. In fact, the most agile solution for digital transformation, an application network, is inherently more secure than today's software sprawl. When you create digital systems as networks of applications, with APIs connecting them, you end up with more layers of defence, not less. The best security comes, counterintuitively, from visibility – making explicit what data and changes are allowed at each layer, and which ones have actually occurred… Uri Sarid Chief technology officer, MuleSoft DON'T OVER-CONTROL Security can be a competitive diff erentiator, so leverage the expertise available and turn it into part of your product off ering. It can actually be the reason why people will choose you over your competition. Don't over-control. Too many companies get obsessed with having controls on controls to satisfy audit requirements. This leads to a situation where people will actively circumvent controls to be able to do their job eff ectively. There's only one thing worse than no control and that's an ineff ective control, as it gives the illusion of security… Owen Connolly Vice president, Europe Middle East and Africa, IOActive CONSIDER ALL RISKS As we start to see business transformation expanding into the area of autonomous devices, for example self-driving cars, the impact of security vulnerabilities starts to threaten our own wellbeing. So to address the security risks in business transformation, it's necessary to consider the organisational risk position throughout the life cycle of the transformation exercise… Simon Leech Chief technologist Hewlett Packard Enterprise's digital solutions and transformation team TOP CHALLENGES IMPEDING ORGANISATIONS FROM TAKING ADVANTAGE OF DIGITAL TRENDS CROSS-INDUSTRY SURVEY OF UK AND US DECISION-MAKERS SoftServe 2017 INSIGHT EXPERT TOP TIPS Security concerns Budgetary constraints Lack of strategy across the organisation Lack of required skills Competing interests Lack of willingness to take risks Organisational infl exibility Lack of a collaborative culture Lack of strong business case 55% 50% 31% 27% 26% 22% 22% 11% 11% srfparis/Pixabay 60% of digital businesses will suff er major service failures by 2020 due to the inability of IT security teams to manage digital risk Gartner "To really address the security risks in business transformation, it's necessary to consider the or- ganisational risk position through- out the life cycle of the transforma- tion exercise," says Mr Leech. New risks need to be identifi ed on an ongoing basis, and agile sys- tems put in place for patching and remediation, as well as monitoring that systems are working swiftly and eff ectively. Partly for this reason, digital transformation must bring with it a changed business culture, with cyber security, applications security and IT teams working more closely with operations staff , and often this will mean accepting a certain level of risk. "Organisations will learn to live with acceptable levels of digital risk as business units innovate to discov- er what security they need and what they can aff ord," says Paul Proctor, vice president and distinguished ana- lyst at Gartner. "Digital ethics, analyt- ics and a people-centric focus will be as important as technical controls." When undergoing a digital transformation project, always involve security people from the very start

Articles in this issue

Archives of this issue

view archives of Raconteur - Digital Transformation Special Report 2017