Why Your Digital Strategy Is Most Likely Not Keeping Your Business Secure Enough

Paul Kurchina
Paul Kurchina in Community Advocates, ASUG News November 07, 2017

 

Technology is driving a deep interconnection between all business process — from customer experience to supply chain management  to drive a stronger influence and leadership in technology as it relates to the business. Every day, we see this in action as companies such as Amazon, Netflix, and Uber go from startup to mainstream darling in a stunningly short amount of time by using technology to change the way products and services are delivered, as well as the products themselves.

But according to Justin Somaini, chief security officer of SAP and presenter of the ASUG webcast, “Building Trust, Not Walls,” the same technology that’s enabling more secure things are dampening the security of its data and infrastructure. “Businesses need to take a look at how their digital strategy is impacting how they deliver products and, more importantly, how those products are secured,” he advises. “And the more technology changes, so does the whole concept of security.”

Go Beyond Building a Wall to Establish True Digital Resiliency, Trust, and Security

The advancement of security  from the perspective of governance, prevention, corrective action, and detectives controls  is turning into a digital mechanism of high automation and business enablement in how services and products are provided. Now, CIOs have to be just as concerned about the security of how decision makers and customers access and view data and experience transactions as they are about the actual data and technology enabling those interactions.

This level of attention to security is not just about compliance; it’s also about confronting a growing landscape of organized crime, terrorist activities, politically charged hacktivism, and international cyber espionage. The increasing interconnectivity of companies and their assets across the globe is opening the door to unprecedented exposure, turning IT systems into highly attractive targets.

As the tactics of malicious individuals continue to mature, the more vulnerable businesses of all sizes and industries are to the loss of revenue, competitiveness, opportunity, reputation, and, ultimately trust. To survive an increasingly digital world of never-ending risk, businesses need to continuously assess the three cornerstones of digital security:

  • Product resiliency: We need to develop applications, aka products, to be able to identify and defend against direct sophisticated attacks. Security safeguards should be incorporated into applications to ensure content and transactions are protected.
  • Operational trust: The environments, in which the applications reside, regardless of virtual or physical, needs to be able to defend against direct attacks. End-to-end secure cloud operations help defend customer data and business processes.
  • Corporate security: Security-aware staff, end-to-end physical security of digital assets, and a comprehensive business continuity framework are all components of a successful digitalization program.

Bringing these different aspects of security together requires an efficient information security management system and a security governance model to foster business-driven risk decisions and full alignment on security. This holistic combination helps ensure that appropriate security for all digital assets and products, as well as physical locations, is supported through a widely communicated security policy and standards to comply with applicable laws and regulations.

“The threat landscape as a whole, at a microscopic level, changes quite significantly. The products that are vulnerable vary, and new attacks surface all the time. But from a long-range view, the threat landscape hasn’t changed that much over the last nine years,” Somaini reflects. “Malicious individuals are still using the same methodologies, relying on the same destinations, and exploiting and profiting from data the same way. As a result, businesses always need to harden their IT environment to identify, control, and prevent attacks while automating the auditing of user authorizations.”

For more cybersecurity insights and a top 10 list of best practices from Justin Somaini, chief security officer of SAP, listen to the replay of our Oct. 24, 2017 cybersecurity webcast, “Building Trust, Not Walls.”