With the Covid-19 pandemic bringing increased importance to agility of operations and services, digital initiatives across an array of sectors have been key in facilitating innovation. But no digital transformation strategy can be properly successful without the right security in place. In this article, we explore the importance of integrating information security with digital initiatives.
Design with security in mind
To keep the organisation sufficiently protected, digital initiatives must be designed and deployed with security in mind. This, according to Richard Slater, head of managed services at Amido, calls for constant communication between security and development personnel.
Slater explained: “If you don’t integrate information security with digital initiatives, you’re going to have insecure digital initiatives, this much is self-explanatory. Serious problems can arise when information security teams aren’t included in the design of solutions.
“Without continued communication and collaboration, information security teams can be blindsided with potential security risks that they have no choice but to isolate and secure. This creates the reputation that the information security team is the ‘big bad wolf’, rejecting digital initiatives and arbitrarily enforcing roadblocks that hinder progress.
“In reality, if information security is integrated into the design and planning stages of digital initiatives throughout, this can foster a better working relationship so that when initiatives are launched they already have the security features required to get the green light.”
Creating and rolling out an effective cyber security strategy
Going beyond traditional security
The shift to remote working, followed by the pending hybrid working model that’s set to be commonly practiced going forward, has rendered traditional approaches to security unfit for purpose. To go beyond traditional information security, remote and mobile devices need to be taken into account.
“Information security has become critically important as digitalisation has made cyber space a lucrative target for crimes,” said Larry Xiao, chief security officer at Alibaba Cloud.
“Being used increasingly widely, IoT and cloud technologies have made the architecture and environment more open and diversified. Thus, traditional protection at network border will not work effectively enough.
“The threat environment and vulnerable surfaces have become a lot more complicated. It is extremely challenging to assure the security of such systems without integrating security with digital initiatives or starting planning in the design stage, hence the concept of security-by-design is increasingly important.”
Integrating information security with digital initiatives can also go a long way in dealing with the rise in ransomware attacks, as explained by W. Curtis Preston, chief technical evangelist at Druva.
“Ransomware attacks are particularly becoming a daily occurrence, and it’s only gotten worse since the pandemic,” said Preston.
“Just last year, the FBI reported a 400 percent increase in ransomware, and the rates of these attacks are not predicted to slow down anytime soon. These attacks not only cause significant financial damage, but can diminish a brand’s reputation and customer trust.
“For organisations looking to remain secure while keeping pace with today’s digitised business landscape, integrating security with digital initiatives is imperative. A holistic approach to security that includes detection, resilience, and data recovery will allow organisations to mitigate cyber risk and thrive in today’s digital landscape.
“Security must also be embedded into the organisation’s culture. This means prioritising security, and ensuring that security experts are involved in critical business decision making from an early stage. It also means taking the time to train employees on security best practices to ensure a more cyber-aware workforce.”
The fight for your data: mitigating ransomware and insider threats
Defending digital communication channels
Organisations should also consider the security of digital communication channels, which have also seen increased usage due to the changing working landscape.
“With many face-to-face settings closed due to Covid-19 and longer wait times in call centres, millions more people have turned to websites and other digital channels, and businesses have had to scale up their digital offerings to meet that extra demand as well as add support for new digital channels,” said Jim Allum, director, commercial and technical at Macro 4.
“However, many first-generation web portals and digital communication systems are struggling to cope with the explosion in online traffic and the pandemic has also uncovered security weaknesses.
“In a survey of enterprise IT leaders conducted by Macro 4 in March, 69% of respondents said that the surge in digital interactions on different channels during the pandemic has highlighted gaps and weaknesses in existing IT infrastructure. Underlining that concern, the area most frequently identified as needing technology improvement was ‘Adding extra security measures to protect us and our customers when interacting digitally’, chosen by 46% of the sample.
“Any digital transformation initiative needs to consider security from end to end, including back-end systems and the repositories where customer information is held as well as the customer-facing interfaces. In most organisations that means dealing with a mixture of technologies, both new and old. Many of the older systems won’t have newer security and data privacy measures like multi-factor authentication and redaction built in, so you should consider adding these retrospectively. After all, your IT infrastructure is only as secure as its weakest link.”
An integrated approach
“With digital transformation moving at breakneck speed, businesses need to establish robust security practices to keep the applications, end-users, and the business protected,” said Harvey.
“Not all firms, however, are equipped to provide adequate security to safeguard their exposure to potential threats. In fact, according to the Agents of Transformation Report 2020: Covid-19 Special Edition, global technologists reported that security and robust identity and access management (84%), and the security of mission-critical applications (83%) are amongst the top digital workplace challenges to contend with.
“Bringing application and security teams together to facilitate speedy remediation is critical – information security teams can’t operate as an island on their own. They must share insights to ensure solutions are secure from the very core. In short, security needs to be application-led, and should be embedded inside the application from the beginning. IT teams need to identify vulnerabilities within the application during production, correlating any vulnerabilities and breaches with business impact so they can be correctly prioritised.
“The focus of digital initiatives in many organisations has been on speed, automation, optimisation, and innovation, but what’s also needed is an integrated approach that uses innovative tools to make security a number one priority from the beginning and not a bolt-on at the end of the process. Businesses shouldn’t have to choose between security and velocity for their digital initiatives.”