Question: How should I think about security when considering digital transformation projects?

Niv Weisenberg, Senior Director of Cyber Digital Transformation, Optiv: Multiple factors contribute to the sheer number of digital transformation projects underway today: the proliferation of the Internet of Things (IoT), expanding artificial intelligence (AI) capabilities, the sudden shift to a remote workforce prompted by the global COVID-19 pandemic, and the rapid rate of cloud migration. Digital transformation is no longer a nice-to-have; it’s a must-have in order to survive and thrive in today’s business world. 

CISOs and their security teams need to think about security in the digital age from both an internal and an external perspective. For the former, security teams should introduce and adopt digital enablers to transform the information security organization. Digital enablers include the cloud, IoT, AI/machine learning (ML), and automation to transform the information security organization. 

For the latter, they should address potential risks as new digital enablers are introduced by the business to drive growth.

Here are five specific areas security teams should prioritize to achieve security-first digital transformation:

1. Security operations modernization: Help security operations adopt a proactive posture when balancing the need to match technology adoption acceleration with cost management.

2. Developer-centric security: Enhance overall security posture and optimize DevOps performance by embedding a culture of proactive security in the DevOps process, enabled by orchestration and automation. For example, “shift security left” in the application development process to integrate security products as developers code and into build/test processes — rather than leaving it as an after-the-fact bolt-on. This will help organizations solve issues at the point of origin, detect and remediate vulnerabilities before they hit production, and, most importantly, build a DevSecOps program that prioritizes security throughout all development phases.

3. Cloud strategy and execution: Shifting security left applies in the cloud transformation journey, too. Develop a strategic roadmap for secure cloud migration, operation, and management, as well as secure architecture modernization. Also consider standing up cloud native app protection (CNAP) capabilities that will scour cloud environments and alert staff to compliance risks and configuration vulnerabilities in cloud services.

4. Connected devices: Enforce critical network, device, and data protection by doing things such as hardening connected entry points to the data fabric, modernizing the data paths for IT/OT convergence, bringing legacy networks under a modern security architecture, and implementing zero trust and a software-defined perimeter.

5. Big data and analytics: Maximize the value extracted from data and secure big data at scale with AI/ML-enabled analytics.

As important as it is to keep the business operating and competitive, organizations must transform securely. Keeping security at the forefront gives the business the benefits of digital transformation without the associated risks.