Digital Transformation (DX) has come to represent all the ways that companies can deliver better business results by moving their systems, processes, and data in a direction that is more connected and provides a more intimate customer and partner experience. What was once thought of as a destination is now an ongoing evolution, with increasing levels of stakeholder connectivity and brand intimacy as foundational outcomes. To best protect a company’s assets, security must be thought of in the same fashion: companies needs continually evolve and adapt to be more resilient in order to drive key outcomes.
Cyber resilience refers to a company’s ability to continuously and intelligently deliver an intended outcome, despite adverse cyber events. It is an evolving perspective that is rapidly gaining recognition. The concept essentially brings the areas of information security, business continuity, and organizational resilience together.
The pace of adoption of DX and cyber resilience has been significantly increasing over the last several years and has now accelerated again due to the COVID-19 pandemic. The explosion of work-from-home requirements and the change in consumer behavior to predominantly online has brought a huge shift in the way companies manage their systems and processes, and a corresponding change in how we need to secure them.
With the advent of 5G and proliferation of the Internet of Things (IOT), change and the need to continuously adapt will accelerate further in a hyper-connected world, with every appliance, machine, camera, or car streaming real-time data which will be used by companies to provide an even higher level of intimacy and personalization. The focus for cyber resilience has to be able to evolve and match this increasing pace of change to ensure businesses are delivering on the desired level of customer service and security for their stakeholders.
Adapting in your New "Home"
Existing cybersecurity frameworks such as NIST and MITRE provide great guidelines for InfoSec teams by shining a light on the core elements of security. However, given the rapid change of pace associated with DX, being able to evolve and adapt is paramount.
To convey this in a real-world example, let’s look at moving to a new residence. In your current house or apartment, it’s possible to walk around in the dark without bumping into furniture, decorations or walls because you’re familiar with the layout. IT systems and processes are similar. Either through proper asset management and or tacit knowledge the “layout” of IT systems, becomes more and more familiar. Additionally, these systems have been managed the same way for years, when customer data was only in a few systems, IT tools were static, and security meant anti-virus, firewalls, and passwords.
However, with DX, many aspects of IT have suddenly changed and layers of IT have grown exponentially. As new applications are introduced, customer data is now found in many new places as infrastructure is increasingly distributed across many clouds and internally managed data centers. Where your old house was a single story, with three beds and two baths. The new “DX” house for IT is a multi-story, three bed, two bath with bonus room and basement connected smart house resembling an Escher print. It’s almost impossible NOT to bump into furniture in the dark because everything has changed.
From a security perspective, this puts companies in a more difficult position when it comes to compliance with data privacy and other industry regulations. The added complexity for most CISO’s is the difficulty security teams have finding and retaining the right talent which is exacerbated by the new ‘houses’ everyone finds themselves in. Amid this unfamiliar landscape, the requirements for cybersecurity are stressed in new and different ways, which force CISOs to focus on key outcomes such as:
- Knowing where ALL the business-critical data is and how it’s being used, shared, stored and protected
- Giving users just enough access to do their jobs and govern privileges in real-time
- Securing and continuously testing, scanning and hardening all applications
- Detecting insider and advanced threats in real-time while responding and recovering from breaches automatically
The Keystone of Successful Resilience
The emergence of data science and the ability to implement unsupervised machine learning offers a new way to think about the evolving security posture. Being able to intelligently adapt as the business increases focus on protecting identities, applications, and data in unison can help deliver optimized results which in turn enables organizations to keep pace with change. Just as outlined in the earlier example, where the recent pandemic has accelerated DX, it has also led organizations to think differently about their workforce patterns.
The shift to open and remote work environments in turn results in an influx in behavioral data as business strive to dynamically manage endpoints and the connections between them. A modern Endpoint Detection & Response (EDR) approach has the ability to perform anomaly detection at scale built in, allowing for near real-time detection and response. This paradigm of combining the power of machine and human intelligence provides better insights into events, incidents, and behaviors and thus increases the cyber resiliency of the organization.
The combination of focusing on the key outcomes, along with the ability to intelligently adapt is the key to building cyber resiliency as an embedded feature of the new ‘house’ of IT. It is also essential for an evolving and adaptable approach to digital transformation that is not just smart but will also allow CISOs to create a blueprint to match the current and future pace of change.
About the Author: John Delk, General Manager, Security, Micro Focus
John Delk is the general manager for security at Micro Focus, a software company that helps organizations run and transform their business. Driven by customer-centric innovation, Micro Focus software provides the critical tools organizations need to accelerate, simplify, secure, and analyze the enterprise. By design, these tools bridge the gap between existing and emerging technologies -- enabling faster innovation, with less risk, in the race to digital transformation.