Digital transformation creates unprecedented opportunities for organizations, but also the unprecedented risk.
Information and data security remain a major challenge. Attacks are becoming more sophisticated and organized as organizations across all major industry sectors are hacked for various forms of identity theft and credit card information. The result is lost business, lost customer trust and impacted end user experience.
Just to share some statistics, IHS Markit is assertive that IoT devices will be 5x (around 125B) by 2030. The International Data Corporation’s (IDC) Worldwide Quarterly Wearable Device Tracker report states that the number of wearable devices will be 2x by 2021 (230M) while Cybersecurity Ventures predicted that Cybercrime damages will be 2x ($6T) by 2021 and Cyber security spending will be 10x ($1T) by 2021.
As organizations embrace the digital mosaic – the new cloud-based platforms and solutions now available – organizations must meet the challenge to keep pace with safeguarding their assets, especially data and identity. But these challenges are also motivating organizations to act to avoid the financial penalties due to security breaches, customer attrition, avoidance of reputation. They realize the value to their brand protection, adherence to meet the regulatory and compliance requirements and to maintain competitive advantage.
It is often observed that business trends follow IT trends and IT trends follow attack trends, which in turn leads to implementing security solutions for preventing attacks.
Let’s look at how some industries are embracing new technologies:
- Connected Health care industry: This industry has started using IoT, Cloud, Analytics, Wearable devices, Payment Gateway
- Connected Automobile: This industry has started using IoT, Cloud, Big Data, Cognitive automation, Payment Gateway
- Smart Home: This industry has started using IoT, Cloud, Analytics etc
With the convergence and integration of these complex technologies, it poses new security challenges from end point devices to cloud infrastructure, leading to new threats of data and security breaches. Employees, contractors, vendors and partners use various end point devices (personal, corporate, mobile, IoT, laptop, desktop, virtual machines etc), all operating from different geographies and with applications hosted in the cloud and exposed to various partner ecosystems through API’s. The enterprise is no longer the perimeter. The entire cloud is the new perimeter.
To mitigate these ever-growing challenges, the solution is to be more agile to deal with new threats. This calls for flexible security platforms, building a security framework, involving business stakeholders in building security strategy, setting up governance and compliance processes and risk mitigation. This security framework must give continuous visibility on the security landscape, setup appropriate security controls, have continuous monitoring, assess risks and come up with the risk mitigation plan on a periodic basis.
Persistent started its cloud journey over six years ago. Our strategy became cloud first. We also setup various measures of security controls in public cloud from a governance perspective, enabled SSO/RBAC, data encryption, continuous monitoring and an alert process. Good security controls also require a good process and to setup adequate measures of security controls on end point where many security breaches originate.
Persistent is also setting up software defined access solutions for checking end points before connecting to corporate networks and applications. The same solution helps to set up the borderless ODC’s, providing flexibility to employees to work from any location and improve employee productivity.
The future will see only more cloud platforms and applications, and with that more integrated operations. Securing digital platforms will therefore be a continuous and agile process. The architecture will continue to be Zero Trust architecture as we no longer assume that the actors, systems and services operating should be automatically trusted. Instead each and everything must be verified and monitored closely.
Authored by Sandeep Deshmukh, Sr General Manager, Persistent Systems