📰 Digital Transformation? How About a Security Transformation?
Nachrichtenbereich: 📰 IT Security Nachrichten
🔗 Quelle: cio.com
Organizations in every sector are either talking about, planning, or launching digital transformations. Whether it’s making a big move to the cloud, enhancing or expanding e-commerce applications, automating business processes, leveraging artificial intelligence (AI), machine learning (ML), and advanced analytics or building an Internet of Things (IoT) environment, enterprises are using technology solutions in multiple ways to become modern digital businesses.
Many of these efforts have been accelerated by the pandemic. For example, organizations have had to quickly build and support remote and hybrid work models, launch more aggressive and extensive shifts to the cloud, and scale up their eCommerce infrastructures to accommodate the new realities of the market.
In the rush to keep up with the rapid changes and remain competitive—or even relevant—by transforming processes, many organizations might have neglected a key component of digital transformation: creating a strong cybersecurity program that defends them against the latest threats.
This oversight is a potentially costly one. Data, especially personally identifiable information about customers and employees, intellectual property, marketing strategies, and other sensitive content, is among the most valuable assets a company owns. Leaving it less than fully protected is an enormous risk, opening up an organization to possible hacks, ransomware attacks, regulatory fines, lawsuits, and system outages.
It’s somewhat ironic that the very initiatives that support digital transformation—placing data and workloads in the public cloud, increasing the number of mobile and remote endpoints, expanding eCommerce platforms, and building out IoT—are broadening the attack surface significantly and putting companies at greater risk.
Transforming security
This isn’t to say that organizations should stop or even slow their digital transformation efforts. That genie is out of the bottle, and what’s more, transformation can lead to enormous benefits for companies and their customers.
What organizations need now is a comprehensive and effective cybersecurity strategy designed to protect valuable data resources in this modern environment. Organizations typically don’t consider the visibility and vulnerability of their data when they embark on transformation initiatives.
With digital transformation, organizations deploy a variety of new tools and services. Prior to these changes, the typical IT infrastructure was a centrally-controlled environment with gated perimeters, enterprise-owned endpoint devices, and on-premises data centers in which much of the company-owned data was housed.
All of this has evolved into a sprawling, essentially boundaryless entity consisting of cloud services, mobile devices and apps, remote workplaces, edge computing components, and IoT.
Much of the focus of cybersecurity efforts today should be on the endpoints within an enterprise, which oftentimes are the weakest links of cybersecurity programs. Recent research has shown attackers often gaining access to companies’ networks through endpoints such as PCs, smartphones, and the growing number of connected devices.
Many remote workers are using their own devices for work and in many cases, those are not centrally managed by IT or security—leaving them at greater risk of being used for illicit entry into enterprise networks and systems.
It’s time for a convergence
This is why organizations need to consider deploying converged endpoint management (XEM) platforms as part of their security transformation strategies. XEM can help organizations secure vulnerable devices and enable security teams to detect and respond to threats quickly and effectively. It provides a unified approach to endpoint management needed in today’s environments.
XEM platforms provide IT and cybersecurity executives and teams with real-time endpoint visibility, including how many devices are on the network at any given time, where they are located, who is using the devices, and if they are sufficiently updated and patched.
Modern security tools such as XEM can replace outdated legacy products that can provide an entry point for hackers to penetrate networks. That’s because in many cases, support for these products has lapsed, and bad actors take advantage of those weaknesses.
In addition to deploying XEM and other modern solutions, organizations should ensure that there is close collaboration between the security and IT teams. This is especially important as infrastructures become more complex and diverse than ever, and it gets harder to know if critical security patches have been deployed effectively to all the systems that need them.
They should also take a proactive approach to security via efforts such as threat hunting and analyzing threat intelligence. Ultimately, organizations should aim for a zero-trust approach to security that helps to safeguard networks through continual verification of users and devices.
Another key practice is to promote cybersecurity awareness. Companies need to train employees not only in how to safely use their own and company-owned endpoint devices and other tools, but how to spot common attacks such as phishing.
Many ransomware attacks happen because employees click on malicious links they receive via email or other sources. For years, insider threats have been among the biggest security worries. Many of these are inadvertent and can be avoided through training programs. Investments in security awareness should include training at all levels of the organization, including the most senior executives. It’s these executives who often are the targets of attacks such as phishing.
In order to digitally transform their business operations without introducing new security risks, organizations need to make security part of the effort from the beginning, focusing on data vulnerability. They will then need to maintain strong security throughout a transformation initiative and beyond.
Once a company has been transformed into a digital business, everything relies on data—including information about customers, employees, business partners and others—and much of this data is sensitive. That means it will be targeted by hackers and other cybercriminals.
By ensuring strong defenses through XEM and other new security technologies, policies, procedures and training, organizations can experience a security transformation that will enhance their overall digital transformation.
Learn how Tanium XEM can deliver the security transformation you need to augment your overall digita transformation here.