Secure Digital Business Transformation – What every Chief Security Officer (CSO) needs to know

Digital Business Transformation is “the” economic change process that every company is experiencing at the moment. It is constituted by 5 major technology trends:

  1. Internet of Things, aka 4thindustrial revolution
  2. Multi-connectivity
  3. Big Data
  4. Cybersecurity
  5. Cloud Computing

The 4th industrial revolution describes the technology trend to connect sensors from industrial processes with regular IT, which goes together with the multi-connectivity trend.  This is also often referred to as Internet of Things (IoT). Undoubtedly this will bring ideas for new commercialization and businesses. However, connecting sensors to regular IT has to be thought through. You want to implement scenarios that make sense and that are secure. The major sensor manufacturers will drive the accompanying security mechanisms including the security management software. Sensors will have a pre-installed form of authentication mechanism. Lately I saw some mentioning of the Extensible Authentication Protocol (EAP) and Short Message Authentication Check (SMACK) as the protocol and format for IoT security, but I was unable to get any details about their market adoption, which has to be in early stages if at all.

Multi-connectivity already mentioned in the paragraph above results from a rising number of computers and devices like sensors or smart wearables getting connected to software and applications. For personal usage each and every one of us has to make her or his own decision on how much information they want to share with applications and the companies offering them. Data gets used, mined and sold so that businesses can market their products better. Privacy is on the brink of being lost. We will soon see a world where every person knows exactly what everyone else is doing on this planet in this very moment. And the people will gain this knowledge quicker than any intelligence agency. One could say that we will all get “smarter”.

The multi-connectivity trend leads to Big Data. New and above all more data is being generated faster than ever before. And once available it will be analyzed. It’s like highways. Once they are built, traffic follows. More data and better analyses will lead to additional knowledge about people and their preferences and about industry and IT processes and their relationships. Since data and applications are the target of attackers, they need to be secured as best as possible. It is no wonder we hear about severe attacks on a daily basis given the reality in IT security. Communication paths are still not encrypted, ports open, administrative users have unchanged pre-configured and well-known passwords. These are all easy to configure security settings. As a guiding principle you want to get to a state with IT security where the basics are check-marked and your attack scenarios get more and more difficult and unlikely.

The availability of big data and the Internet of Things leads directly to the trend of Cybersecurity. Big data is not only a challenge. It can be analyzed for attacks and malicious usage, which helps identify internal threats as well as external. Infrastructure usually gets attacked to find a way to the assets. So securing data and applications is most important. As mentioned above deciding when to implement secure Internet of Things scenarios is another open question. You have to weigh in here, if you can realize new or more business opportunities, and understand and configure the available security mechanisms.

Putting your data and applications on a remote server administered by a third-party, aka Cloud Computing is the major trend these days. Customers tell me that they feel that their applications are way more secure when put into the Cloud, than if installed on premise. I do recommend to thoroughly analyze available security mechanisms including the SLAs of the Cloud vendor. Encryption of the application data and key management is highly debated and is a deciding factor for differentiation. Applications and data seem to get ranked according to their value and the most prized assets get only put into a private Cloud, if at all. Usage of Open Source and how security vulnerabilities are found and solved, should be a topic to be addressed not only for Cloud but on premise applications.

Security should never hinder your business to follow a secure transformation to a reliable Digital Business. The new challenges in security are a problem of scale. Big data and IoT offer new options of threat analysis, but pose new challenges in securely connecting machine-to-machine or machine-to-person or vice versa. You absolutely have to make sure that you have no easy security targets left unaddressed.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.