Posted: 3 Min ReadExpert Perspectives

How Digital Transformation is Challenging Security

The traditional bounds of the enterprise are getting upended, presenting IT leaders with new, sometimes overwhelming security challenges

Digital transformation isn’t worth doing if it fails to disrupt business as usual. IDG research shows that nearly 90% of businesses plan to adopt a digital-first business strategy, though only 44% have reached that lofty goal. But not very much fuss has been raised about the downstream impact of digital initiatives on cyber security.

Yet, consider the traditional business network perimeter. The corporate network was behind a firewall and thought to be mostly secure while virtual private networks acted as a bridge to the outside world. But the processing that used to happen inside that fortified space is now mostly outside, thanks to IaaS Platforms such as AWS or Microsoft Azure, as well as SaaS, such as Office365, SalesForce, ServiceNow and countless other Cloud-based services. Managers today often prefer mobile apps to access corporate data or even to manage their enterprise activity from a mobile device rather than from a corporate-managed personal computer.

With digital transformation upending the traditional bounds of the enterprise, how are IT leaders grappling with the security challenges? The short answer is they’re overwhelmed.

That’s a game changer for organizations and it’s a monumental challenge for most security teams. An organization today might decide to expand its operations into a new region of the world and rather than give IT a few months to set up a data center, it would be expected to virtualize your network and switch on new service in a day or two at most. And then you must defend this new digital outpost.

With digital transformation upending the traditional bounds of the enterprise, how are IT leaders grappling with the security challenges? The short answer is they’re overwhelmed. Just last year alone the average number of security breaches rose by 11 percent, according to Accenture and Ponemon Institute’s Ninth Annual Cost of Cybercrime Study. Hackers know that your available attack surface won’t be decreasing anytime soon.

Feeling Your Pain

On the whole, digital transformation promises to make organizations more customer focused, efficient and insightful. If the side effect is a bit of pain for the security team — should anyone lose sleep over this? Maybe not sleep, but here’s a few important considerations:

  • Pain 1: Complexity- If you’re deploying old security tools, it’s going to be difficult to keep up with the pace of modern, agile environments. You either end up slowing down business growth or sidelining your career. Your competitors may already realize this. You must adapt to the increased complexity, and the reality that your perimeter stops being a ‘control point’ for applications, which could be located anywhere in the cloud.
  • Pain 2: Security- Your organization is heading to the cloud because it’s key to its digital transformation plans, regardless of whether or not you take steps to improve security. If anything, expect management to say the priority is opening a new revenue stream – there’s no stopping that train. While you will certainly bake in security, the key is to avoid adding more vulnerabilities while you modernize your defenses.
  • Pain 3: Costs- Has anyone baked the cost of higher security into the new digital business transformation plan? Unfortunately, you can’t float a plan stating that due to this increased complexity, you must employ 5x more IT specialists – then it won’t fly. The whole idea around digital transformation is it becomes accessible because it’s driving costs down.

Your Next Move

IT operations are experiencing a change we call ‘shift left’. When responsibility for business processes is placed in the hands of business unit engineering teams, that’s a shift from the days when a data center played host and the IT team deployed the app and managed access. Now, all of this responsibility may be decentralized, everything is software defined, and it works more effectively than before. Except, of course, that security responsibility also ‘shifts left’ — and must be baked into the development process.

This is the time to let go of the reactive approach to security that has been predominate in the traditional IT world, where organizations would think about how to secure apps late in the application deployment cycle. The shift-left approach, popularized in DevOps, effectively forces software testing much earlier in the software delivery lifecycle. In addition to reducing product defects, it serves as a force multiplier by giving application developers a familiar platform inside their existing processes to ensure the security of their deliverables, while processes are tied into it as well.

How Digital Transformation is Challenging Security

When you can embed security into your development process in an automated manner it greatly improves the business value of your SecOps operations. Once you have the tools that enable your developers to embed and automate the placement of security measures in business processes, you know that when you switch on a new app or a new data center, it’s already secure.

Unfortunately, organizations that fail to adopt new security tools or realign their thinking about mastering complexity will lose the alluring benefits of digital business transformation.

Symantec Enterprise Blogs
You might also enjoy
Video
4 Min Read

Securing Network Access in a Distributed, Zero-Trust World

Symantec has enhanced its email threat isolation technology to protect users who unwittingly or carelessly open suspect attachments

About the Author

Leonid Belkind

Vice President, CTO – Zero Trust, Secure Access Cloud

Leonid is driving the adoption of Zero Trust concepts and cloud-native technologies across the enterprise security products portfolio in Symantec. He has delivered security products to leading enterprises worldwide.

About the Author

Michael Dubinsky

Head of Product Mgmt. - Zero Trust

Michael is the head of product for Secure Access Cloud, Symantec’s Zero Trust Secure Access solution. The product’s goal is to help enterprises easily implement Zero Trust Access Model across their cloud and on-premises datacenters.

Want to comment on this post?

We encourage you to share your thoughts on your favorite social platform.