CIOopinion
CIO OPINION
Balancing security and
Digital Transformation
James Hennah, Director, Security, Asia, Middle East and Africa,
for BT, shares insights about balancing security demands with
the requirements of Digital Transformation. He talks us through
three domains – cloud, compliance and cyberthreats – and
provides recommendations that can help CIOs and CISOs make
security integral to their organisations.
Keeping the cloud secure
According to GHB Insights, around 35%
of enterprise application workloads will
migrate to the public and hybrid cloud by
2022. While this poses distinct challenges
for global organisations, they can no longer
afford to wait.
Shying away from the cloud as a means of
avoiding risk is perilous, as organisations
would be ceding the advantage to
competitors. Those that do fall behind
their rivals in the race to the cloud may
find themselves struggling with agility,
operational efficiency and productivity – all
critical business concerns that benefit from a
successful move to the cloud.
To reap the substantial rewards of cloud
computing, CISOs should focus on a way to
simplify their approach, using a coherent set
of services for network and security activities
on a global basis.
Coming to terms with a new era
of compliance
Research from Bitdefender found that 57%
of organisations have experienced a data
breach during the last few years – where
36% of infosec professionals stated that
their organisations could likely be facing a
breach (now) without knowing about it.
such as those stipulated in the relevant cyber
and data protection regulations etc. that
apply by region, which carry costly penalties.
It’s essential that organisations know
what to protect and where to bolster their
defences – which is not an easy task in the
era of shadow IT. One recent study found
that 78% of business decision makers admit
that employees are using cloud services
without the knowledge of IT.
The proliferation of shadow IT makes it
impossible for organisations to understand
what to protect – and the results can range
from an increase in regulatory penalties,
wasted resources and significant downtime.
Therefore, to meet the challenges,
organisations must find a way to objectively
assess strengths and vulnerabilities. Then,
they can build a baseline to compare their
security posture against similar organisations.
Battling a new black market
The number of cyberattacks grows
significantly per year and the speed of
attacks continues to increase exponentially.
As a result, organisations are locked in an
arms race with cybercriminals, who are
increasingly sophisticated and operate in a
global marketplace, trading stolen passwords
and malware as new commodities.
Whether hackers operate independently or
as part of a state-sponsored collective, they
now operate more like legitimate businesses,
developing and releasing a wide inventory
of black-market tools that make it easier to
launch attacks, even if the hacker has little
technical expertise. And, it’s not enough for
organisations to simply react to these highly
motivated cybercriminals.
Without investing the time and resources to
stay ahead of their sophisticated techniques,
organisations leave themselves open to a
variety of risks, including brand damage,
loss of revenue and a decline in operational
efficiency. To keep pace with cybercriminals,
organisations need to rely on dynamic
systems that deliver early warnings about
new threats and field their own teams of
security experts.
There is no escaping that cybercrime is big
business and it continues to grow as an
everyday threat as more and more people
and devices connect to the Internet.
The chances of an organisation becoming a
victim of an attack have never been greater.
And in this era of fast paced digital adoption
and transformation, the organisation’s
leadership – and driven by the CISO – must
treat cybersecurity as part of the overall
business strategy, and one that must
continuously evolve and be enhanced as the
organisation’s needs change and threats in
the market shift. •
Security leaders are now required to do
more against a backdrop of geopolitical
uncertainty, data divides between countries,
and a growing number of attacks.
But there’s also a new dimension of
difficulty as organisations must consider a
growing list of compliance requirements,
40 INTELLIGENTCIO www.intelligentcio.com