The phrase “digital transformation” has served as a catch-all in the IT industry for the shift in how companies use technology to operate in the mobile-cloud world. Until now, digital transformation has typically come up in conversations about the Chief Information Officer (CIO) role. The nature of digital business calls for security not just to enable internal operations, but technology products as well. As a result, the Chief Information Security Officer (CISO) has shifted to a front-office position responsible for enabling the organization’s digital transformation.
Gartner predicts that by 2020, 60 percent of digital businesses will suffer major service disruptions due to the inability of IT security teams to manage digital risk. Digital businesses are not a small subset; more and more companies in traditional industries are creating either software-based or software-powered products. The difference between the hacked 60 percent and the other 40 percent may be millions of dollars or more. That’s not to mention the cost savings and increased revenue that security can drive by letting the business move forward faster and more efficiently with technology initiatives. It’s clear why IT security has become such a strategic department in the move to take advantage of new technologies.
— Dr. J (@dralissajay) March 7, 2017
The first step in moving to the cloud for most companies is to adopt SaaS applications like Office 365. SaaS providers invest significant resources in the security of their platforms, so customers can outsource certain areas of security under the shared responsibility model. Still, SaaS customers should not assume all security concerns are taken care of by the cloud vendor. Customers ultimately retain responsibility for their data, whether it is protection from insider threats, compromised accounts, or blind government subpoenas.
Microsoft bug bounty: Now it doubles cash to put more focus on Office 365 flaws https://t.co/HqGIgE2ipA
— Leo Niemela (@leoniemela) March 6, 2017
The next step for companies modernizing their IT infrastructure is to move their custom applications to IaaS platforms like Amazon Web Services, Microsoft Azure, and Google Cloud Platform. The average company has 464 custom software applications that power the company’s internal processes and products, as well as facilitate customer-facing functions. Securing these custom applications is the next giant wave in cloud security projects, with IaaS adoption growing twice as quickly as SaaS. IaaS has been associated with startups in the past, but more and more enterprises have plans to move production workloads to the cloud. Security’s role is to enable the move without increasing the risk to data in these applications, whether the applications are intended are for customers, partners, or internal employees.
We have to accept that security itself has no business value. We create value by delivering secure products/services. #connecteditchat
— Steven F. Fox (@securelexicon) March 7, 2017
The cost of a data breach has reached new heights with Verizon marking down Yahoo’s acquisition price by $350 million following a breach of 1 billion user accounts. Insecure products may now pose a threat to companies’ competitiveness. Consumer Reports, the product review magazine, will begin to rate the security of products, evincing demand from consumers to purchase the products that will keep their data safe. One of the sectors where security is sure to clash with the speed of technological innovation is the Internet of Things. IoT products by nature have software elements as well, and providers will need to act like software security companies to keep their customers safe.
— Ben Rothke (@benrothke) March 6, 2017
The Mirai Botnet leveraged internet-connected devices to launch a record DDoS attack using nothing more than a finite list of default passwords. The attack served as a wakeup call for the industry, which clearly had not enforced even basic security controls. Companies that lead the way in security will prove enticing to consumers, and Nest has taken a first step by enabling multi-factor authentication on their devices.
Nest introduces two-factor authentication https://t.co/mXZIhGQBzc
— Ed Bellis (@ebellis) March 7, 2017