As organisations move away from point solution tool kits and towards a strategic mindset, the need to understand what your organisation’s future infrastructure might look like is more paramount than ever. Fundamental, rounded, and automated from the get-go rather than patched together over time. Digital transformation projects to to include a plan for cyber security.
Technology is rapidly increasing in scale and your infrastructure needs to be able to adapt accordingly; organisations worldwide are continually undertaking infrastructure transformation; consistently in the Cloud, Security & Digitalisation space.
According to a recent study by Fortinet, security is by far the biggest challenge to digital transformation projects, with 92% of CISOs’ saying digital transformation has a large impact on business, 85% of which say it is a big hurdle.
We’ve broken the steps to successful digital transformation down into 5 key areas of consideration:
Discovery – It’s Not Only an IT Issue!
The first step is to acknowledge change; IT and Security cannot take all responsibility.
For example, you may have recently embarked on a Data Classification project where the stake holders in the business became data owners. They communicated their concerns, aligned their needs and rolled out a practical solution to the challenge.
The Digitalisation task is the same on a much wider scale. Without these data owners once again collaborating with their security team the results will be users not having access to the correct applications, inappropriate security controls reducing productivity and unsanctioned applications being used, increasing risk. For instance, Frank in Finance can’t send payslips out because he doesn’t have access to sage. Compliance requirements aren’t met, security challenges arise, and the needs of the organisation are not achieved.
Policies
The next stage should be formulating these business drivers into written policies. Remember when you brought in that Data Protection Officer (DPO) in to help with GDPR? Like most DPOs would, traditionally a great place to start is a framework of rules and regulations: as a result of something happening, here is an actionable procedure to remediate.
Software Support
Taking this a step further and enforcing the rules and policies we have now made with software support, automating certain processes; this will ultimately limit human error and therefore reduce potential threats. As Dave Barnett (Head of CASB at Forcepoint) said, “Think about cloud security and the policies that CASB can do as guard rails on the side of a bowling alley, what you want is that bowling ball to go down the middle and to hit those pins and everyone’s happy, what you don’t want is the ball to go spinning off the side.”
Pre-defined policies (guard rails) for cloud applications that work will prevent your users straying into areas that may cause the organisation risk.
Adaptive Architecture
This is a journey, we’re not simply implementing a solution or product. The organisation needs to continually change and drive a risk adaptive architecture, where security controls can be dialled up or down depending on the level of risk posed to the organisation. Variable risk: regulations & business drivers change, mergers & acquisitions bring new challenges, suppliers & contractors arrive, old ones leave.
Trust but Verify
At this point the question you should now ask, who manages the security manager? With a mixture of service providers, vendor solutions and disparate networks in your environment, you need a single pane of glass to oversee all operations, manage these solutions, provide you with visibility of where controls have changed and potential gaps have opened. That way you can continually test the strength of your security posture.
If you’re interested to find out more about how to secure your digital transformation projects, or would like to book time with a consultant please contact us.
Fortinet Next Generation Perimeter Security – First EMEA Partner of Excellence Fortinet Security Fabric Experts & Recognised Fortinet Global MSSP
Forcepoint Risk Adaptive Protection & Insider Threat – Expert Partner
