Se­cure Your Dig­i­tal Busi­ness: Gartner

By 2020, 60 Per­cent of Dig­i­tal Busi­nesses Will Suf­fer Ma­jor Ser­vice Fail­ures Due to the In­abil­ity of IT Se­cu­rity Teams to Man­age Dig­i­tal Risk: Gartner

Voice&Data - - CONTENT -

As or­ga­ni­za­tions tran­si­tion to dig­i­tal busi­ness, a lack of di­rectly owned in­fra­struc­ture and ser­vices out­side of IT’s con­trol will need to be ad­dressed by cy­ber­se­cu­rity, ac­cord­ing to Gartner, Inc. Gartner pre­dicts that by 2020, 60 per­cent of dig­i­tal busi­nesses will suf­fer ma­jor ser­vice fail­ures due to the in­abil­ity of IT se­cu­rity teams to man­age dig­i­tal risk.

“Cy­ber­se­cu­rity is a crit­i­cal part of dig­i­tal busi­ness with its broader ex­ter­nal ecosys­tem and new chal­lenges in an open dig­i­tal world,” said Paul Proc­tor, vice pres­i­dent and dis­tin­guished an­a­lyst at Gartner. “Or­ga­ni­za­tions will learn to live with ac­cept­able lev­els of dig­i­tal risk as busi­ness units in­no­vate to dis­cover what se­cu­rity they need and what they can af­ford. Dig­i­tal ethics, an­a­lyt­ics and a peo­ple-cen­tric fo­cus will be as im­por­tant as tech­ni­cal con­trols.”

Gartner has iden­ti­fied five key ar­eas of fo­cus for suc­cess­fully ad­dress­ing cy­ber­se­cu­rity in dig­i­tal busi­ness:

Lead­er­ship and Gov­er­nance —

Im­prov­ing lead­er­ship and gov­er­nance is ar­guably more im­por­tant than de­vel­op­ing tech­nol­ogy tools and skills when ad­dress­ing cy­ber­se­cu­rity and tech­nol­ogy risk in dig­i­tal busi­ness. De­ci­sion mak­ing, pri­or­i­ti­za­tion, bud­get al­lo­ca­tion, mea­sure­ment, re­port­ing, trans­parency and ac­count­abil­ity are key at­tributes of a suc­cess­ful pro­gram that bal­ances the need to pro­tect with the need to run the busi­ness.

— The Evolv­ing Threat En­vi­ron­ment

IT risk and se­cu­rity lead­ers must move from try­ing to pre­vent ev­ery threat and ac­knowl­edge that per­fect pro­tec­tion is not achiev­able. Gartner pre­dicts that by 2020, 60 per­cent of en­ter­prise in­for­ma­tion se­cu­rity bud­gets will be al­lo­cated for rapid de­tec­tion and re­sponse ap­proaches, up from less than 30 per­cent in 2016. Or­ga­ni­za­tions need to de­tect and re­spond to ma­li­cious be­hav­iors and in­ci­dents, be­cause even the best pre­ven­ta­tive con­trols will not pre­vent all in­ci­dents.

Cy­ber­se­cu­rity at the Speed of Dig­i­tal Busi­ness —

Dig­i­tal busi­ness moves at a faster pace than tra­di­tional busi­ness, and tra­di­tional se­cu­rity ap­proaches de­signed for max­i­mum con­trol will no longer work in the new era of dig­i­tal in­no­va­tion. IT risk and in­for­ma­tion se­cu­rity lead­ers must as­sess and trans­form their pro­grams to be­come dig­i­tal busi­ness en­ablers rather than ob­sta­cles to in­no­va­tion. Or­ga­ni­za­tions that are able to suc­cess­fully es­tab­lish an ecosys­tem that bal­ances pro­tect­ing and grow­ing the busi­ness will re­main com­pet­i­tive and in a po­si­tion to ad­dress cy­ber­se­cu­rity threats.

Cy­ber­se­cu­rity at the New Edge —

It used to be easy to pro­tect data be­cause it resided in the data cen­ter. The new edge has pushed far be­yond the data cen­ter into op­er­a­tional tech­nol­ogy, cloud, mo­bile, soft­ware as a ser­vice and things. For ex­am­ple, by 2018, 25 per­cent of cor­po­rate data traf­fic will flow di­rectly from mo­bile de­vices to the cloud, by­pass­ing en­ter­prise se­cu­rity con­trols. Or­ga­ni­za­tions need to ad­dress cy­ber­se­cu­rity and risks in tech­nolo­gies and as­sets they no longer own or con­trol. Busi­ness unit IT is a fact in most mod­ern en­ter­prises, and it will not be shut down by cy­ber­se­cu­rity and risk con­cerns. It must be em­braced and man­aged to de­liver ap­pro­pri­ate lev­els of pro­tec­tion.

Peo­ple and Process: Cul­tural Change —

With the ac­cel­er­a­tion of dig­i­tal busi­ness and the power tech­nol­ogy gives in­di­vid­u­als, it is now crit­i­cal to ad­dress be­hav­ior change and en­gage­ment — from your em­ploy­ees to your cus­tomers. Cy­ber­se­cu­rity must ac­com­mo­date and ad­dress the needs of peo­ple through process and cul­tural change. Peo­ple­cen­tric se­cu­rity gives each per­son in an or­ga­ni­za­tion in­creas­ing au­ton­omy in how he or she uses in­for­ma­tion and de­vices — and what level of se­cu­rity adopted when he or she uses it. The in­di­vid­ual then has a cer­tain set of rights in us­ing tech­nol­ogy and is linked to the group in the en­tire en­ter­prise. The in­di­vid­ual must also rec­og­nize that if things go wrong, it will have an im­pact on the team, group and busi­ness.

Newspapers in English

Newspapers from India

© PressReader. All rights reserved.