Digital transformation, or using technology to drastically improve performance and reach of businesses, is a topic on every CIO's lips. Industries of all types and sizes are using digital technologies such as embedded devices, analytics, mobility, social media, cloud and suchlike to radically change customer relationships, value propositions, and processes.
The question is, how do you secure all of this? Marcus Veeraragaloo, chief advisor information security at Eskom, says digital business challenges the basic principles of information risk and security management.
"Risk and security leaders need to understand the risks associated with business unit innovation, and balance the imperative to protect the enterprise with the need to adopt innovative technology approaches."
Veeraragaloo will be presenting on 'Digital Security for Managing Risk and Cyber Threats within Digital Business' at the ITWeb Security Summit 2017, to be held at Vodaworld in Midrand, from 15 to 19 May.
"Digitisation is becoming ubiquitous to businesses, and is exposing businesses to a whole new level of threats and vulnerabilities which in turn creates a whole new level of digital and cyber risks, that need to be mitigated or managed," he says.
He says the increasing adoption of digital business strategies is also challenging conventional approaches to security and risk management. "Risk and security programs must adapt to this new reality or face being side lined by the digital business initiatives, ironically exposing the enterprise to even bigger risk."
According to Veeraragaloo, businesses need to develop a vision for risk and security management, based on establishing trust and resilience for their digital business. "They need to adapt their strategic objectives of risk and the security program to encompass the new realities of digital business."
He adds that they must develop and evolve an adaptive, context-aware enterprise security architecture by implementing and managing a formal, process-based risk and security management program to support the digital business.
Speaking of how digital security differs from traditional security, he says digital security is the evolution of cyber security or the scope of cyber security is expanding into digital security. "As organisations transition to digital businesses, current cyber security will need to address the disappearing network perimeters, the inclusion of cloud services, the deployment of IOT and the convergence of IT and operational technology."
Veeraragaloo says digital business needs are driven by different business models such as digitisation, or implementing digital projects, or digital models, meaning the risk related is different to the conventional risk with the conventional infrastructure implemented.
Within the digital space the network perimeter is disappearing, so protecting the organisation's assets requires an approach that is completely different from the traditional one. "There is an exacerbation of the autonomy that digital business gives to the business, invalidating the traditional, centralised control model on which most security programs are based."
Delegates attending Veeraragaloo's talk will find out about digital security and how it impacts their business, whether they require a new or different approach for digital security, and how to manage or mitigate digital risks.
In addition he will talk about managing 'secure by design' within a digital environment, and whether digital security can manage disruptors.
Share