Securing the digital organisation
Digital transformation is a fast-growing reality for organisations of every type and size. In addition, the process of digital transformation is affecting all areas of the business, and with that, creating new security issues, as systems that were once disparate, are now connecting in ways that were previously undreamed of.
"Digital transformation is the profound and accelerating transformation of business activities, processes, competencies and models to fully leverage the changes and opportunities of digital technologies and their impact across society in a strategic and prioritised way."
Marcus Veeraragaloo, chief advisor - Information Security at Eskom, poses the question: how do you secure all of this? He will be presenting on 'digital security for managing risk and cyber threats within digital business', at the ITWeb Security Summit 2017, to be held from 15 to 19 May, at Vodacom World in Midrand.
According to him, digital business challenges the basic principles of information risk and security management. "Risk and security leaders need to understand the risks associated with business unit innovation, and balance the imperative to protect the enterprises with the need to adopt innovative technology approaches."
Digitalisation or digitisation is becoming ubiquitous to businesses, and is exposing the business to a whole new level of threats and vulnerabilities that create a new level of digital and cyber risks that need to be mitigated and managed.
This is why the growing adoption of digital business strategies is challenging conventional approaches to security and risk management, he explains. "Risk and security programmes must adapt to this new reality or face being side-lined by the digital business initiatives, ironically exposing the enterprise to even bigger risk."
He says organisations are compelled to develop a vision for risk and security management, based on establishing trust and resilience for their digital business. "They need to adapt their strategic objectives of risk and the security program to encompass the new realities of digital business."
"They need to develop and evolve an adaptive, context-aware enterprise security architecture. By Implementing and managing a formal, process-based risk and security management programme to support the digital business."
Speaking of how digital security differs from traditional security, Veeraragaloo says digital security is the evolution of cyber security or the scope of cyber security is expanding into digital security. "As organisations transition into digital businesses, current cyber security will need to address the disappearing network perimeters, the inclusion of cloud services, the deployment of IOT and the convergence of IT and operational technology."
Moreover, he says the digital businesses' needs are driven by different business models such as digitisation (implementing digital projects) or digitalisation (implementing digital models), and thus the risk related is different to the conventional risk with the conventional infrastructure implemented.
"Within the digital space the network perimeter is disappearing so protecting the organisation's assets requires a totally different approach to the current security approach. There is an exacerbation of the autonomy that digital business gives to the business, invalidating the traditional, centralised control model on which most security programmes are based," he adds.
Delegates attending Veeraragaloo's talk will learn about securing a digital environment, and whether they need a new or different approach for digital security. "They will learn how digital security will impact their businesses, and will gain insight on how to manage or mitigate digital risks and how to manage 'secure by design' within a digital environment."