When digitally transforming your business, prioritise security
Is it possible to embark on a digital transformation journey and be entirely secure en route? Absolutely, and the benefits far outweigh the risks, says Wayne Borcher, chief operating officer at tdglobal.
Digital transformation is a non-negotiable for today's businesses. Paper-based and manual processes simply slow down the business and take up valuable man-hours that can be more productively spent elsewhere. The transformation journey is a daunting one as it entails exposing data and processes so that they can be digitalised and, where possible, automated.
However, exposing the business's data as it moves across networks and into the cloud has significant implications for cyber security; data theft is on the rise, with Juniper Research predicting that cyber security breaches will result in an estimated 146 billion records being stolen by 2023.
"This implies that there are far more nefarious parties looking to take advantage of weaknesses within systems to steal customer data, commit fraud, steal crypto-currency and carry out a whole host of other activities," says Wayne Borcher, chief operating officer at tdglobal. "However, it also creates massive opportunities for businesses that specialise in cyber security to add value in the market. As much as change brings with it complexity, the benefits of digital transformation will always outweigh the risks if one is cognisant of the dangers and innovates accordingly."
There's a need to ensure the business progresses on its digital transformation journey, while ensuring that it remains secure and compliant. This can be done, according to Borcher, by adhering to best practice methodologies within the business, its architecture and how its data is governed. "If this is done correctly, the risks are significantly reduced, which makes digital transformation far safer and more beneficial to businesses."
He also advises that businesses prioritise leveraging the large cloud vendors along with security and compliance specialists. "To find balance, the business should understand the start of its digital transformation journey well, and then carefully plan the first steps. However, be wary of getting stuck in analysis paralysis as this can be just as detrimental to your business. The business needs to be decisive and ensure that it has the right partners to guide it through the journey, because this is a journey, not a destination."
The balancing act that businesses face when implementing digital transformation is between transforming at a pace while ensuring that cyber security measures can keep up. Borcher outlines seven areas in which businesses need to do their homework before setting off on their digital transformation journey:
1. Know your business;
2. Know your market;
3. Know your target market;
4. Know what is changing;
5. Perfect your strategy;
6. Define the journey; and
7. Consolidate the necessary skills to execute on that strategy.
Compliance with legal requirements around data security must be adhered to at every step in the journey. In addition to any local legislation, this could also include external legislation such as the General Data Protection Regulation (GDPR), which applies to any business that either collects or processes European Union citizen information. "Companies falling into this category have little choice but to comply and should have already started initiatives around data privacy and security," says Borcher.
Then there are the businesses that don't need to comply with GDPR. Says Borcher: "These businesses are acutely aware of the potential consequences of a data breach and the effort that will be required to implement measures when the Protection of Personal Information (POPI) Act eventually becomes law. While many of these businesses will express concerns about the Act and the importance of data privacy and security, most of them have adopted a wait-and-see attitude. The implementation of a data privacy and security initiative is simply seen as an unnecessary expense in a very difficult economic environment."
Borcher goes on to identify six specific areas that businesses need to be aware of in terms of cyber security and suggests some ways in which businesses can counter those risks:
1) Understand your data
Not all data is equal. The starting point for any business must be understanding which data is business-critical or sensitive. Platforms that can assist in the discovery of data, metadata management and data lineage can provide a huge advantage to deliver at speed. Read more at https://tdglob.al/data.
2) Access control
Ensure your systems are secured, that the right people have access to the right data and that they use it correctly. Read more at https://tdglob.al/DAIRE.
All employees need to be educated on the importance of data privacy and security policies adopted by the business. Very importantly, education is required on how to act (preparedness) should they become aware of a breach and/or misuse of data.
4) Mobile devices (BYOD)
When enterprises embrace BYOD (bring your own device), they face risk exposure from those devices on the corporate network in the event an application installs malware or other Trojan software that can access the device's network connection.
5) Unpatched or unpatchable devices
Ineffective device patch management can leave an exploitable device on your network, waiting for attackers to use it to gain access to your data. Institute a patch management program to ensure that devices, and software, are always kept up to date.
6) Third-party service providers
As technology becomes more specialised and complex, businesses are relying increasingly on outsourcers and vendors to support and maintain systems. However, these third parties typically use remote access tools to connect to the company's network, but don't always follow security best practices. Counter this by validating that the third party follows remote access security best practices, such as enforcing multifactor authentication, requiring unique credentials for each user, setting least-privilege permissions and capturing a comprehensive audit trail of all remote access activity.
While there's no silver bullet that will keep all your data and networks safe all of the time, Borcher talks about how businesses can prioritise cyber security, listing the areas in which they should focus their efforts. "Firstly, you need to prioritise system vulnerabilities. You also need to understand your environment, including the systems and data within that environment. Starting with the data, prioritise initiatives based on data sensitivity. Finally, engage and educate your workforce on the importance of data security and privacy."
The bottom line is that businesses need to plan ahead and realise that digital transformation is a journey and not a destination, and take the necessary measures en route to ensure that their data is protected throughout.