“Digital transformation” is a phrase that has dominated industry conversations in recent years as enterprises make their way to cloud-based models. Both opportunities and challenges present themselves with the initiation of digital transformation, but the security element is one that should not be overlooked. It is critical that enterprises foster a strong security culture throughout every stage of their digital transformation.
Recently, Scott Reynolds, senior director of enterprise cybersecurity at ISACA, joined John Richards, head of developer relations at Paladin Cloud, for a fireside chat about tackling the challenges and opportunities of digital transformation. The following is an excerpt from their conversation:
What has digital transformation looked like for you?
“I think it really kind of looks different with every organization, depending on how rapidly you adopt new technology, how long you let things stay in an unsupported or legacy state. But I really think that most of the transformations that I’ve seen are driven by new and better technology because the world is constantly evolving,” Reynolds said. “Cars are no longer fully assembled by humans, right? So, we’ve introduced automation, robotics, electrical testing for QA and validation. And it’s really helped reduce the amount of time and effort it takes to build a car. Same for technology—what was good 10 years ago may not be the optimal state for today, especially for remaining as nimble and agile as you can be as an organization.
“Some organizations do it for cost optimizations. Cloud technologies are a perfect case of that. We used to use a lot of data center-centric hardware where not only did you manage the servers but also the network. Now, because of cloud technologies, it’s really abstracted some of that and made the entry and the barrier a little bit smaller for new organizations to take their great idea and turn it into a business.”
What challenges arise and what is made easier from the security perspective of digital transformation?
When it comes to security and digital transformation, one of the first things that comes to mind for Reynolds is the tech surface. “As you evolve and transition from legacy to new, both stay parallel running, right? Being able to manage the old but also integrate the new, but with new also comes more complexity, more security rules,” he says. “A good example is cloud security. While it’s great for onboarding and just getting stuff up and running, they do have this concept of shared security where they manage infrastructure, they manage the storage, but really, the IAM, the access management, the network configuration, and ingress and egress traffic from the network are still your responsibility. And as you evolve to that and add more and more cloud providers, more integrations, it becomes much more complex.”
“There’s also more data transference, so there are a lot of data privacy and compliance requirements there, especially as the world evolves with GDPR, which everyone hopefully by now knows. It is regulation that puts a lot more power and control of individuals’ data in the hands of the consumer and the individual. And the US is following suit with other acts, such as the California Consumer Privacy Act.”
“Also, along with that is just threat detection. As you evolve the ability to really understand how your events are being collected, the new system may not be compatible with the old,” says Reynolds. “So, it’s really just kind of focusing on the lift and shift, and hopefully not changing the engine on the airplane at 50,000 feet. Really just being able to adapt the times and understand what you’re trying to protect.”
For more on this topic—including identifying the visibility of attack surfaces, understanding the efficacy of organizational efforts, and improving an enterprise’s culture of security—listen to the full conversation here.