Avoiding the Security Pitfalls of Digital Transformation

Posted on Tuesday, September 19, 2017
Get in touch
By Michael Rothschild
Global Channel Marketing Director, Thales

More News

It surrounds us. From the moment we wake up until we go to sleep, we are influenced by and interact with the technology around us. Even the mundane actions such as hailing a cab (rapidly being replaced by Uber), buying groceries (Amazon to the rescue), or scheduling a doctor's appointment (hello Teladoc) now have technology built in. The digital transformation has transformed our lives in unimaginable ways.

Transform or Go Under

Transformation affects not only our personal lives but also how businesses operate. With the digital tsunami of change, businesses have learned to adapt and adopt or be left in the dust by the competition. They have transformed by redefining processes and leveraging a wide variety of technology. With this change, new vistas of opportunity are within reach, but it has also opened a new area of exposure: the data breach.

Hacking – Highly Lucrative and Hard to Stop

Enterprises and other organizations are plugged in and interconnected like never before. While widespread connectivity provides access from anywhere, it also offers cyber-criminals more avenues for exploiting vulnerabilities. But hacking is not new, nor is IT security. When the threat of cyber-hacking first started, early security companies built products to keep the bad people out; thus, the concept of perimeter security (e.g. firewalls, VPN etc) was born. With the growth and adoption of new technologies such as virtualisation, cloud, and mobility, the notion of perimeter-based security is increasingly outdated. Moreover, the richness of data that can be extracted and sold on the black market has made hacking a highly lucrative venture. The rush by organisations to deploy new technology has in fact opened huge vulnerabilities – which has in turn put some companies out of business.

Protecting Your Most Valuable Asset

The good guys and bad guys leapfrog each other with their advanced security solutions and super sophisticated hacking techniques. A boon for the hacking industry, this virtual arms race has also created a multi-billion-dollar security industry. This led enterprises to question how they can put an end to the cat and mouse security game, and more importantly, if it's possible to stay protected.
Hacking is increasingly sophisticated; there is virtually nothing that can keep a cyber-criminal out if they are motivated enough. Ultimately, it's not a matter of "if" an organization is going to get hacked, but "when". In lieu of this unfortunate reality, enterprises should first identify their most valuable assets and then come up with a cyber-security game plan.
With the advent of big data and the Internet of Things (IoT), it's safe to say the true value of an organisation is defined by its data. Data may include new schematics, a new game-changing product, or a treasure trove of customer data. Fortunately, protecting data doesn't have to be an impossible feat. Here are a few ways to keep your data safe:

  1. Encrypt your data. It's what the criminals are after. By encrypting data, even if it falls into the wrong hands through a breach, it is completely unusable except to the individuals that should have access to it. Moreover, encryption can be completely transparent to the end user, so while data is being secured, there is no impact to user experience.
  2. Control access. More than ever before a larger, more heterogeneous community is accessing your network. They may include not just different levels of employees, but also subcontractors, suppliers, and much more. Some of the biggest areas of threat of data exfiltration are insiders with access to privileged information. By creating different levels of access and controlling what individuals can see through data masking, tokenisation and application encryption, only authorised users gain access to privileged information.
  3. Manage Your Keys. Key management is an important aspect of data security. Running just a few applications can generate an unmanageable number of keys. Moreover, having to lifecycle keys through key rotation can be a complete management nightmare. Some products on the market have key management built in, but it often stores the application-specific keys with the data that is being protected. This can not only create a security nightmare, but it is contraindicated by many compliance regulations which require the key to be stored separate from the data. Managing all your keys from all of your applications in a secure repository can reduce management nightmares and also ensure a level of security of your encrypted data which you never had before.

The digital transformation is upon us, and with it comes new security threats and compliance regulations such as GDPR, eIDAS and much more. Do you know where your sensitive data resides? How secure is it? Start your journey to get ready for GDPR and the new regulations.

Find out more

Interested in talking to us about your specific needs? Contact your Softcat Account Manager or get in touch using the button below.

Get in touch
Comments

We would love to hear any comments you have about this article!