You are here

You are here

Secure your value chain: Emerging trends and best practices

public://pictures/satya.jpeg
Satyavathi Divadari Chief Cyber Security Architect, Micro Focus
 

Digital transformation was gaining momentum before COVID-19 shut down the world last year, but the pandemic put the process into hyper-drive. Businesses and consumers have been pushed over a digital fault line where physical channels are moving to digital channels.

While some organizations have scrambled to adjust to this brave new digital world, those that are agile and growth-centric see new opportunities to jump ahead of competitors in their industries. To put more spring into their operations, these organizations are investing in technologies that will make their business operations more agile and shifting to the cloud for their core operations.

Indeed, to bring new products and experiences to their customers, many businesses have become borderless entities that give customers, employees, suppliers, and other partners access to corporate resources anytime, anywhere. In those environments, access to data is not only important to the members of an organization's value chain, but also to the entity itself, which depends on information to gain key business insights, make faster decisions in response to market changes, and stay in tune with customer needs and requirements.

Providing anywhere, anytime access to resources and data—while beneficial for driving efficiency, speed, and flexibility—magnifies the challenges of the challenges of securing the data itself and access to it. These issues are due to the sheer volume and distribution of information created in an anywhere, anytime environment.

That's why enterprises are placing greater emphasis on technologies that protect data and applications, in addition to updating out-of-date policies and procedures for effectively granting access privileges to corporate data wherever it resides.

Once you're on the road to protecting data and applications, it doesn't take long to realize the need for cyber resiliency to ensure the business can continue operations in the face of disruptive events such as a pandemic. A key component of establishing cyber resiliency is having a comprehensive strategy for data and application protection.

Here are the emerging trends you need to be aware of—and essential best practices—to make cyber resilience happen in your organization.

The value of data

First, crafters of such a strategy need to understand the value of data to the business, the liability and risks associated with data, where data resides inside and outside the organization, and the dynamic and distributed nature of data. They also need to know how to classify data.

A comprehensive plan needs to cover the entire data lifecycle—from storage to when it's moving to its destruction; otherwise, there's a chance of leakage. Having this 360-degree view of data allows for effective decision making to implement the appropriate technologies, policies, and procedures needed for data protection.

Without a 360-degree view of your data, you can end up spending money protecting data that doesn't require protection.

Emerging trends that matter

As if building a framework and implementing a comprehensive plan to support resiliency weren't hard enough, several emerging trends will have a significant impact on how to best manage data, applications, and identities.

Privacy regulations' increased complexities 

Measures such as the European Union's General Data Protection Regulation and the California Consumer Privacy Act impose restrictions and requirements governing the collection, storage, and handling of data. And more regulatory and legislative actions  in the future will further complicate matters for organizations.

Software supply chains and the shift required to ensure secure code is embedded in the software development lifecycle

Increased use of open-source components by enterprise applications has increased supply chain risks. According to a report by Sonatype, cyber attacks aimed at actively infiltrating open source code increased 430% in 2020 compared to 2019.

By shifting their focus upstream, bad actors can infect a single component, which will then be distributed downstream using legitimate software workflows and update mechanisms, the report said.

Accelerated digital transformation with the movement of enterprise applications between multi-cloud and on-prem 

Traditional security policies designed to protect on-premises applications are largely ineffective in the cloud. The scale is bigger, and things happen faster than in traditional IT environments. Moreover, there are more things in more places that need to be monitored and protected, which makes automation essential for cloud security.

The proliferation of connected devices brought about by greater adoption of IoT

As these devices proliferate, so does the attack surface for adversaries. Many of the devices connect to IP networks, where they can be attacked from anywhere in the world; can't be updated or patched when flaws are discovered; are gaining in capability so they can be used in more sophisticated attacks; and are "headless," so they can be protected only with proximity controls or strong access policies.

Digital identities and ensuring appropriate governance no matter whether human or a technical element

Controls need to govern access to resources by people on the network as well as other entities. Use of zero-trust schemes to govern access has gone from a nice-to-have to a business priority, especially as the remote workforce has ballooned during the pandemic. According to Microsoft, 51% of business leaders say they're speeding up deployment of zero-trust capabilities, while 94% of companies report they are in the process of implementing new zero-trust systems to some extent.

Protect your organization's value chain

As the wave of digital transformation breaks over business, protecting data and applications is essential to preserve the integrity of your organization's value chain. That protection must foil attacks aimed at compromising data and applications while providing a 360-degree view of data.

You'll use that view to formulate a comprehensive strategy that will form the bedrock for establishing cyber resiliency throughout your organization.

Join Satyavathi Divadari on February 25, 2021 for a webinar discussion with IDC's Curtis Price about how organizations can secure their value chain and build trust in enabling technologies such as cloud, AI, and blockchain. The recorded presentation will also be available for replay afterwards.

Keep learning

Read more articles about: SecurityData Security