Protecting your Digital Enterprise
IBM called it the smarter planet many years ago – what you are seeing today where everything is getting instrumented, interconnected and intelligent. As the world becomes more digitized and interconnected, the threats and attack surface are also getting bigger. For today’s digital enterprise, it is critical to relook at their strategy on how they can stay ahead of threats, protect their valuable data and resources and meet the audit or regulatory compliance requirements.
The changing threat landscape
The threats today’s digital enterprises face are not simple attacks to disrupt a service or steal some data. The modern day attacks are advanced persistent threat (APTs) that are often orchestrated by a group or team targeting a specific entity. APTs are not limited to attack on private organization but we see that happening to large businesses, against governments with high degree of covertness over a long period of time. The "persistent nature of these attacks means that they don’t go away until the final objective or outcome is achieved
These attacks are often done for extracting data from a specific target, intelligence gathering or could be criminal reasons such as economic gain, damaging customer trust, brand reputation, personal reasons such as revenge or frustration, or even political reasons such as even influencing the outcome of an election. For instance, the Russian government’s interference with the United States election – may not be a mere hacking of few email accounts but seems to involve multi-layered attack that included disinformation and dissemination of fake news often promoted on social media.
One of the goals for demonetization is to accelerate our nation’s move to be a digital economy. This implies a lot of opportunity for businesses and start ups to leverage the unified payment interfaces make online payments and digital wallets popular with citizens. At the same time this is equally an incredible opportunity for cyber criminals with an attack surface. People are always the weakest link in the security architecture and it is always that the people gets tricked by a hacker to get access into the platform.
India government puts the plan for digital economy nicely in a single word – JAM that stands for Jandhan, Aadhar and Mobile.
· Jandhan – Our money is now digitized and can be accessed or transacted online with our bank or can carried around in our digital wallets. Earlier we had to only secure our physical lockers and banks but now we have to secure the wallets stored in a million mobiles or websites.
· Aadhar (Identity)- Identity is the core part in a digital economy and also the foremost of all threats. For most of us, giving out personal information or sharing them on WhatsApp or Facebook is an an everyday occurrence. But we don’t really care about what happens to that information once it leaves our hands. Watch out for identity theft and how hackers use it to establish unauthorized credit and charge items in your name.
· Mobile – Mobile is just the frontend for the technology. That provides the user with an experience but it is supported by several technologies in the backend like cloud (for the infrastructure and middleware) and analytics services ( that provides personalized content)
Protecting the digital enterprise
Security is a shared responsibility of users of digital platforms and not a sole responsibility of the creators and protectors of the platform.
Identity becomes the new perimeter in a digital economy and holds the key to not only delivering an optimal end user experience in support of your digital transformation, but also becomes our first security control.
Mobile – Protecting and managing a diverse set of mobile devices and preventing unauthorized mobile access while extending security beyond corporate walls to enable trusted transactions is a key requirement for the digital economy. Ensuring secure file and document sharing across mobile device s as well as protecting mobile applications from data leakage is a required capability.
Cloud – The cloud is also vulnerable to new and evolving security threats. We need to make sure that we securely connect people, applications and devices to the cloud. Ensuring the data and application are protected from attacks aimed at stealing sensitive information as well having complete visibility to the cloud resources and usage is important.
Good guys should unite to keep the bad guys away
The bad guys out there are getting organized, growing smarter and becoming more sophisticated sharing their assets and tools and breaking the defences of the good guys. The solution for this is that the good guys should come together and share threat intelligence in order to raise awareness and sound the alarm about new attacks and data breaches as they happen. This way we can not only avoid major security incidents from recurring. Timely information and intelligence makes a big difference in organization’s readiness to fight against these threats or manage the security incidents
Responding to Security events
Preparing for and responding to cyber attacks has proven to be a major challenge for organizations. To respond and mitigate cyber incidents more quickly you need a platform that automates and orchestrates many of the processes that helps to minimize the exposure.
Staying ahead of the threats
Above all to stay ahead of the threats, you will need a threat intelligence platform that helps not only maintain a strong security posture but also identify trends across a multitude of security events and helps organizations quickly address potential offenses and eliminate false-positive results.
May be cognitive security like Cyber Watson (Watson for Cyber Security) is the answer – where a new generation of systems understand, reason and learn about constantly evolving security threats - just like security professionals do every day – but with unprecedented speed and scale.
I’ll be talking about this topic at the annual Opengroup conference on Feb 9 at Bangalore. Join me there for the session and lets discuss further on this very important topic.