Is Security the Achilles Heel of Digital Transformation?
- 6% – Fall in the share price in one day
- $100 mn to $150 mn – Anticipated costs to be incurred. Going by the recent news on Equifax, it should be lot higher
- Impact on brand value, reputation, and team morale
- Lost business – customers and partners
This is the price to pay for the most significant data breach ever – more than 100 million customer details have been stolen! Unfortunately, this time it is a Fortune 500 company, one of the top 10 banks in the USA, and a cloud-first company for several years – Capital One.
“…We have invested heavily in cybersecurity and will continue to do so. We will incorporate the learnings from this incident to further strengthen our cyber defenses.” says Capital One.
We often hear a similar narrative from all kinds of organizations all the time. Significant investments are going into security-related technologies and processes. However, they have not been immune to these crippling cyber-attacks. Why is it so? As per an insightful Ponemon Institute report, the most common reasons are:
- Attackers are persistent, sophisticated, well trained, and financed
- Lack of adequate security staff with the necessary skills
- Human error
- Networks are not scanned frequently for vulnerabilities
- Lack of visibility into the operations of security programs
- Lack of control over access privileges
- Difficulty keeping security tools updated
- Misconfigured or incorrectly installed tools
Majority of the above reasons are due to human limitations or negligence. Also, just installing expensive and sophisticated technologies will not resolve the problem. You may be using the best of breed services from multiple clouds providers, who claim to be highly secure and compliant. But, the overall onus of keeping applications and customer data safe is with YOU. It needs a strategic approach with seamless coordination of People, Process, and Technology. The key is that it has to be a continuous effort. It is not a project with a start and end date.
At CoreStack, we often have insightful conversations with Enterprises around their concerns on security, compliance, and overall governance. Listed below are a few questions whose answers can immensely help in building a secured digital foundation
- Do you know what your risks are?
- Are you allocating resources appropriately?
- Have you identified the right security metrics, and are you tracking them?
- How well are the business and IT teams partnering to build a robust risk governance framework?
- To what extent are you employing technology to automate – real-time security and compliance posture, notifications, and automatic remediations
As organizations grow, the business operations and the supporting IT systems become very complicated. Monitoring, automating, governing, integrating, maintaining multiple business applications, and their underlying infrastructure is very challenging. Especially when a mix of on-premise infrastructure and multiple clouds are used. In such a complex landscape, it is naïve to manage security manually. Instead, you should leverage technology as much as possible. An autonomous governance solution which continually monitors, detects anomalies, and takes corrective actions will add a lot of value. For example, CAMS, one of the largest Financial services companies, proactively detected and resolved 23 significant issues related to security and compliance using CoreStack’s multi-cloud governance solution. Such technology-driven automation will free you from the constant anxiety of running secured and stable operations, and hence lets you focus on innovation.
Fretting about security as an Achilles heel and not marching forward in the digital revolution is regressive. Instead, acknowledge the weak links and fortify your digital landscape with a right blend of technology and process.
‘There are two types of companies: those that have been hacked, and those who don’t yet know they have been hacked’ – John Chambers, Former Cisco CEO