The digital transformation of business opens up a whole new batch of cyberthreats. It's crucial for IT executives to evolve their approach to security for businesses to fully embrace digital transformation.
Digital transformation makes for a complex and risky network, with multiple office locations, telecommuting team members, and vulnerable BYOD and IoT devices being used within the network to access company data and assets. This reality allows the use of mobile devices such as smartphones, tablets and laptops for business purposes, from anywhere – in the office, at home, in transit to remote cities or countries, and more, while maintaining access to corporate data, communications and programs.
This increasing transformation gives employees flexibility and choice, which can increase productivity, enterprise revenues and job satisfaction. Moreover, it allows companies to expand to more cities and countries, growing their direct markets. To embrace the benefits of digital transformation while keeping the network safe and secure, CIOs and CISOs must have their own IT digital transformation plan that includes consistently scaling up their ability to mitigate and control cybersecurity risks.
Cyberthreats associated with digital transformation
One of the most significant challenges in digital transformation is securing the entire network. Remote and dispersed employees can put the corporate network at risk, as teams may be joining the network from public, unsecure Wi-Fi, and it's often more difficult to monitor a device off-premises.
Another crucial challenge is securing internet of things (IoT) devices in the corporate setting, including smart TVs, refrigerators, printers, VoIP programs, cameras and thermostats. Any physical machine or device that has connectivity and software will ultimately have security implications, so you need a solution with the flexibility to safely onboard allowable devices of all types.
According to IDC projections, there will be over 80 billion IoT devices within the next seven years. Unfortunately, the networks and software running these connected devices are extremely vulnerable to attacks, as manufacturers of these devices focus their resources on reducing the cost of the BOM (bill of materials) rather than ensuring security. When these devices gain access to the network, they have a foot in the door of the organization's mainframe. IoT devices have been at the forefront of major network security breaches, including the 2016 Dyn cyberattack, the 2015 Jeep hack and the St. Jude cardiac device hacks that started in 2014.
How to safely embrace growth and flexible policies
1. Gain full visibility to all users, devices, network layers and locations.
Think of it this way: How can an organization protect its assets and networks if it has limited knowledge of who or what is currently on the network or accessing resources and assets? A monitoring solution allows organizations to gain visibility into their network endpoints, giving IT departments the contextual knowledge they need to see if their data and networks are secure.
2. Segment and create a zero-trust zone.
Identifying IoT devices on the network is often challenging, as they're typically detected alongside other connected devices, including laptops, mobile devices and printers. Further, they may go completely uncategorized. Smart devices like kitchen appliances, connected security cameras and HVAC systems are often overlooked, and therefore not assigned specific rule-based policies.
When it comes to IoT, BYOD and questionable internet connections, the best solution is to create a zero-trust zone. The zero-trust zone is the basic assumption that all connected devices begin with zero trust at the onset, followed by segmentation. First, IT executives should conduct a thorough inventory of devices – concluding which devices are in use, by which employees and for what uses, and whether these are managed (enterprise-controlled) or unmanaged devices.
Next, determine device behavior. Evaluating the nature of a device's connectivity (how it transmits data, the level of connectivity it needs to operate, etc.) gives IT a better understanding of the functionality of devices on the network, making segmentation easier.
For network segmentation to successfully help with security, it's important not to group all connected devices into the same category. Instead, break them down into more granular categories based on function. Segmenting on this level makes it easier to develop and implement security policies.
3. Establish control and compliance policies.
If a vulnerable device is attempting to connect in a regional office, it puts the entire global network at risk. Streamlining security measures is a crucial challenge associated with securing multiple offices across the globe as well as multiple types of devices. Implement policies on a companywide scale to ensure all offices are following the same protocols, such as in onboarding, granting levels of access and patching.
As networks evolve, CIOs and CISOs need to implement strategies that meet the ever-changing needs of the company and allow for flexibility, scalability, and agility of the mobile and digitally transforming enterprise. IT executives should view and secure the company as one network, implementing tactics and solutions that offer the scalability today's mobile enterprise requires.