Security in the Age of Digital Transformation

Dr. Cherif Sleiman, Senior VP International Business at Infoblox, discusses various security challenges and opportunities arising due to digital transformation, the implication of big data on security and why “security first” should be the motto of companies seeking digital transformation.

One of the privileges of my job is the opportunity to talk to business leaders across Asia about where they see the opportunities and challenges in their fields. And in all these conversations, two issues keep coming up: the digital transformation and cybersecurity.

Many of these leaders talk about these issues as though they are distinct, but after all my years of experience in this industry, I see them as essentially two sides of the same coin. Leaders really cannot consider the digital transformation without considering the broader cybersecurity concerns that come with it. And indeed, companies need to have robust cybersecurity policies in place if they want to take full advantage of the opportunities afforded by this fourth industrial revolution.

I will begin by talking about the challenges and opportunities afforded by the digital transformation, especially as they pertain to security.

Next, I will discuss the implications of big data on security, what this means for companies, and how they can forge a “new social contract” that will address the unique concerns of the data-driven economy.

Finally, I will explain why companies seeking to undergo digital transformation should focus on security first, and provide some advice for how they can integrate security-minded thinking into their digital transformation strategies.

Challenges of the Digital Transformation
The 2020s will be the decade of the digital transformation around the world.

Organizations are building their networks in a different way—taking advantage of concepts like multi-cloud and SD-WAN technologies, and leveraging the power of IoT devices and the software-as-a-service revolution—to provide better customer service, empower their employees, and respond more quickly to market opportunities.

As businesses invest in these new tools to digitize their operations and move to the cloud so they can better compete, the legacy world of data center and interlocked branches policed centrally is fundamentally changing. The network perimeter that we have been used to is permanently dissolving.

Indeed, as devices proliferate, remote access becomes the norm, and companies increasingly store data and run applications from the cloud, the threat matrix that companies face becomes varied and complex.

Enterprises need to understand that the more they take advantage of the benefits of the digital transformation, the more of their critical applications and data will be stored, accessed and run in the public domain—outside of direct corporate control. And at the same time, the expansion of IoT devices, BYOD policies, and remote access is increasing the surface area through which malicious actors can gain access to the network.

Security is no longer something that can be considered as an add-on to running an enterprise network, it needs to be integrated into how enterprises think about their entire digital transformation strategy.

A New Social Contract
Ask anyone what the key to digital transformation is and they’ll likely respond with one word: data. Data is what allows companies to allocate resources efficiently, identify new business opportunities, and provide targeted services to customers.

But data is also a resource in its own right and one that is highly sought after by cyber-criminals. Criminals can steal data outright, as they did in the 2017 Equifax breach, or it can be locked down and held for ransom, like in the WannaCry ransomware virus that spread around Asia and the world in 2017.

So the opportunity for business is there, and so too is the risk. The digital transformation gives companies the chance to grow, and provide goods and services when and where they are needed, all while reducing operating costs and lowering friction between buyers and sellers. But as the value of personal data becomes more widely appreciated, the importance of securing that data becomes more important—both to a company’s reputation and to their bottom line.

We used to look at the “social contract” between businesses and customers as a simple financial transaction: a customer provides money and the company provides goods or services in return. A company’s reputation depended primarily on its ability to deliver on its promise.

Today—thanks in part to the digital transformation—that contract has changed. Reputations still depend on a company’s ability to provide goods and services, but a company’s ability to protect data plays a critical role as well.

In cases like this, the social contract is murkier. Customers may be receiving a service—but they are paying with their data, not dollars, or rupees, or yen. Furthermore, unlike dollars which become the company’s once the transaction is finished, data is fundamentally still tied to the customer and will remain so forever.

Companies who collect and deal in valuable personal data, and that includes pretty much all organizations, thus have a much higher obligation to protect the data that they are gathering—not only to their customers but to their owners and shareholders as well.

Data breaches can have dramatic effects on a company’s market value. A 2019 analysis published by British consumer-advocate website Comparitech found that the share price of companies who suffered a data breach lost an average of 7.27% in the immediate aftermath. The real damage occurs over the long term. While stock prices largely recover within a year, breached companies still lag behind the broader market, by 6.5% after one year, and nearly 13% after two.

The costs of cyber-threats
The decline in corporate value after a cyberattack has many causes. Some of the costs are obvious: the value of the information stolen, the disruption to customers and corporate productivity, and the cost of addressing the attack itself. There are longer-term costs as well. The company may incur fines or liabilities stemming from the attack, they may lose business or customers, or their share price may drop because of the hit to their reputation.

In 2018, Microsoft commissioned a study which found that these long-term, indirect losses can really add up. Microsoft found that cyber-attacks could cost large firms in Asia up to $30 million, a majority of which came from the deeper impacts on the company’s business, ecosystem, and economy.

Cyberattacks can also do damage before they even occur. The Microsoft study found that nearly 60% of their respondents were putting off initiatives to take advantage of the digital transformation because of concerns over cybersecurity.

This is the most tragic cost of cyber-security. Sixty percent of businesses aren’t taking advantage of opportunities afforded by the digital transformation, choking off growth before it even has a chance to begin.

Next Level Networking: A new model for network security
As enterprises build networks for this new digital era, we are finding that they have very different architectures from the traditional hub-and-spoke, data-center-centric model.

As the pace of digital transformation accelerates, the way that businesses operate, procure, and consume technology is changing more quickly than ever before. Organizations need to embrace this change and understand that in this new era, the way that we build secure networks is changing as well. We call this new paradigm “next-level networking.”

Organizations need to think differently about network security in this new era of networking. Companies need to change their mindset: as the digital transformation seeps through industries in all sectors, the way organizations procure and consume technologies is changing as well.

Organizations can’t afford to think of network and security as separate fields, with individual solutions siloed from one another. Concepts like SOAR (Security Orchestration, Automation and Response) demand networking professionals to re-think their architecture from the ground up. Fundamental services like DNS can’t be an afterthought to security, but rather can be brought into the security picture and leveraged for a stronger defence.

This paradigm shift will not be comfortable for many. It is never easy to fundamentally change two decades of expertise and learn something new.

But if businesses are to succeed in this new era and take advantage of the benefits of digital transformation, they will need to embrace innovation quickly and rethink the role that cybersecurity plays across their network. Integrated, robust cybersecurity must be a fundamental consideration when considering business strategy, not only for today but for the future.