Five best practices for managing your network security in the age of digital transformation
Published: Oct 24, 2018
Author: Alexander Schlager
I don't need to tell you the value of digital transformation. It's impacting every industry - and it's now essential to staying competitive. But as you digitally transform your enterprise, new complexities and challenges will continually emerge. And that makes network security more important than ever.
In this new landscape, the organizations that are most prepared will survive. But it's about more than just survival - you need true resilience to thrive and get ahead of the competition. The arena you're operating in is transforming, so your approach needs to adapt. Here are five things you should consider for your security strategy as you embrace digital transformation, so you can navigate the minefield of evolving risks.
Integrate for enterprise-wide visibility.
Security is no longer just a problem for your IT team, it's a business issue. As your organization digitally transforms, the entire enterprise is vulnerable to cyber threats and every employee should be able to spot and respond quickly to signs of an attack. As a result, it's crucial to have visibility across every department.
Creating a single view of your network and infrastructure means integrating, normally through a risk management tool, the technologies and applications you need from different vendors, while maintaining control and visibility in one place.
That means data from across many systems can be brought together, analyzed and connected, thereby delivering key metrics and bringing to your attention threats that might need action. The right tool will not only provide you this view of your security posture at the current point in time but allow you to see how this changes from day to day. Do you have more risk today than yesterday? What's changed?
Adopt a continuous risk monitoring strategy.
Digital transformation is a continuous process happening across your business - all to stay ahead of the competition. From virtualizing your networks and plugging in new platforms and systems to building and launching new customer apps and automating processes. IoT devices are also pushing your network further, with many of these sensors or smart devices speaking directly to your internal systems.
The greater the number of disparate technologies, systems, and processes in place, the more chances of expanding your enterprise's threat surface area. Cybercrime has become a multi-billion-dollar industry, and attackers are becoming more sophisticated all the time.
It's time to start defending against and mitigating continuous threats, rather than looking at building walls, and tackling single, isolated events. If your organization is serious about pursuing a goal around digital transformation or speed to market, then you will need to deploy a tool that continuously monitors network activity while being able to pinpoint unusual behavior.
Risk monitoring systems integrate multiple sources of data (logs, security information and event management (SIEM) and analytics platforms) to capture and display abnormal behavior of users, devices and systems. More importantly, given that undetected threats can impact speed to market, they can automate the process of translating information security vulnerabilities into business risk for your stakeholders.
Align network, collaboration and security teams.
When your employees are working remotely or using their own devices (BYOD), they will be accessing sensitive information from your on--premises or third party collaboration or customer experience tools.
Because of this push towards a more mobile and productive workforce, companies are becoming more comfortable putting network functions in the cloud, with many services owned by departments outside of IT. And as that continues, they are working on accomplishing IT-business strategic alignment around what stays on-premises and what can be moved to the cloud.
In many organizations IT managers don't always know which Unified Communication (UC) applications are on the network, while new platforms are being funded and launched from across the organization where end users may not be aware which tools they should be using and security teams don't know which ones should not be there.
In this new era of digital transformation, security is possibly the most important area for IT to be aligned with business needs. The first step toward a more secure environment is to ensure you are operating with a single vision of your systems, users and information – and reach outside of your siloes to develop one if necessary.
Think beyond your perimeter to global environment.
You're managing an increasingly sprawling and complex architecture of networks, clouds and vendors. And often you have to work with multiple vendors to get the network solutions you need. Protecting your security perimeter is getting harder, as the threats get more sophisticated and the perimeter harder to identify.
But this can drive up security costs, make it harder to deploy security updates and obscure your visibility of threats. Looking beyond the perimeter – how do you ensure that third party providers, employees bringing their own devices or partners with integrated process have made sure their networks aren't vulnerable.
Many security operations centers are also ingesting global threat intelligence gathered from open source intelligence and feeds from SIEM in the hope of gaining a more comprehensive understanding of current and potential external and internal threats.
Develop methodology for responding to security risks.
Preventive technologies not only miss too many targeted attacks, they don't have the ability to identify and remediate ongoing exploits. For most enterprises it's no longer about "if," but "when" an attack happens. It's not enough to follow best practices and industry regulations. Once you have identified all possible threats and vulnerabilities, the impact if a certain type of attack occurs and how you will prioritize mitigation strategies during an incident.
This means you need to shift from an IT-led view of security and create a transparent incident response plan that everyone can follow. And this does not just mean a response plan for your team – it can involve every part of the organization including things like public relations and business continuity plans across the company.
You will need to be on top of getting your employees on board with your cybersecurity strategy, you also need engagement and support from the rest of the C-Suite.
As your network becomes more complex and you have more attack surfaces to manage, it's harder to get meaningful and actionable insights around the return on investment for different policies or systems you have put into play. That's why an enterprise risk-based approach is important for prioritising your investments.
Of course, security is just one aspect of digital transformation. These risks also need to be balanced with what you're trying to deliver. You need to think about how to balance network operations management, critical application management, cloud services and other crucial priorities.
Explore your digital transformation priorities.
Align your business requirements with a set of digital transformation priorities. From network and security to cloud and management, our assessment tool will help you understand what you should prioritize to accelerate your digital transformation.
Risk reporting can help you know your security score.
Get a clear view of your security posture for everyone from the board to security operations, so you can deliver your security strategy with their confidence.
Alexander Schlager leads Verizon's Security Services product organization and is credited with changing the way Verizon is approaching the design and implementation of security solutions with actionable intelligence that allows organization to act with confidence.