Digital transformation is also security transformation. Digital transformation is about harnessing technology to drive success. In particular, it involves moving and sharing data across the extended enterprise and using powerful software to expand visibility into consumers, providers, and third-party vendors.
Data is becoming more portable – and valuable – which is changing the threat landscape and reducing the effectiveness of firewalls, vulnerability scanners, and other point solutions. To mitigate risk, organizations now need to secure entire ecosystems of connected devices and systems while being mindful that there is no such thing as an invulnerable security solution.
Or, as SAP chief security officer Justin Somaini observes: “We really need to make sure that our data is secure, but we should never assume that it is.”
Security transformation means controlling the data lifecycle
Organizations have to be vigilant since cybercriminals are always looking for vulnerabilities in hardware, software, and processes. Data has to be monitored and controlled wherever it resides and under any type of ad hoc sharing scenario.
Security technologies and proactive governance schemes can help protect data as it is shared internally or externally. But creating these sorts of expansive and granular levels of security is challenging, since any solution must be agile enough to adapt to rapid changes in business models and relationships.
Keng Lim, chairman and CEO at NextLabs, says security solutions have to encompass the entire data lifecycle. This means protecting data as it is shared, transformed, uploaded, and downloaded. Security must continue over time and even as multiple individuals access the data for different, authorized purposes. Most important, the data owner must be able to retrieve or restrict the data as needed.
“What you want is to be able to push a button and say that the data is no longer available,” he says. “It just somehow magically expires.”
EDRM makes lifecycle control possible
Creating that sort of fine-grained access control is possible with second-generation electronic digital rights management (EDRM) technology. EDRM protects proprietary corporate information by controlling how data can be viewed, copied, printed, edited, or shared. A solution that integrates at the application layer can automatically apply military-grade encryption and protect structured, master, and transactional data using centrally managed controls and rules and policies.
Establishing access rights to data requires balancing multiple needs, notes Anna Aquilina, global cybersecurity director and operations leader at Ernst & Young. “If we substitute information for data, it becomes easier to think of it as something that has value and different levels of value.”
Decisions should be influenced by the value or sensitivity of the data. For example, could the organization or its partners be compromised by the data, or would theft of a particular type of data create intellectual property issues or other liabilities? A good solution will promote compliance by providing ways to apply rights protections for individual users, events, and workflows while ensuring that data is not classified incorrectly.
“Once you have that prioritization, I think it gets a lot easier to think through levels of protection and how widely to share information,” Aquilina says.
Balancing the need to protect and share data is going to become more challenging as connectedness continues to grow. Businesses must take steps now to further harden their infrastructures and improve their security and digital rights management practices.
Interested to learn more? Listen to the SAPRadio show: “Are You Sharing Naked Data – Oops!” And follow @SAPPartnerBuild on Twitter.