Why Your Digital Strategy Is Most Likely Not Keeping Your Business Secure Enough

Paul Kurchina

Technology is driving deep interconnections between all business process – from customer experience to supply chain management – to drive a stronger influence and leadership in technology as it relates to the business. We see this in action every day, as companies such as Amazon, Netflix, and Uber go from startup to mainstream darling in a stunningly short amount of time by using technology to change the way products and services are delivered – as well as the products themselves.

But according to Justin Somaini, chief security officer of SAP and presenter of the upcoming Americas’ SAP Users’ Group (ASUG) Webcast “Building Trust, Not Walls,” the same technology that’s enabling more secure things is dampening the security of its data and infrastructure. “Businesses need to take a look at how their digital strategy is impacting how they deliver products and, more importantly, how those products are secured,” he advises. “And the more technology changes, so does the whole concept of security.”

Go beyond building a wall to establish true digital resiliency, trust, and security

The advancement of security – from the perspective of governance, prevention, corrective action, and detectives controls – is turning into a digital mechanism of high automation and business enablement in how services and products are provided. Now CIOs have to be just as concerned about the security of how decision makers and customers access and view data and experience transactions as they are about the actual data and technology enabling those interactions.

This level of attention to security is not just about compliance; it’s also about confronting a growing landscape of organized crime, terrorist activities, politically charged hacktivism, and international cyber espionage. The increasing interconnectivity of companies and their assets across the globe is opening the door to unprecedented exposure, turning IT systems into highly attractive targets.

As the tactics of malicious individuals continue to mature, the more vulnerable businesses of all sizes and industries are to the loss of revenue, competitiveness, opportunity, reputation, and, ultimately, trust. To survive an increasingly digital world of never-ending risk, businesses need to continuously assess the three cornerstones of digital security:

  1. Product resiliency: Businesses need to develop applications (or products) that can identify and defend against direct, sophisticated attacks. Security safeguards should be incorporated into applications to ensure that content and transactions are protected.
  1. Operational trust: The virtual and physical environments in which the applications reside must defend against direct attacks. End-to-end secure cloud operations help defend customer data and business processes.
  1. Corporate security: Security-aware staff, end-to-end physical security of digital assets, and a comprehensive business continuity framework are all components of a successful digitalization program. 

Bringing these different aspects of security together requires an efficient information security management system and a security governance model to foster business-driven risk decisions and full alignment on security. This holistic combination helps ensure that appropriate security for all digital assets and products, as well as physical locations, is supported through a widely communicated security policy and standards to comply with applicable laws and regulations.

“The threat landscape as a whole, at a microscopic level, has changed quite significantly. The products that are vulnerable vary, and new attacks surface all the time. But from a long-range view, the threat landscape hasn’t changed that much over the last nine years,” Somaini reflects. “Malicious individuals are still using the same methodologies, relying on the same destinations, and exploiting and profiting from data the same way. As a result, businesses always need to harden their IT environment to identify, control, and prevent attacks while automating the auditing of user authorizations.”

For more cybersecurity insights and a top 10 list of best practices from Justin Somaini, chief security officer of SAP, join us on Tuesday, October 24 for the Americas’ SAP Users’ Group (ASUG) Webcast “Building Trust, Not Walls.”

Paul Kurchina

About Paul Kurchina

Paul Kurchina is a community builder and evangelist with the Americas’ SAP Users Group (ASUG), responsible for developing a change management program for ASUG members.