In my previous blog post, I explained how businesses are undergoing a digital transformation, and listed a few critical success factors that CSOs and CISOs must consider.
Adaptability is one of these factors, which means to be able to adapt the existing risk, security and compliance programs and controls at the same rate that new digital solutions can be implemented. It also means to be agile enough to quickly address evolving known and unknown threats across all elements of a program including vulnerability, detection and defense, hunting, response and so on.
Organizations that exhibit the most adaptability in their risk, compliance, and security programs are those that have gone through a security program strategy setting and rationalization process. This initiative helps to clearly identify the key controls and processes within the organization, understand how those key controls and processes enable the organization to transform to a proactive program, and effectively communicate this information to the organization’s stakeholders.
At NTT Security, we are recommending that our clients move away from traditional reactive programs to proactive threat driven programs with automation and orchestration for allowing proactive and rapid response to changing threats. As part of this, organisations must have strong risk awareness and threat intelligence to drive the proactive actions and changes rather than only relying on detecting and reacting.
The challenge however is that budget constraints, skills shortages, and technology short-comings can conspire to push organizations from strategic planning, implementation, and operation into tactical, reactionary fire-fighting at worst, and an inability to accomplish their objectives at least.
But no matter the current maturity of a security program, new demands created as a result of the digital transformation process should be viewed as an opportunity to further refine cyber-defense architecture and increase business resilience. Take the rapid adoption of cloud and other highly dynamic technologies for example. Savvy CSOs and CISOs will ensure the proposed implementation of new solutions includes the financial requirements to initially adopt and continue to operate it securely.
Businesses should consider adopting a ‘bi-modal security strategy’ that clearly delineates the existing security program’s key controls and processes (long-term, fully integrated), from any new proposed extension to them, or entirely new controls and processes (shorter-term, not fully integrated).
By adopting this agile mindset, and keeping in mind the long-term objectives of a digital transformation project, an entire organization can be aligned when identifying the total cost imposed by new solutions. Additionally, its security staff or provider can quickly adopt any identified supplemental controls and processes with the understanding they will be fully integrated into the strategic program over time. This allows for more rapid adoption of new solutions, and the opportunity to make long-term decisions on how to best integrate new controls and processes without jeopardizing a solution’s implementation timeline. CISOs may for instance determine that a new control implemented with the solution can replace an existing control in the wider security program. This approach allows businesses to more effectively layer and integrate solutions across an organization with higher levels of cost-efficiency while reducing total cost of ownership and increasing overall resilience.
At NTT Security, we support clients in achieving their specific digital transformation objectives with the highest levels of efficiency, scalability and cost-efficiency. We communicate our threat intelligence to help them adapt in a cybersecurity landscape that, as revealed in our latest Global Threat Intelligence Center (GTIC) 2017 Q2 Report, continues to evolve. You can download the report here.