By Earl Perkins
The increase in digital presence in companies will substantially alter how security professionals approach data security. More than ever before, security professionals are now integrated with digital business decisions, and as such, must work with business leaders to ensure the protection and safety of the organization.
Security now means taking a holistic approach to all aspects of security. Digital security is the next evolution in cybersecurity to protect this pervasive digital presence.
Seek balance
As security moves to an embedded state within even the edges of the organization, security professionals will be under increasing pressure to balance risk and resilience. The goal will be to balance the management of risk within an enterprise with the increasing need for responsiveness and open concept requirements.
To balance risk and resiliency, security professionals should look to create methods that allow for fast-tracking ways to address security concerns and demonstrating agility.
Accelerate skills generation and convergence
As security trends shift, the organization should include new skill sets such as data science, physical security automation and ubiquitous identity management, said Mr. Perkins. It will be challenging to find all these people, and external services will become increasingly important. For current employees, organizations must identify current skills gaps and focus on creating “versatilists” who are capable of fulfilling these varied requirements.
Grow a secure digital supply chain
As the amount of software involved in the traditional supply chain grows, digital technologies will create a matching digital supply chain using cloud services, said Mr. Perkins. Security professionals should develop a strategy for public clouds, gauge whether the company’s private cloud strategy can be applied and create a cloud lifecycle governance approach. Finally, he advised companies to implement these strategies over time so that cloud security does not become diffused across too many players.
Embrace adaptive security architecture
Companies already have a myriad of products related to security, prevention, detection and response, said Mr. Perkins. Security leaders must shift their mindset from incident response to continuous response, spend less time on prevention and invest in detection and response. Context-aware networks are able to provide multiple sources of information that security professionals can use to determine if an attack is taking place. Enterprises should architect for comprehensive, continuous security to provide visibility across different layers for future security.
Adapt security infrastructure
Due to the increase in connectivity and devices, different types of networks are connecting that haven’t traditionally been brought together, said Mr. Perkins. As a result, security professionals need to make decisions about equipping the integration points of those networks. Companies should look to creating guidelines for networked trust zones for network segmentation, and evaluate “discovery” techniques so they’ll be aware of what changes are occurring in a physical way.
Additionally, since this is an area that mobile security has been addressing, companies should expand security skill sets to include all types of wireless communications and look to the mobile industry for lessons in simplifying the layers in the deep stack of security.
Establish data security governance and flow
Enterprises need an approach that looks at policy, monitoring and protection and groups the myriad types of products on the market into very discrete segments so security professionals can work effectively in creating security architecture, said Mr. Perkins. Begin treating data classes seriously, and focus on device protection and data flow profiling to determine security strategy for the Internet of Things.
Overall, companies should move toward a mindset that embraces governance and show some formalism in securing their data.
(The author is Research Vice President, Gartner)
