“Digital transformation” is a phrase that has dominated industry conversations in recent years as enterprises make their way to cloud-based models. Both opportunities and challenges present themselves with the initiation of digital transformation, but the security element is one that should not be overlooked. It is critical that enterprises foster a strong security culture throughout every stage of their digital transformation.
最近, 斯科特·雷诺兹, senior director of enterprise cybersecurity at ISACA, 加入约翰·理查兹, head of developer relations at Paladin Cloud, 对于一个 炉边谈话 about tackling the challenges and opportunities of digital transformation. The following is an excerpt from their conversation:
What has digital transformation looked like for you?
“I think it really kind of looks different with every organization, depending on how rapidly you adopt new technology, how long you let things stay in an unsupported or legacy state. But I really think that most of the transformations that I’ve seen are driven by new and better technology because the world is constantly evolving,雷诺兹说. “Cars are no longer fully assembled by humans, right? So, we’ve introduced automation, robotics, electrical testing for QA and validation. And it’s really helped reduce the amount of time and effort it takes to build a car. Same for technology—what was good 10 years ago may not be the optimal state for today, especially for remaining as nimble and agile as you can be as an organization.
“Some organizations do it for cost optimizations. Cloud technologies are a perfect case of that. We used to use a lot of data center-centric hardware where not only did you manage the servers but also the network. 现在, 因为云技术, it’s really abstracted some of that and made the entry and the barrier a little bit smaller for new organizations to take their great idea and turn it into a business.”
What challenges arise and what is made easier from the security perspective of digital transformation?
When it comes to security and digital transformation, one of the first things that comes to mind for Reynolds is the tech surface. “As you evolve and transition from legacy to new, both stay parallel running, right? Being able to manage the old but also integrate the new, 但新事物也带来了更多的复杂性, 更多安全规则,他说. “云安全就是一个很好的例子. While it’s great for onboarding and just getting stuff up and running, they do have this concept of shared security where they manage infrastructure, 他们管理存储, 但实际上, 我的, 访问管理, 网络配置, and ingress and egress traffic from the network are still your responsibility. And as you evolve to that and add more and more cloud providers, 更多的集成, 它变得更加复杂.”
“还有更多的数据传输, so there are a lot of data privacy and compliance requirements there, especially as the world evolves with GDPR, 希望大家现在都知道了. It is regulation that puts a lot more power and control of individuals’ data in the hands of the consumer and the individual. And the US is following suit with other acts, such as the California Consumer 隐私 Act.”
“Also, along with that is just threat detection. As you evolve the ability to really understand how your events are being collected, the new system may not be compatible with the old,雷诺兹说。. “So, it’s really just kind of focusing on the lift and shift, and hopefully not changing the engine on the airplane at 50,000英尺. Really just being able to adapt the times and understand what you’re trying to protect.”
For more on this topic—including identifying the visibility of attack surfaces, understanding the efficacy of organizational efforts, and improving an enterprise’s culture of security—listen to the 完整对话在这里.
