Are you secure enough?
- Posted on May 22, 2018
- Estimated reading time 4 minutes
The following blog post was written by Avanade alum Joseph Davis.Quick: name a Fortune 500 company that’s suffered a major data breach.
Chances are that you can name several without stopping to think. By now, it’s like shooting fish in a barrel. And every one of those breached companies has had cyber-security protections in place for at least a couple of decades. In fact, most have had the same defenses in place for decades. At these companies, firewalls and antivirus software did nothing to stop data thefts that each affected millions of consumers. These companies don’t need more cyber-security; they need better cyber-security.
And so do you.
Traditional protections aren’t enough because the traditional way of working isn’t enough
Companies are undergoing digital transformations at an increasing pace—and the digital workplace bears little resemblance to the workplace of the 1990s. Many employees no longer work solely, or even mostly, at the office. They collaborate and share information in breathtaking new ways. They engage in numerous forms of partnerships and affiliations with innumerable third parties.
Your cyber-security has to evolve—quickly—to take this into account
Making cyber-security an explicit part of your digital transformation plans is crucial. And it’s a responsibility that the C-suite can no longer afford to leave to the IT department. That’s because the cyber security is no longer a mostly technical issue. Its primary impact on the organization is very much a business impact. For example, research from MIT’s Center for Information Systems Research finds that sensitivity to data-related risks keeps senior executives and board members from optimizing financial returns from business analytics and big data.
Meanwhile, the company that loses the digital trust of its customers, investors and others can see the result in lost revenues and profits that far exceed the cost of investing in digital workplace security in the first place. So far, the marquee-name companies caught in data breaches generally have been able to repair the reputational damage over time. But when a big-name retailer or consumer products company is hit twice, the public may be far less forgiving.
Digital trust builds brand value
Conversely, building digital trust can be an important way to build brand value, competitiveness, and ultimately revenues and profits. All else being equal, the consumer who has a choice to do business with a company that has a reputation for protecting consumer data or with a company that doesn’t will pick the former. And the brand value of digital trust will only increase as more products—from medical devices to cars and even the kitchen refrigerator—capture an increasing amount of personal data and send it across the Internet.
The people who populate boardrooms and executive suites won’t design the systems that build digital trust, of course, but they need to understand the philosophy behind them to ensure that their businesses take the path of greater business growth and less risk.
It’s the data, not the device
One of the biggest shifts that corporate leadership needs to understand is that cyber-security solutions for the digital workplace need to follow the data, not the device. Files that are protected by encryption and rights-management technologies remain secure regardless of the device they’re on—or the device they’re moved onto. And when cyber-security no longer depends on the device, any device can be used anywhere in the world at any time, giving employees and others maximum—and appropriate—flexibility. As an ever-broader range of devices become available—think smart speakers like Google Home and Amazon Echo—they’ll fit effortlessly in the secure environment as long as the data files used on them are secure.
“Effortless” or “frictionless” also describes how authorized employees, customers, contractors and others should be able to work with protected data. Data technologies that are secure by design, rather than security that’s bolted on by a tech provider, are one key to achieving this effortless use.
Trust me on this, please
Despite what most executives still believe, the cloud provides more effective, and cost-effective, data security than you can achieve in your data center. A security-conscious cloud provider, like Microsoft, uses the latest security technology, such as network sandboxing, and keeps it always up to date. The cloud, properly used, can virtually eliminate the risk of threats such as ransomware. And you get this protection without the enormous investment in facilities, hardware, and continuing management that an on-premises datacenter requires. The cloud is even evolving to support data sovereignty and other regulatory requirements.
Many of our clients at Avanade want to become digital businesses, but don’t want to be in the IT security business (unless that is, in fact, their business). They already outsource countless service functions so they can concentrate on adding value to their core activities. It’s now possible, and essential, to put cyber-security on that list.
Learn how Avanade protects its clients with significant resources in our people, processes and technologies to protect our clients.