Sometimes it is difficult to see everything that affects us. Getting philosophical for a moment, you cannot see what you do not know about, like colour blindness affecting the ability for people to see red and green. For those of us in IT security, this inability to see everything can lead to unnecessary risks and challenges. In other words, you cannot defend what you can’t see.
Visibility across IT is a challenge today. New digital transformation initiatives have delivered vital competitive advantages for the companies involved, but these new projects have made it difficult to track what is taking place across IT. Rather than being able to maintain accurate lists of assets over time, IT teams today can find it difficult to keep up with all the changing parts that make up applications.
How does digital transformation affect the practicalities of IT?
Digital transformation involves developing completely new business models based on technology and leads to a huge amount of change in how IT teams work to support the scale, speed and ephemeral nature of underlying IT, particularly when cloud applications or third-party services are involved. Rather than being centralised and easier to manage, the range of IT assets to track has gone up considerably, and the number of different infrastructure locations or platforms used has risen too.
This has a big impact on security, which relies on visibility of assets to manage and reduce risk. IT teams now need to have a constant stream of updates around all the changes and fluctuations taking place, and consolidate that information in one central location. The resulting single-pane visibility provides a foundation for other processes that can harmonise IT, Security and Compliance teams across the organisation.
As digital transformation efforts take place, IT has to keep up with the basics as well.
Taking a practical approach to keeping up with change
To keep up with digital transformation, you have to maintain constant insight into what is changing across IT. This insight has to be accurate, up to date and provide useful information on risk. Without this data, you will forever be in catch-up mode, making it extremely difficult to impossible to manage security over time. This is particularly hard around ephemeral applications, for example, like those built on microservices or in containers, where demand levels lead to increased numbers of machines being deployed and then removed when no longer in use.
To get this insight, you need a continuous stream of data, so you can track what is taking place across these ephemeral assets in the moment and over time. In order to get that data, you must have sensors within each infrastructure component on every platform that the IT team uses – from endpoints and devices, through to internal applications deployed in data centres and through to new applications based on cloud. The ability to collect this data allows security teams to understand it in context —normalising and simplifying it so that it delivers the right level of visibility.
Planning ahead on data
Now you have this data, what can you use it for? It can power more proactive planning around security issues as they develop. This helps you deliver new processes and ways of ensuring security that can keep pace with digital service delivery.
For example, software vulnerabilities are discovered all the time. These can exist across IT, from endpoint devices with operating systems through to the new cloud and software platforms used to deliver digital transformation.
Finding these vulnerabilities can be challenging without an up to date IT asset list and data coming in from each asset. Similarly, the sheer volume of vulnerabilities can make it difficult to manage. In this case, you have to weigh the potential impact of any new vulnerabilities up across different devices and device types so that you can prioritise those that represent the biggest risks. This approach of prioritisation, asset building in a centralised place and connecting assets to vulnerability can also easily help you spot other security issues such as applications that have reached their End of Life and won’t receive new security patches and potentially unwanted applications (PUA).
To build on this, you can also use this data to manage relationships with stakeholders across the business, from other IT teams and senior business leaders. The role of IT as the facilitator has become more important as digital transformation work has grown. Firstly, the level of investment in digital has made these projects more valuable and more visible to the business; secondly, the amount of interest around security issues is higher than it has ever been, due to the number of data breaches and increased compliance legislation that has been brought in.
By getting data on issues early and communicating on potential risks – or by flagging where issues in the news don’t have an impact – you can help management teams understand what is going on and how risks are handled. The important thing is to make this visibility consumable and actionable, starting from a high-level dashboard and drilling down in a couple of clicks to the specific information needed to support actions within specific teams.
Digital transformation requires security transformation
The investment in digital transformation projects is not slowing. If anything, traditional companies are spending more to get up to speed alongside new market entrants. This has led to new applications being developed and cloud-based infrastructure expanding rapidly.
The move to digital requires a new approach to security that can keep up with these developments. It demands more visibility, greater automation and more understanding. As digital transformation makes businesses more responsive to customer demands, so security has to follow this same approach, responding faster to changes and ensuring that the right steps are taken to fix issues. This involves more collaboration across teams, across processes and should be based on common data to allow for more objective decisions. Digital transformation involves meeting needs faster and the continuous security and data-driven approach to IT security which also embraces automation will help IT support this goal.