Digital Transformation Requires a Security Rethink
Over the past few years digital transformation has become a hot topic with both business and IT leaders. Organizations that embrace digitization and use the concepts to create new processes and products have the opportunity to become leaders in their industries. Those that do not will struggle to survive and possibly go out of business or be acquired by stronger firms.
One of the fundamental tenets of digital transformation is that everything is connected. This includes not only traditional IT endpoints but also literally anything else that one can think of from vending machines, to water pumps, to heart monitors to automobiles. The top digital initiative across all verticals is to transform the way organizations interact with customers through unique experiences, and this requires the connection of all “things” to a common network. It’s important to note that the term “customer” encompasses all transient users such as students, patrons of a hotel, patients in a hospital and retail customers.
For example, by connecting metal detectors to a network, an airport can re-calibrate or restart them remotely, saving precious time. Airports need to process tens of thousands of passengers every day, and any downtime can create a high level of frustration.
Another example is using connected healthcare to improve patient safety. A hospital could have alarms from patient monitoring equipment sent to the mobile devices that clinicians carry. Typically, nurses or doctors are alerted to an alarm through an audible tone. If the hospital staff is not within earshot, precious time is wasted that could put the patient in jeopardy.
There is an almost unlimited number of possibilities of new experiences that can be created when we live in a world where everything is connected. The more endpoints that are networked together, the greater the possibilities.
[You might also like: Securing the Digital Transformation]
However, like with everything in life, for every Yin there is a Yang, and for all the “game changing” potential of digital transformation, there is a dark side, and that is that security risks are greatly escalated. When everything is connected it creates “back doors” into critical systems from less important ones. For example, in the airport example, if the airport’s digital signage solution was breached, a hacker could adjust the settings on the metal detector and let a terrorist through.
In a hospital, the guest network could be breached and a denial of service attack could be launched, flooding the network with traffic, resulting in a situation where the network was so congested that the patient alarms never reach the clinicians’ mobile devices.
Clearly, security must be a core part of any digital transformation initiative. However, the approach to security must change. Typically, security is “bolted on” to the network primarily to secure specific points where a breach might occur. The distributed nature of IT today has created many more possible points of entry, creating an increasingly complex environment. An interesting data point that highlights the problem comes from ZK Research that found that enterprises have an average of 32 security vendors deployed. Bolting on more vendors has not worked and will become less effective as more things are connected.
Instead of adding more and more security tools to an already complicated ecosystem, security professionals should consider integrating security into the design of the network. The information from the network and related analytics can quickly help identify a possible breach. Consider a connected vending machine in a shopping mall. Normal operations for this device are to send periodic updates to a single server at the same time daily. If the network sees unusual traffic, such as the vending machine attempting to communicate with the point of sale system, it can quickly quarantine it, preventing further harm.
The digital era has arrived and it’s critical that organizations move forward with these plans as fast as they can to remain competitive. However, it is equally important to ensure security is built into the design to secure a growing number of entry points and contain any breach quickly to minimize damage.