Organisations today are embarking on their own distinct journeys of digital transformation as advances in new technologies like 5G and AI change the face of business. There is a common misconception that security hinders innovation, and limits the rate at which organisations can transform. The reality is that failing to factor in security at the outset of a digital transformation journey increases risk from outside threats. Periods of digital transformation should be seen as an opportunity to strengthen security in parallel with transforming your business. Many organisations today are using outdated methods of protection that focus too heavily on blocking and prevention mechanisms.
So how can organisations adapt? The first step is to accept that at some point, the hackers will breach your preventative security layer. The second is to invest in an adaptive security method that is able to keep up with increasingly sophisticated attacks. Adaptive security means putting preventative and responsive security processes in place at every step in your system. Typically, there are four stages in an adaptive security life cycle: preventative, detective, retrospective and predictive.
Preventive security is the first layer of defence. This includes firewalls, which are designed to raise the bar against attackers, blocking them and their attack before they affect the business. Rather than seeing preventative security as a way to block attackers from getting in, organisations should see it as a barrier that makes it more difficult for an attacker to get through—giving the organisation more time to detect and disable an attack in process.
You might also want to see this:
Detective security detects the attacks within the system that have already breached your walls. The goal is to reduce the time that attackers spends within the system. Retrospective security is an intelligent layer that turns past attacks into future protection —similar to how a vaccine protects you against diseases. By analysing the vulnerabilities exposed in a previous breach and using forensic analysis and root cause analysis, it recommends new preventative measures for any similar incidents in the future. Predictive security plugs into the external network of threats, periodically monitoring external hacker underground to proactively anticipate new attack types.
This is fed to the preventative layer, putting new protections in place against evolving threats. These are the four ingredients you need to secure your business during your network transformation journey and they need to be baked in together to protect you to their full potential. All elements improve security individually, but together, these four distinct security mechanisms form a comprehensive, constant protection for organisations at every stage in the life cycle of a security threat.
The writer is senior vice-president, global product management & data centre services, Tata Communications.