Why People Power is Leading the Charge in Digital Security
Blog: The Tibco Blog
Digital transformation remains reliant on empowered users to come to fruition.
History shows us how implementing technology alone inevitably falls short; meaningful change demands a broader cultural shift. A shift that sees every strand of an organization buying into the innovation and taking responsibility, rather than being just passive recipients of a digital framework imposed upon them.
We see how this plays out to transformational effect when it comes to the use of analytics. Specifically, how more accessible methods of data analysis — notably via easy-to-read visual representations — enables more people to answer key business questions and make decisions to solve their own issues as they see fit. Imbuing a wider sense of ownership drives data democratization, and in turn, greater efficiency and productivity benefits for added value to the bottom-line.
Not surprisingly, the business world is waking up to the merits of applying a similar ethos and approach to digital security. In a fast-paced, continually evolving digital environment, where the threat level rises exponentially with the rise of ever more sophisticated solutions, a more people-centric approach to security is becoming a logical, if overdue, progression.
Businesses now operate against a varied backdrop of big data, cloud, mobile and DevOps, and within a wider ecosystem of external partners and collaborations, which bring additional challenges from a security standpoint. As such, they need to rethink their approach to this fundamental issue. A sole focus on prevention infrastructure, by simply fortifying the boundaries with the traditional reliance on firewalls, can no longer handle these complexities and protect against internal threats once the attacker is inside the network.
In the digital era, we need a shift in mindset to something more sophisticated — something driven by greater trust in the user, which sees them empowered to take responsibility for security throughout the software development cycle. In tandem with detection technologies, which focus on monitoring, pattern matching, and behavioral analysis, the result is the same kind of real-time responsiveness we see thrive in so many strands of the digital operation now used for enhanced stability and resilience.
It’s an approach encapsulated by Gartner’s Continuous adaptive risk and trust assessment (CARTA). This provides a blueprint for how the agility of continual monitoring is now the bedrock of risk management, better aligned with the speed of digital business and a must for staying competitive.
If we apply this to the microservices arena — rightly heralded as the architecture powering the next generation of digital environments — we can see how their inherent flexibility lends itself perfectly to this approach. The modular nature is well-placed to employ service-specific security and monitor configurations. Introduce visual analytics, and we have a potent weapon for identifying anomalies in behavioral patterns that suggest suspicious activity, such as rogue IDs.
In a similar vein, this traction marks the evolution of DevOps. As a process already renowned for giving teams more responsibility for a project, we are seeing this morph into a new portmanteau, DevSecOps. This reflects how security is now afforded equal status with the creation and deployment as an intrinsic part of the development process. By integrating security measures, such as tooling and automation earlier in this cycle, the upshot is enhanced encryption and a framework that enables users to set and receive alerts to track and manage any API security threat. Furthermore, developers are in a better position to identify and address any shortfalls in their code and resolve issues themselves sooner, with less intervention from security teams, providing a more efficient, productive and cost-effective way of working.
Perhaps the final element in this new wave of digital security is to incorporate deception technologies, such as adaptive honeypots. These fake IT assets that can be created and deployed to lure in a would-be hacker and thwart their efforts before the damage is done. Having recently undergone a machine-learning infused makeover, the traditional static iterations that relied on security experts for their configuration are making way for a new breed. This new and improved breed now has the capability to adapt their form after deployment and is better equipped to block suspicious activity.
More adaption and agility, combined with people-centric ownership, undoubtedly hits the sweet spot for digital security.