There’s no doubt that the present digital transformation goes hand in hand with a resilient and sophisticated security strategy and resultant infrastructure. A sound digital strategy is reliant on security that will not only enable secure operations but also lead to a business posture that is safeguarded against current and potential threats.
“South Africa’s digital transformation has been significantly accelerated by 2020’s changing landscape. We are seeing organisations increasingly considering and adopting Cyber Defence Centre (CDC), Security Information and Event Management (SIEM) and User and Identify Behaviour Analytics (UEBA) as part of corporate management systems,” says Ryan Skipp, Portfolio and Solution Design at T-Systems South Africa.
“Local organisations are taking the global ransomware and threat landscape very seriously. Additionally, with regulations such as South Africa’s Protection of Personal Information Act (POPIA), the EU’s General Data Protection Regulation (GDPR) and other legislation in full swing, the definition of how data must be handled is clearer,” he adds.
While some might argue that country’s often weakening, perpetually volatile currency makes it less attractive to ransomware threats, the truth is hospitals, core and infrastructure services, production lines and others remain attractive targets for Distributed Denial-of-Service (DDoS), data damage and personal information theft.
Digital transformation and the cloud
Cloud adoption forms an important next step in company’s digital journey. Here, Rajan Padayachee, Head of Sales at T-Systems South Africa advises that companies must have a clear picture of why they want to digitally transform their business.
“Do you want to establish a more mobile workforce or perhaps have new product offerings that require a digital strategy? Importantly does this require migration to the cloud?”
Security is and remains a vital part of cloud adoption, however, there is the perception that it offers an impenetrable bubble akin to Alcatraz or Helm’s Deep – nothing can enter its walls.
“The enterprise perimeter has expanded – it is now virtualised and often extended to every cloud region in the world, converting from the old exoskeleton if you will towards security functioning as endoskeleton support structure,” says Skipp.
“It is important that organisations learn how to use the security facilities offered by the cloud. Hyperscale service providers often invest substantially in security, but the key is to understand what you should use to benefit your organisation.
“It’s also imperative not to become overwhelmed by the sheer volume of data from the cloud; here organisations must clearly ascertain what information they would like to measure, why, and apply the relevant filters.”
The move
Once organisations decide to move to the cloud as part of their digital transformation strategy, the burning question is what steps should they take to ensure a sound and importantly safe migration?
For one, IT must educate business on the threats and put the necessary support systems in place to use cloud services safely. These include:
- Preselecting services that the business could use;
- Predefining safe landing zones in the cloud and relevant subscriptions;
- Preestablishing contracts for services that meet organisations’ compliance requirements;
- Providing safe paths, portals and automation to use cloud services, and
- Ensuring that business takes ownership of the data whilst contracting the necessary help with additional operational requirements.
Security remains non-negotiable
To realise and secure a mobile and Work from Home (WFH) workforce, organisations can – once the cloud partners and processes are defined – configure business-specific portals together with authorised applications to realise an on-demand environment.
However, security must run throughout this process and should align with the organisation’s daily requirements. To this end, the IT team must implement the following important steps to realise a sound digital transformation strategy:
- Governance procedures – what is allowed run, where and how;
- The requisite policy updates to support governance;
- The security system must then ensure all the authorised functions and services can be run/only run on pre-authorised platforms;
- Both security and risk management will then run comparisons to ensure that it is aligned with governance and compliance requirements; and
- Security will also ensure that all the necessary client access, authentication, encryption, compliant data handling processes are in place to protect both the organisation and its customers.
“Ultimately, the security team is an invaluable consultant that provides businesses with the right tools and methodologies to enable a secure, resilient and optimised digital strategy,” concludes Skipp.