Amid the drive to achieve holistic digital transformation, the modern security landscape is rapidly evolving. The emergence of apps, cloud services, big data, and mobile technology, though revolutionary, is opening new vistas of risk as traditional network perimeters fade and businesses retrofit their organisations around these burgeoning technologies.

The most effective way to defend against next-generation threats in the new age is to develop an integrated, enterprise-wide risk management strategy with clear governance and policies. The objective is to build resilient systems that not only withstand cyberattacks but also minimise the MTPD (Minimum Tolerable Period of Disruption) and continue mission-critical business operations after an attack.

Rethinking enterprise risks isn’t an easy task, given the dynamism of the risk environment itself. Enterprise security has evolved as the enterprise itself has changed. Vendors are also shifting their security paradigms from the “bolt-on” to the “built-in” approach to help customers maximise their investments and securely transform their business in ways that were not possible before.

Fusing security into the lifecycle and product development processes, rather than treating it as an afterthought, is imperative. The telemetry and broad threat intelligence generated by the process add to the insights repertoire, help discover, track, and report, and serve as a conduit to connect and integrate traditional security silos to better respond to and mitigate advanced persistent threats.

With BYOD (Bring Your Own Device) fast becoming a mainstay feature in the digital transformation playbook, employees aren’t operating only from their office desktops. They can work anywhere, at any time, using their own devices. They download and access apps that the IT department isn’t aware of. They consistently access cloud-based solutions through channels that may not be secure.

Sadly, a firewall can’t be built around the modern enterprise, and there’s no practical way to discard every legacy technology owned by organisations. The security software designed for the PC world was not built to perform what mobile devices can do today. In summary, this new phase of computing requires a nascent approach to security, recognising that it must be as innovative, nimble, and intelligent as the technologies and enterprises it aims to protect.

In this cloud-first, mobile-first world, the heuristics stated below are some of the effective methods in mitigating today’s security challenge

IDENTITY IS THE NEW SECURITY PERIMETER

Identity is the new security perimeter, and there are no “ifs, ands or buts” about it. Identities are becoming increasingly mobile. There are three fundamental threat vectors that an organisation must protect: users, data, and applications. Identity is a mechanism for binding the three together and strengthening the organisation’s security posture. Enterprise security is fast becoming less device-centric and more user-centric. The new perimeter is where identity meets data.

In our present world, users switch from device to device — from their laptops at work, to their iPads at home, to the smartphones in their pockets, and the main imperative is not to secure the devices at a given point in time, but to continuously secure users and their identities in a consistent manner, not impeding the user experience, most importantly.

DATA IS THE NEW CURRENCY OF THE ENTERPRISE

Data in traditional settings and strategy used to be assets that stayed within the four walls of an organisation and were the exclusive preserve of the enterprise. However, as the boundaryless landscape evolves, there’s a need for collaboration beyond the de facto perimeter, which, of course, changes the data lifecycle. Selecting the right datasets for actionable insights helps prevent attacks.

Data is the most important asset of an organisation. The silos that were once prevalent in discovering, classifying, protecting, and tracking data are collapsing, and holistic solutions such as machine learning and blockchain are emerging. However, as the enterprise’s new currency, there must be a balance between data fluidity and data provenance.

A NEWER APPROACH TO ENTERPRISE DETECTION AND RESPONSE IS IMPERATIVE

Cyber attacks are now occurring at scale and with great sophistication. This means that every organisation is predisposed to breach. Decision-makers within the security architecture now operate their organisations in an “assume breach” posture. This puts them in a position to proactively detect threats early in the kill chain, preventing a breach.

Traditional signature-based approaches to threat detection should leverage machine learning, big data analytics, behavioural analysis, and patterning to mitigate attacks and proactively detect threats earlier in the kill chain. The resilient enterprises of today and the future are those that have adopted a “built-in” security philosophy to protect against enterprise trends such as mobility, big data, and cloud services.