By Chris Rodriguez, Security Alternate Channels
Dominique Singer, Director of Security Solutions Architecture
Level 3
Digital transformation. We hear about it in some context seemingly every day. At its core, digital transformation is the realignment and investment in technology and processes to drive value and provide a stellar customer experience between a company, its customers and its prospects. It leverages – and is dependent upon – social media, mobility, analytics and cloud platforms, all synchronized to engage and interact with customers on their terms. A well-executed digital experience translates to improved customer loyalty, greater business agility and increased revenue.
But along with the inherent value automating processes and technology brings, it also opens the door to increased security risks and threat exposure.
For many businesses, digitization of activities like marketing and customer service rely on the personal information and preferences of their end-users. This data often flows within partnerships and business collaborations, adding another layer to the potential threatscape. As the data moves across devices, systems and the cloud, in increasing volumes, the risk is compounded. Customers expect their data to be protected – and there’s the rub.
In today’s hyper-connected environment, developing and maintaining an effective security stance can be overwhelming, particularly for small and medium businesses with little or no security team and/or limited IT resources.
According to Cisco’s 2016 Annual Security Report, only 54 percent of businesses are confident in their ability to verify and defend against an attack.
Complicating matters is the fact that adding security experts to an IT team is an expensive, time-consuming process, and qualified security analysts are very difficult to retain. A recent Forrester survey states 58 percent of North American and European security decision-makers say that hiring cybersecurity practitioners is a major challenge for them.
And the challenges posed by new technologies and limited in-house expertise aren’t the end of it. Personal information is subject to legal requirements and new laws affecting a company’s use of personal information, including the European Union’s General Data Protection Regulation (GDPR), adding to the byzantine regulatory laws companies need to understand, navigate and comply with. Given the expanding breadth of these laws, most companies end up needing to modify their security stance to ensure compliance.
So, what’s a business to do?
Embrace the Business Impact Assessment
It’s clear security is a fundamental component to an effective digital transformation. It’s also clear many businesses don’t have the resources to quickly spin-up the sophisticated, multi-layered security solutions required to ensure their information assets are adequately protected. This is why they often turn to security solutions providers for help.
But there’s something all businesses can and should do before making any decisions about picking a security vendor: perform a Business Impact Assessment (BIA).
A BIA helps businesses map their current capabilities, resiliency and risk appetite. It identifies and assigns ownership to critical business assets (both technical and non-technical), and it serves as a framework to negotiate key security parameters with prospective cloud security service providers. What’s more, a BIA gives businesses the ability to effectively evaluate their capabilities in managing a robust, layered security approach in securing their digital transformations.
Once a business implements a BIA, the process of selecting and retaining a security service provider is generally more straight forward and effective. The providers’ experts leverage the BIA against leading-edge tools and training. Intelligence from across the entire threat landscape is coupled with the knowledge from the assessment to the customer’s unique risks and challenges. Harnessing the knowledge from the broader security community for identification of exploits as they are discovered in the wild, security experts identify and correlate indicators of compromise specific to the business for actionable intelligence.
Securing a business during transformation is not an easy task: risks and threats are evolving every day while customers are demanding increasingly personalized, omnichannel experiences. Because many businesses lack the resources or expertise to bridge the security gap, they often turn to third-party security providers who can offer much-needed experience, knowledge and economies of scale. But before businesses engage any new security solution or technology, they should first take stock of their business assets and risks. Doing so helps ensure that companies can plan and execute their secure digital transformation.
Dominique is a solutions-oriented professional with over 21 years of experience enabling organizations to succeed in an appropriately secure environment. Dominique has been with Level 3 for four years and is currently focused on Partner and Sales enablement for the Indirect and Wholesale channels. Dominique has extensive experience working for Fortune 500 organizations, advising senior business and IT leaders in determining, developing, and implementing cost-efficient, risk-appropriate, and comprehensive information security programs comprising people, processes, and technology. Dominique holds the following industry certifications: CISSP, CRISC, GSEC Gold, CCSK, COBIT, and ITIL Foundations.
Chris is responsible for Level 3’s Alternate Channel strategy and execution. In this role, Chris works closely with Level 3’s partners to ensure proper support, education and opportunity management. Prior to joining Level 3, Chris was a partner at KPMG/Bearing Point and IBM where he helped executives develop and operationalize their digital transformations strategies.