View from the Marketplace

Views from the Marketplace are paid for by advertisers and select partners of MIT Technology Review.

Cybersecurity in the Age of Digital Transformation

As companies embrace technologies such as the Internet of Things, big data, cloud, and mobility, security must be more than an afterthought. But in the digital era, the focus needs to shift from securing network perimeters to safeguarding data spread across systems, devices, and the cloud.

Technologies such as big data analytics, the Internet of Things (IoT), blockchain, and mobile computing are reinventing the way companies handle everything from decision making to customer service. The automation of virtually all business processes and the increasing digital connectedness of the entire value chain create agility, but they also significantly raise cybersecurity risks and threat levels.

The key to addressing those risks and threats is building security into applications, as well as into interconnected devices, right from the start.

Running IT systems in the cloud supports organizational flexibility. To that end, companies are increasingly moving both data and business functions (e.g., human resources and procurement) between the cloud and on-premises legacy systems.

Michael Golz, SVP & CIO Americas SAP

But as companies embark on their journeys of digital transformation, they must make cybersecurity a top priority, says Michael Golz, CIO, SAP Americas. “We have to maintain confidentiality, integrity, and availability of data in all these contexts: on premises, in the cloud, and in hybrid environments,” Golz says.

Both the value and the volume of data have never been higher, and end points are more vulnerable than ever. That’s especially the case with the IoT, which is still in its infancy. As the IoT is extended to everything from industrial equipment to consumer devices, attacks are growing not just in number, but also in sophistication. Next-generation devices are now deployed in potentially vulnerable environments such as vehicles, hospitals, and energy plants, vastly increasing the risks to human welfare. Concerns about such devices being hacked, turned into botnets, and used to attack targeted computers and organizations are growing as well.

Justin Somaini, Global CSO, SAP

“Any vulnerabilities in the supply chain now have a wildfire effect that results in millions of dollars being lost and trust being destroyed on impact,” says Justin Somaini, global CSO, SAP. “It used to take a while to exploit these weaknesses. Nowadays, it’s very fast and the damage is immediate.”

With the stakes so high, senior IT leaders, including both CIOs and CSOs, need to adopt a more proactive approach to securing critical data. Forensic analysis of what went wrong after a breach won’t be enough to save lives—or C-level careers.

Focusing on Both Applications and Data

Cybersecurity professionals are accustomed to securing access to their networks and applications. But digital transformation leads to an explosion of connected environments where perimeter protection is no longer enough. Attackers and other malicious individuals will continue to compromise weak links, resulting in deep access to companies’ networks, systems, and data.

In a digital world, the classic, contained enterprise network no longer exists. For that reason, security must be embedded into all applications as the first line of defense, Somaini says. To achieve that level of security, SAP favors the “security by default” approach, in which an application’s embedded security controls are, by default, set at the highest levels of protection. “The idea is to build in security, rather than asking users to opt in,” he says. That’s one of the hallmarks of being more proactive in securing data: protection is the default posture.

So-called “self-defending apps” are another example of proactive security. This active-protection technique provides applications with advanced access-control capabilities, allowing them to react to malicious source-code modifications and debugging at runtime. Encryption of all data in transit is another core tenet of preemptive cybersecurity, according to Somaini. SAP HANA, for example, features encryption services for data both at rest and in flight.

Among the most important factors for heading off insider threats are two-factor authentication (which verifies a user’s identity via two different methods) and role-based access controls (which limit the user’s access to data by job role), Golz says. “The insider threat is very real. There are a lot of data breaches today by people who have a legitimate authorization that is too broad. They get to see more than they are entitled to. Two-factor authentication dramatically increases the security of the communications.”

Bringing Two Worlds Together

The cybersecurity issues raised by digital transformation are driving the need for a better understanding between the organization’s cybersecurity professionals and those who provide application security. “Traditionally, those groups don’t speak the same language and don’t understand what the other side is doing,” Golz says.

Today, responsibility for cybersecurity is generally shared by the application team, which tends to focus on hardening and securing enterprise applications, and the cybersecurity professionals, who handle aspects such as access controls and firewalls. “Those are different roles, and they use different technologies and terms,” Golz says. Going forward, with the focus shifting from traditional network-perimeter security to securing application data, those two worlds need to join forces to prevent issues from falling through the cracks, he adds.

Digital transformation makes it essential that the cybersecurity and IT teams find a common understanding, a shared terminology, and a unified approach to securing applications and data. “Systems are being opened in ways that they weren’t before,” Golz explains. “There is more direct connectivity with suppliers, partners, customers, and consumers. There are tighter connections between a company’s Web presence and back-end systems. The seamless process flows mean more things can go wrong.”

When it comes to digitally transforming a company’s business, cybersecurity must be part of that conversation from the start. As a case in point, many companies now sell software along with their products. For example, a large industrial vendor such as GE today provides not just the equipment used in production environments but also subscription-based monitoring and maintenance services to ensure that equipment does not experience an unexpected outage. “That means all the challenges and requirements a software company faces now apply to you. The way you protect the data is paramount. It’s a whole set of new challenges,” Golz says.

As one of the top providers of business-critical applications, SAP will continue to build security into the heart of its applications and to secure cloud operations to protect content and transactions, Golz says. “We are working to help customers define, plan, and execute measures for their secure digital transformation.”

For more information on SAP, digital transformation, and security, please visit www.sap.com, including the security-specific page.

The latest Insider Conversation is live! Listen to the story behind the story.

Subscribe today
Already a Premium subscriber? Log in.

Uh oh–you've read all of your free articles for this month.

Insider Premium
$179.95/yr US PRICE

More from Connectivity

What it means to be constantly connected with each other and vast sources of information.

Want more award-winning journalism? Subscribe and become an Insider.
  • Insider Premium {! insider.prices.premium !}*

    {! insider.display.menuOptionsLabel !}

    Our award winning magazine, unlimited access to our story archive, special discounts to MIT Technology Review Events, and exclusive content.

    See details+

    What's Included

    Bimonthly magazine delivery and unlimited 24/7 access to MIT Technology Review’s website

    The Download: our daily newsletter of what's important in technology and innovation

    Access to the magazine PDF archive—thousands of articles going back to 1899 at your fingertips

    Special discounts to select partner offerings

    Discount to MIT Technology Review events

    Ad-free web experience

    First Look: exclusive early access to important stories, before they’re available to anyone else

    Insider Conversations: listen in on in-depth calls between our editors and today’s thought leaders

  • Insider Plus {! insider.prices.plus !}* Best Value

    {! insider.display.menuOptionsLabel !}

    Everything included in Insider Basic, plus ad-free web experience, select discounts to partner offerings and MIT Technology Review events

    See details+

    What's Included

    Bimonthly magazine delivery and unlimited 24/7 access to MIT Technology Review’s website

    The Download: our daily newsletter of what's important in technology and innovation

    Access to the magazine PDF archive—thousands of articles going back to 1899 at your fingertips

    Special discounts to select partner offerings

    Discount to MIT Technology Review events

    Ad-free web experience

  • Insider Basic {! insider.prices.basic !}*

    {! insider.display.menuOptionsLabel !}

    Six issues of our award winning magazine and daily delivery of The Download, our newsletter of what’s important in technology and innovation.

    See details+

    What's Included

    Bimonthly magazine delivery and unlimited 24/7 access to MIT Technology Review’s website

    The Download: our daily newsletter of what's important in technology and innovation

/
You've read all of your free articles this month. This is your last free article this month. You've read of free articles this month. or  for unlimited online access.