Technology Principals – Security

Protecting the crown jewels from the outside enemy

Cyber criminals and nation-state hackers are out to get your data, but a series of emerging technologies will help your business keep its information safe and secure. The concept of cloud computing is nothing new to business leaders – its potential ability to deliver scalability and agility to enterprises has been the dominant narrative behind enterprise technology stories for the past decade or more. What is new, however, is that the public cloud – computing services offered by third-party providers over the internet – is now the foundation for enterprises looking to bring resiliency, performance and competitiveness to their core applications.

New technologies with containers – a self-contained unit of software that packages an application’s code and its dependencies – at the heart of their delivery approach are already improving the experience of users when it comes to the cloud. Such containerized approaches help to boost developers’ creativity and make it easier for enterprises to create truly agile business processes that might finally deliver the business’ long-desired digital transformation.
Significant conflicts remain, not least around the requirement for security. When your data resides on the internet, which is also home to cyber criminals and nation-state-backed hackers, you ignore security at your peril. In the connected age, enterprises that do not embed cybersecurity in their transformation will put their future prosperity at risk.

What we believe is that businesses must embrace new solutions – such as confidential computing and post quantum
encryption – to operate with more confidence in our inherently insecure world. We believe enterprises that can leverage security-led business transformation will be best placed to embrace technology-enabled business change with confidence.

Getting out of this right royal mess

To really place security at the heart of their enterprise technology strategies, businesses need to ensure that they do not rely upon long-standing approaches to cybersecurity. These traditional approaches – that bring security techniques to the infrastructure or the application – will not suffice.

The cloud and the rise of serverless computing brings new attack vectors. IT departments looking to protect their business’ data assets will have to adapt to a platform-based and ecosystem-driven approach. They should look for new technologies and practices to manage new risks. And they should look for an iterative approach through an integrated development, security and operations lifecycle known as DevSecOps, which embeds security rather than appending it as an afterthought.

Security that’s fit for a king or queen

Enterprises that get their security strategy right will be able to enable new ways of working. Think of mobile development, where strong cybersecurity makes it possible to move applications and data between cloud providers in order to take advantage of better performance and prices. Then think of agile development, which has already been adopted in many organizations, but which could be automated through the use of embedded cybersecurity processes.

Enterprises looking to create a new enterprise security strategy that is suitable for our ever-increasing reliance
on the cloud and containers will need to embrace unconventional thinking and disruptive solutions. That means looking beyond traditional vendors and towards open-source communities in order to source innovative thinking and best practices in enterprise security. Embracing disruption also means thinking of how to develop a platform that can provide end-to-end encryption runtime as-a-service, so that only trusted end users can read data during communications processes. Disruptive thinking also means focusing on a new development paradigm, where security as code becomes the norm and enterprises build security processes into DevOps tools and practices, so that
developers always think about how their actions affect operations.

In addition, we believe embracing disruption means taking advantage of confidential computing, an approach that enables data to be processed without exposing it to the rest of the system thus maintaining privacy. This solution to the problem of securing data that is in-use, is supported by a consortium of hardware vendors, cloud providers, and software developers.

It’s a technique that prevents unauthorized access or modification and helps organizations manage sensitive and regulated data. Finally, embracing disruption means taking account of the rise of quantum computing and the potential to process mathematical calculations at a much faster rate. This faster processing could be used to
break certain forms of encryption – and that means organizations need to think now about the longer term confidentiality of their data and the potential for post-quantum encryption.

Happy and glorious

As we have already stressed, the use of IT by the business has been built on the core parameters of cost and performance for many years. The continuing digitalization of society, and the associated transfer of value creation to online channels, means that security is now integral to the parameters governing technology implementation. We must ensure security becomes a parameter, too.

As we have stressed, the genie is out of the bottle. We must recognize that the cloud is the new normal for business IT and that cybersecurity threats must be approached in a very different manner. Business leaders must look to their IT departments to build efficient and cost-effective cybersecurity mechanisms that create trust and build confidence between all stakeholders.