Skip to main content

Security: The missing piece in your business’s innovation strategy

@alyssa-schwartz
Security - Jun. 28, 2018

Security: The missing piece in your business’s innovation strategy

New technology drives business innovation and other key outcomes. But as you propel forward, it’s important to scale your security strategy at the same time

Enterprises are in the midst of a dramatic digital shift. From intelligent cloud-based apps that offer greater business insights to cloud infrastructure services that have transformed networks and the function of IT departments, enterprises are currently faced with tremendous opportunities to drive innovation, better business outcomes and efficiencies.

While research from IDC Canada shows that Canadian businesses are eager to innovate, the firm also recommends organizations take care to ensure their cybersecurity efforts keep up with the pace of innovation. According to the research, Canadian businesses are currently investing $2.1 billion annually on innovation, with the number of corporate innovation centres set to grow to 900-- a 15%rise--within the next two years.

But IDC also recommends that enterprises take care to balance their innovation with thoughtful security strategies, identifying areas of greatest risk and ensuring that each is properly addressed. With security spending set to grow $200 million this year, reaching a total of more than $2.6 billion, it’s vital that Canadian businesses ensure they target their efforts to best address the risks.

As one annual review of the state of cyber security among Canadian businesses states, “breaches are the new normal.” Last year, nine in 10 Canadian businesses suffered a security breach, and the average cost of recovery surpassed $3.7 million.

"Last year, nine in 10 Canadian businesses suffered a security breach, and the average cost of recovery surpassed $3.7-million."

Scalar

As Canadian businesses shift to cloud services, next-generation networks and other transformational technologies, here are some important things they need to consider:

Don’t take cloud security for granted

By the end of this year, more than 20% of workloads are expected to shift to private cloud services due to better cost management and scalability. But as you consider cloud providers, security is something you shouldn’t take for granted. Though you may view security as your cloud provider’s responsibility, it’s actually a shared obligation that starts with a thorough understanding of how your provider will keep your data safe. After all, in the event of a breach, new regulations such as General Data Protection Regulation (GDPR) will not let your business off the hook just because you’ve outsourced your infrastructure.

It is important to understand how your data is protected both while it’s in transit (to and from your premises to the cloud) and in storage. Some things to look for or ask about include:

· How data will be encrypted in transit and at rest

· Authentication/access control to data in the cloud

· Physical, on-premises security measures

· Data sovereignty (your data is subject to the laws of the country where it’s housed)

· Network monitoring and audits

Colocation considerations

In colocation, your infrastructure hardware is housed in a remote, offsite location. As such, your security concerns will be similar to those for cloud services. Physical security measures at data centre locations should include round-the-clock video monitoring as well as biometric authentication, such as iris scanners. Network and event monitoring are also crucial for addressing emerging threats and spotting issues quickly after they arise.

Event management

Attacks can occur at any time, which is why 24/7 network visibility and event management is crucial. The good news is that a shift to an off-premises solution shouldn’t make monitoring a major challenge because next-gen services offer a far greater degree of network visibility and control than ever before, making it easier to identify and patch issues. Meanwhile, the availability of managed services means this round-the-clock monitoring isn’t a task your IT staff must perform internally.

DDoS attacks are a growing threat

A growing reliance on computing and the resulting increase in your business’s attack surface, paired with a recent surge in DDoS attacks, means these attacks should not be overlooked. By overwhelming your network with irrelevant traffic, a DDoS attack can paralyze your websites, apps and other online properties – a costly proposition for most businesses. Volumetric DDoS protection solutions act as a layer between the internet and your network, eliminating illegitimate traffic before it can cause harm. Cloud providers generally include DDoS protection as part of their services, but that only safeguards the applications they’re providing you. Remember that a complete DDoS solution includes implementing protection at your headquarters, too.

Just remember: New technology means new risks

As enterprises transform and innovate, new business opportunities and improvements quickly follow. But this digital transformation also brings new risks – and these must be managed with a security strategy that is aligned to your innovation plan.