Oct 29, 2020
All links and images for this episode can be found on CISO
Series (https://cisoseries.com/defense-in-depth-securing-digital-transformations/)
Digital transformation. It's definition is broad. Meaning
securing it is also broad. But there are some principles that can
be followed as companies undergo each step in a deeper dive to make
more and more of their processes essentially computerized.
Check out this
post for the basis for our conversation on this week’s
episode which features me, David
Spark (@dspark),
producer of CISO Series, co-host Allan
Alford (@allanalfordintx), and our
guest is Paul Asadoorian (@securityweekly), founder &
CTO, Security Weekly, and
chief innovation officer, Cyber Risk Alliance.
Thanks to this week's podcast sponsor, Keyavi
Data.
Our Keyavi breaks new ground by making data itself
intelligent and self-aware, so that it stays under its owner’s
control and protects itself immediately, no matter where it is or
who is attempting access. Keyavi is led by a team of renowned data
security, encryption, and cyber forensics experts. See for yourself
at keyavidata.com.
On this episode of Defense in Depth, you’ll learn:
- Digital transformation is about relying on computing technology
for more integral processes and aspects in our daily work
lives.
- Lots of debate on the definition of digital transformation and
as well securing digital transformations.
- Definition: A targeted change to process and technology for the
benefit of the people.
- Definition: increasing levels of interoperability of
information.
- We heard the recurring argument of the need for security to
have a seat at the table at the beginning of a digital
transformation, and not at the end. But at the same time reality
sunk in and it was argued that security doesn't get to dictate
that. And if security tried to, it would create a greater wedge
with the business.
- When security is brought in at the end though, security has no
option but to disrupt the business. Then no one is happy.
- Digital transformation simply introduce new risks, often
greater risk. If the point is to integrate more of your processes,
then that integrates the risk as well.
- If you're undergoing a true transformation, you are looking at
core processes and saying, "What new tech facilitates, streamlines,
and/or actualizes these core processes?" You no longer have to
settle for shopping for a solution and then smashing your processes
up against it.
- Your security tools should also undergo a transformation. That
includes a transformation in monitoring as well.