Keeping the enterprise secure
Open- yet Secure
How to manage the paradox of the cloud-enabled economy
In our hyper-connected economy, collaboration and joint working across geographical and enterprise boundaries is the norm. This approach leads to faster time to market, more responsive services and better operational efficiency. Yet this cloud-enabled business model can only work effectively if we keep it secure. That’s a continuing challenge for us all.
Any internet accessible system or data source can potentially be hacked. Any process with internet capability may be rendered insecure, either by accidental or deliberate action. Most important, breaching corporate security defences has been industrialised. This is not simply an area of interest to bad actors (including those backed by large nation states), it is now a viable career for many skilled individuals, and for “criminal corporations” which see security attacks as a profitable business line.
NTT DATA is a leading player in cloud enablement. It follows that we are also leaders in helping organisations of every kind and every size stay safe in this new world of connected, highly automated working.
The importance of Digital Identity
Most of us are now familiar with the techniques used by criminals to cause cybersecurity breaches. We know about phishing (and its voice/video) equivalents, which are the lowest cost, simplest ways to trick company employees into giving away access to secure environments.
We also know- through painful experience- the devastating impact Ransomware can have, especially on critical infrastructure, health and other essential services. Enterprises are investing more time and energy each year to combatting these dangers, but the unpleasant reality is, most of these problems are caused by bad practice, and especially by Identity Management failures.
In 2022 a leading technology analyst noted that around 75% of all cybersecurity breaches were caused by IAM (Identity and Access Management) faults, compared with 50% a few years earlier. The increase in these issues is alarming, and that explains why around 30% of all large enterprises questioned in the same major consultancy survey plan to implement stronger and more suitable processes for managing access, identity and privileges.
At NTT DATA, we believe this is an essential move. So what are the key priorities for immediate action?
What needs to change?
In the past, most cybersecurity protocols were based on existing corporate structures, including departmental siloes and locally developed practices. NTT DATA believes organisations need an integrated, mutually supportive, constantly updated and best practice approach to security, top to bottom and end to end.
In the world of distributed cloud we no longer use the “walled garden” approach (high walls but open access once you are past the wall). Instead, each transaction must be secured and validated end to end, on a “no trust” basis, with authentication needed on every occasion and at every contact point.
To make this very different approach work, what are the key factors we need to cover?
The importance of Digital Identity. This is a concept most of us now understand- because we use it all the time. We need to prove we are who we say we are, and we do that by using such key personal identifiers as biometric data, which is unique to us. Access to key systems is increasingly dependent on use of Digital ID.
Authentication and Authorization. Enterprises normally manage access to data and systems according to role and privileges. This means using methods that prove the identity of the person requesting access, and then ensuring they receive ONLY the level of access needed to carry out their allotted tasks.
Customer ID Management. We now expect customers to define the services they want to receive and be more active in how they access and manage those services. We also want to give them a great experience- but security cannot be compromised at any point of contact between service providers and end users. That means using an effective CIAM (Customer Identity and Access Management) solution to combine ease of use with high security.
Employee/Partner ID Management. Enterprises have been using conventional IAM (Identity and Access Management) tools for some years, but in the more connected and collaborative economy we are creating, this approach must become more comprehensive and better governed, including entire ecosystems in the same security environment.
Secure attitudes and behaviours. As we can see from Gartner’s insights, most security issues arise from human error and carelessness. A key factor in delivering enhanced security is changing behaviours by educating employees and partners in basic practices. These include not using public Wi-Fi, not clicking on unprotected links and pages, managing passwords carefully and using 2 factor ID, keeping devices properly updated, while only downloading applications from approved repositories. Education is the best security protocol of all!
Regulatory demands. National and international regulators are insisting on tighter security practices, with the EU in the lead. Its IDAS regulation, launched in 2018, defines security log-in procedures that can be used from anywhere to anywhere else in the EU, with high levels of assurance for enterprises and users.
Theft and the need for awareness. We often see cybersecurity as being different from “ordinary” criminal activity, but in reality it is not. Physical theft of cards or wallets, information gained through trickery or carelessness are still key tools needed for any online criminal to prosper. That’s why training and awareness are the best antidotes to security threats: people make the difference here, one way or the other!
Practical actions
Our connected economy provides transformational benefits, but the price of success is constant vigilance. NTT DATA will support you with an integrated programme of activity, designed to keep you, your people and customers safe and secure, while unlocking the full benefits of cloud, distributed working and online collaboration. We do it through:
Identity Consulting: working with you to identify your current status, levels of capability, areas of weakness or immediate concern, together with short, medium and long term plans to put in place an effective security strategy.
Digital Onboarding: making sure that emerging services are secure from day one by implementing effective security methods for all new users, building digital indicators into the process from the start.
Digital Governance: overseeing all activities from a security viewpoint, to ensure compliance with all relevant regulations, with a single view of the truth from end to end.
Proven IAM & CIAM Strategies: best practice methods and solutions for within the enterprise, across complete ecosystems and covering large populations of external customers.
Privileged Account Management: ensuring that carefully supervised administrators can validate the secure operation of all processes, services and systems.
Our summary? The world of networked cloud changes the rules of the game in many aspects of how we work. Yet in security, the basics remain the same. Compliance, good behaviours, training and awareness, plus best practice tools, constantly updated are the keys to safe, profitable operation in this new environment. NTT DATA understands the cloud better than most: we’re doing more than most to create it. Talk to us about enterprise and customer security- we have an integrated vision and integrated solutions.