Video: Cyber Strategy Interview Q1 (Threatscape)

Digital transformation is a strategic business change. What are the challenges and how has Covid 19 impacted this?







VIDEO TRANSCRIPT

So the question is digital transformation is a strategic business change what are the challenges and how has kovid 19 impacted this

Thanks Jonathan digital transformation means many things to many organizations it can be a shift from on-prem to cloud automating the business and in some cases changing the entire customer engagement if we look at banking today we do it on our app from our phone rather than go to a branch so businesses are demanding more and thus putting more pressure on IT the the better your rit the more profitable organization is so i t teams now need to deliver better services software faster and at a reduced cost so if we take banking today we use our mobile apps we've got online gaming we've managed our utility bills and even our waste collection providers so the customer the user experience is that it's got to be available 24/7. okay i've got to have that anytime anywhere so delivering enhancements to those applications as an example can be a real challenge and it's not an option to take the app offline so we've witnessed in recent times what happens when poor code is released in enterprise enterprise-wide applications with some banking organizations and with security um you know people think well you know we just lift and shift from from on-prem to cloud and it's like you can't do that it's not that simple there are very few tools out there that can migrate from on-premise to cloud simple reason it's a different infrastructure it's a different architecture in many cases you're simply migrating a problem or creating more so what i would say is today the decision to accelerate digital transformation and move to the cloud that's been made okay it's no longer a thought process it's been made it's a reality covert 19 has acted as a catalyst for this digital transformation back in march satya nadella of microsoft said two years of digital transformation has taken place in two months i'd love to get his perspective on it today it's not a discussion as i said it's reality and it's become somewhat of a free-for-all a little bit like the wild west and spinning up um instances in the cloud but the benefits more often outweigh the risks if we look at cloud computing it offers elasticity and scalability at speed the deployment times and the ability to scale up now is in in seconds or minutes whereas historically that would have been weeks if not months and cloud providers make this automated infrastructure scaling really really simple but this means we can spin up any time anywhere a cloud instance and what about the security and compliance side of that so we break that down a little bit into the infrastructure applications and data i wanted to step back a little bit and talk about the people working from home so we've got the majority of workers now working from home as a result of the pandemic and this has just accelerated the remote working concepts for organizations the kind of two barriers to that historically would have been infrastructure and trust i'm going to say trust has entrusted the human beings go and do their work working from home so that box is ticked and we are now looking at the infrastructure which had to be rolled out really quickly and a lot of companies did a really good job of doing that but now the security spotlight has been shown on that infrastructure so your your perimeter is is now ubiquitous and it's porous okay i'm sitting here i have a laptop of a mobile device over here i've got a playstation you know i've got so many things that are here that are connected so it's not about having better breed perimeter security sure that's still important but we've got to understand that against this new perimeter so who am i um we talk about the zero trust concept and that's about you know trust nothing until you verify if effectively so we look at the who what where when why and how who's coming into my network what resources are they accessing on my network where are they accessing it from are they coming from a geography that would be normal behavior why are they accessing the information is this something that is involved with their job or are they trying to access something they would not normally access and how are they accessing it mobile device laptop and so on so we can build conditional access around identities and this reduces the attack surface securing your users and their devices remotely is paramount and that means um pushing out the patches and updates but you should not have to connect to the vpn to get those updates you should simply be able to connect to the internet and again and receive those updates so if we take it then that our users are somewhat secured and managed and what about the cloud infrastructure that they're accessing so changes and updates the cloud infrastructure today are made of cloud speed and not on schedule basis and it brings risk and reward you get feature enhancements delivered really really quickly but organizations need to have the visibility and security and compliance across that estate um so as a kind of as a starting point you need to get discovery of your cloud uh cloud infrastructure and then check that against security standards and requirements and where possible compliance be a regulatory or internal standards so what we have seen um in recent times and indeed we read some of the statistics that are out there but many organizations who are embarking or have embarked on this and adopting the cloud strategy and they've got more than one public cloud provider so they may have aws with azure or google or alibaba and one of the others so now we've got security teams their faces delivering the mechanism back to the business to demonstrate security are more often not compliance across multi-cloud avoiding multiple security tools we often talk about consolidation but avoiding multiple security and compliance tools to cover the multiple cloud estates is essential and it's about the consolidation and keeping it simple and it can be kept simple with solutions that not only assess your security requirements and compliance across multi-cloud but this assessment can be done in hours and not weeks being able to identify the vulnerabilities across your cloud infrastructure and remediate at the touch of the button brings a lot of comfort to security teams um i want to finish up just looking at the the area of devops and and this is a function that is growing rapidly as more organizations embrace digital transformation so devops are charged with enabling the business by supporting third-party applications and building custom applications and custom code and there environment itself has evolved from virtual machines uh moving into containers to speed up the the continuous integration and continuous develop and the deployment of software that's cid cd we often we often refer to our job and security is to safely enable them to do it so our solutions now mean that devops and secops teams can work together providing a secure compliant environment for devops to continue that work and working at cloud speed and then the business can take comfort that their environment is secure and compliant with a comprehensive audit trail now we've yet to talk about uh details on securing identities and data but be aware of the consequences and i think just ask british airways about their reduced fine of 20 million but we'll have more on that later thanks very much for your time