Atos Digital Vision: Cybersecurity 3
More than two and a half thousand years ago, the philosopher Heraclitus famously observed that
“there is nothing permanent except change”
While the pace of this change has increased exponentially over the last few years in no small part due to the pandemic, much of it in the digital sector has been welcomed by businesses, governments and citizens.
The pandemic turbo-charged the transformation of how we live and work – a two-year period of intense change that would have otherwise taken about five years, forcing organizations to rapidly accelerate their digital transformation journeys. As a result, the expectations and demands of citizens and customers of goods and services has only increased.
There is much to appreciate about rapid change but the need to keep pace with technological change can mean adopting new technologies, often before their vulnerabilities are fully understood.
Discovering flaws and security vulnerabilities can take time. However, the imperative to meet demands for an increasingly digital-first approach to the delivery of products and services, increasing cyberattacks from both criminal and state actors, alongside a digital skills deficit in both businesses and consumers, means that the exposure to cyber risks is greater than ever. The tension between the drive to innovate and the need to keep data secure is something that can only be resolved if governments, businesses and citizens work together.
To add to the complexity, different regions, countries and cultures have differing legislation and regulations governing the management and movement of data, and this landscape is subject to constant change.
In the cybersecurity field, critical tasks like identifying the risk exposure of an environment, implementing preventive protections and recovering normal operations after a security incident are still largely performed manually.
The increased reliance on connected, online systems has made businesses more vulnerable to cyberattacks as well as cybercrime. Businesses and organizations of all shapes and sizes need be more strategic, innovative and engaged in the way they approach cybersecurity if they are to stay ahead of these challenges and ensure their success in our increasingly digital future.
It’s a challenge, but a crucial one — as Heraclitus also said:
“big results require big ambitions”.
In this latest Atos Digital Vision: Cybersecurity 3, we explore some of the most pressing issues in cybersecurity and provide organizations with insights into how they can define or adapt their cyber strategies. Examining four core themes – digital transformation, digital sovereignty, zero trust and cloud – this paper provides ideas and guidance from experts in the cybersecurity field that can be directly applied within individual organizations.
Securing digital transformation
The pre-pandemic cybersecurity landscape was one, for the most part, where cyber risks were still perceived as an issue for individual organizations to grapple with alone.
COVID-19 upended the cybersecurity landscape. The rapid increase to remote working meant IT departments found it increasingly difficult to control the connectivity path of employees.
As organizations adapted to the ‘new normal’ of the pandemic, many embarked on digital transformation programs despite some not having effective security mechanisms in place. This was despite becoming more reliant on public cloud and SaaS applications.
Even as security risks multiplied, in-house cybersecurity leads were operating with new systems, often with limited visibility of what employees were doing. As workers became remote, so too did customers, meaning that maintaining a secure online environment became doubly important for business.
These security challenges have been further compounded by the fact that organizations increasingly found themselves part of ecosystems of interdependent service providers, further reducing their control.
To address these issues my colleagues Vasco Gomes and Dan Schaupner highlight why companies should place cybersecurity at the centre of every digital transformation project they undertake.
Microsoft’s Sarah Armstrong-Smith looks at how global instability has impacted risk appetite for companies and what that could mean for the future of cybersecurity.
Understanding digital sovereignty
As organizations have come to terms with a wider array of digital risks spread across an increasingly diverse business ecosystem, policy makers and regulators have begun to raise concerns around data, technological and digital sovereignty.
The concept of digital sovereignty itself is critical yet poorly defined. In their article, Zeina Zakhour and Vasco Gomes seek to untangle the different aspects of sovereignty and explain why increased understanding is increasingly crucial to effective long-term decision making.
We should consider data sovereignty and technological sovereignty as the two pillars of digital sovereignty, reflecting the degree of control an organization has over its digital environment, including data, applications, software, systems, and hardware. Consequently, if organizations are to successfully achieve data sovereignty there is an urgent need for employees to take an active part in delivering this.
For many organizations this will require a radical cultural shift and a renewed emphasis on training. Effective navigation of these issues could be the difference between an organization’s future success or failure.
Marianna Peycheva explores this in her article, addressing why it is important to put people at the heart of strategies to deliver data sovereignty. Barbara Couée writes about managing 5G risks and how collaboration is needed between national and regional institutions across the technology value chain.
“The tension between the drive to innovate and the need to keep data secure is something that can only be resolved if governments, businesses and citizens work together on common solutions.”
Reducing risk through zero trust
With so many organizations grappling with the need to defend an ever-expanding attack surface from cyber threats, one option is the so-called ‘zero trust’ approach to cybersecurity. A zero trust security model is deployed to ensure end to end cyber and cloud security, based around the principal that “trust is never granted implicitly and must be continually evaluated.” In this environment, all users of a network must be authenticated, authorized and validated before being granted or retaining access to applications and data.
Zero trust has far-reaching implications for the way in which organizations protect against and detect cyber risks and Farah Rigal examines what this means in practice for those seeking to reboot their cybersecurity approach.
However, the full potential of a zero trust approach to cybersecurity has yet to be fully recognized. Aaron Chu’s article examines how context-aware security can enable organizations to balance strengthening cyber defenses with a smooth, secure access experience. Meanwhile, Yann Morvan notes how a zero trust approach can best be calibrated and Panos Zarkadakis provides some tips on introducing zero trust and the benefits it can bring.
Securing the cloud
Many organizations have realized the cost and efficiency gains alongside the potential to quickly innovate offered by cloud computing. Whether organizations are moving to private cloud, hybrid cloud or public cloud, cybersecurity should be a central consideration in the migration process. Wolfgang Baumgartner looks at why it’s vital to consider cloud security at the earliest possible stage in the migration strategy. Picking up the digital sovereignty theme, Pierre Brun-Murol and Vincent Dupuis take a look at the concept of Sovereign Cloud, while Harshvardhan Parmar examines how AI can help simplify cloud security.
There is a vast, evolving landscape with ever increasing and adaptable bad actors willing to exploit the positive and innovative ambitions of those who seek to deliver better, exciting services and opportunities from digital. Our collective role is to ensure that the digital society that is becoming omnipresent and essential to our lives is one that can be enjoyed safely and with confidence, for that we must stay ahead and keep innovating.
Digital Vision: Cybersecurity 3 – Further Insights
From across Atos and beyond, find out more about cybersecurity challenges and how organizations can respond to cyber threats