Ushering a New Era in Enterprise Security

Mandy Huth, VP of Cybersecurity, Kohler. Co

As the enterprise security landscape continues to witness numerous technological advances and undergo massive digital transformation, organizations realize the value of blending the foundational security principles with the latest technological developments. As such, it is imperative for organizations to keep pace with the recent advancements while not losing sight of the core foundational principles when it comes to enterprise security.

HOW DO YOU THINK BUSINESSES SHOULD PROGRESS IN TERMS OF SECURITY AND ENSURE THAT THEY HAVE THE FOUNDATIONAL COMPONENTS REQUIRED TO SOLVE THE BASIC SECURITY CHALLENGES?

In this ever-changing IT and security arena, professionals need to be business enablers and not inhibitors to ascertain that business can move at the pace that it needs to. As organizations increasingly transition to the cloud, the importance of interoperability among different systems and technologies continue to rise with time. From a security perspective, enterprises must focus on the topmost critical security controls and deploy them to check important boxes, be it running a vulnerability management scan, establishing a secure configuration, or ensuring that the right people have access to critical data. For instance, The Center for Internet Security (CIS) Critical Security Controls is particularly convenient in this respect; there are 20 essential security controls that are easy to work with. Further, it is important that this process enables business leaders to make informed decisions and move forward when they have met the minimum grading requirement to stay ahead of the pack.

Security is all about communicating, creating visibility and transparency, while adopting a risk-based approach and creating acceptable risk tolerance to propel organizations into the next phase of evolution.

Security is not merely a cybersecurity or IT problem; it is a business problem as well. To create guard rails for businesses against potential threats, organizations must take a risk-based approach to ensure a solid security framework. Depending on the sensitivity of the data contained in an application or system, it is vital to deploy the right security controls. For specific applications, it might be as simple as ensuring the right people are accessing the data and implementing them securely, while when it comes to critical systems holding important information, such as CRM systems, it is crucial to invest ample time in reviewing the vital components such as high volume data transmission and storage, as well as privacy, in security projects.

WHAT ARE SOME OF THE CHALLENGES AND TRENDS THAT YOU ARE CURRENTLY SEEING IN THE MARKETPLACE?

One of the most significant opportunities I think in our industry today is orchestration. The challenge is, even though there are multiple providers ready to assist with automating workflows, businesses either do not have the time nor resources required to implement automation. However, some of the best-in-class organizations are taking the necessary time, maybe a month or eight weeks depending on their size, out of their core project planning process to automate their workflows, in turn, saving their time two-folds and beyond in terms of orchestration. Amongst these different orchestrations, including service task and network orchestration, the one I am cautiously optimistic about is API orchestration. Imagine the time and resources security teams can save if they are not required to do a risk assessment on every API integration implementation and rather outsource it to an organization that specializes in it.

In my opinion, API orchestration has immense potential to free up enterprise resources and enable security leaders to focus on being better business advisors.

WHEN IT COMES TO THE FUTURE, WHAT ARE THE OTHER DISRUPTIONS OR ADVANCEMENTS THAT YOU SEE EMERGING IN THE ENTERPRISE SECURITY LANDSCAPE?

The biggest buzzword today is “digital transformation,” and consequently, IT and security organizations now have to become more efficient and automated to be able to scale swiftly. Digital transformation goes hand-in-hand with the culture shift because oftentimes, it is not the technology that fails us, but our business processes. To stay abreast of the current changes, security teams must be able to adopt the right mindset to innovate quickly, make good decisions, and streamline their business processes. Besides, with cloud migration gaining steam, scaling up the business while reacting to the changing market conditions rapidly has become easier than ever, even for small groups that do not have considerable funding at their disposal. Enterprises that fail to adapt to this digital revolution and make the transition to hosted platforms are at a greater risk of becoming obsolete in the next five years.

WHAT ACCORDING TO YOU, IS THE RIGHT APPROACH TO IDENTIFY THE RIGHT PARTNERS AND SOLUTION PROVIDERS FOR A PARTICULAR BUSINESS?

When it comes to enterprise security, first and foremost, it is crucial for an individual to have a thorough understanding of the business as a whole along with their core mission and objectives.

For budding entrepreneurs embarking on a new venture, I would say, it is essential to get a good handle on business processes, identifying if there is a lag or delay and how it can be improved. You must be aware of what is it that you are trying to fix before actually fixing it. Also, creating an effective strategy for leveraging the right security partners goes a long way in improving efficiency in this fast-evolving digital landscape. This includes identifying capabilities you will keep in house versus leveraging partners with capabilities not core to your business. Security is all about communicating, creating visibility and transparency, while adopting a risk-based approach and creating acceptable risk tolerance to propel organizations into the next phase of evolution.