Let’s talk Digital Transformation. Digital Transformation is the use of new, fast and frequently changing digital technology to solve problems. An example of digital transformation is cloud computing. It reduces reliance on user owned hardware and increases reliance on subscription based cloud services. As the technology we rely on to get our work and personal tasks done advances, we gain many advantages including applications that work across any platform like Mac, PC and mobile and accessibility from nearly any location. Like most developments throughout history, along with progress comes new advantages and new challenges. On the challenges side, this causes us to drastically change our approach to security.
We used to protect our business environments by putting all of our IT services behind a firewall. The premise was that any person inside the perimeter (e.g. employees) would be able to access the data stored within, while those external to the company would not be able to access that data. Digital transformation has brought a new proverb to cybersecurity: Identity is the new perimeter. Identity is becoming the foundation of security. It is now more important to identify the who first, more than the where, when or what. In 2020, it is imperative that security is seen through the lens of Identity, rather than that of infrastructure.
Before digital transformation, many organizations had built a content-aware security program to complement on-prem data storage, which primarily considers questions, such as:
-
What data do I have access to?
-
What does the data look like?
-
Where is the data moving?
Embracing digital transformation goes hand-in-hand with migrating data to the cloud. It's critical to build a context-aware security program, which focuses on the identity of the user accessing the data. Who is requesting access and what is the intent?
Context-aware security programs place an emphasis on determining who the user is, what information/data asset they’re requesting, how the user is connected, why they’re requesting the data, where they’re located, and when they’re requesting this information.
Context-aware Identity programs provide a holistic view of data access, versus focusing on the data itself. While many organizations used to operate under implicit trust regarding employee data access, this is no longer the case.
Excessive employee access remains one of the fastest-growing unmanaged risks facing cyber security teams. At small businesses, people often wear a few different hats. When these companies grow and roles change access needs to be updated and more refined. Many small businesses don’t develop the key identity business processes or controls and add applications and tools without identity considerations. The tools selected should support automation and drive efficiency, but the foundation of a strong identity principals must be in place.
If you find yourself and your business going through digital transformation without an Identity Management plan, give me a call or fill out the form below and we will help you figure out what to do about protecting your company!
