Security is a big issue for employers when dealing with Digital Transformation. Greg de Chasteauneuf, Chief Technology Officer (CTO) at Saicom, explains how there is no such thing as a 100% safe network.
Today more than ever, security can be seen as one of the biggest inhibitors of Digital Transformation because it relies on CIOs opening up their networks and relying on employees not to unwittingly expose their business to cyberthreats. In too many organisations, there is still a belief that if employees are sitting in the office behind the firewall, that they are safe from security threats.
The reality is that employees, whether in office, or working remotely, click on links that they shouldn’t; inadvertently install malware, get access to and move laterally within the networks. Today, there is no such thing as a 100% safe network.
CIOs need to work on the basis that security is no longer a point of demarcation and the perimeter firewall is dead. Applications and content can be accessed from any device, from any network.
The days of cybersecurity being available only to the elite, centralised few is rapidly diminishing. The democratisation of cybersecurity is happening and security is rapidly moving to the Edge device, branch and application itself.
What this means is that CIOs need to embrace the changes and realise that security can no longer remain a hurdle to Digital Transformation.
We believe that security needs to be embedded into every single thing that businesses do. Not just in one layer but in multiple layers and in every single application. Ensuring that business applications check the right boxes are paramount and non-negotiable. Simple considerations like end-to-end encryption, multi-factor authentication (MFA), trust tiers and having a clear view of who owns which machine in the network are key.
Most modern SaaS applications today address these security concerns. It is however antiquated applications that still require users to “Remote VPN” into head office or a data centre.
CIOs need to be taking a serious look at how they move away from remote VPN access for employees and other third parties. They need to adopt a zero-trust, perimeter-less model.
Who is to say that a remote user’s machine won’t be compromised. And when it does, the bad actor has access back to the mothership.