Launching a Digital Transformation? Make Security a Priority

Digital transformation efforts—designed to tap the power of mobile, internet of things (IoT) and other edge technology to improve business results—are already underway in many organizations. They will likely shape the way businesses operate for years to come, across a wide range of industries. The Gartner “2018 CIO Agenda Industry Insights” report shows that all industries rank digital business as one of their top 10 business objectives. The study further notes that, “Of the 11 of the 15 industries participating, CIOs ranked digital business/digital transformation among the top three business priorities for 2018.”  Why is this happening?

Among the forces at work are pure business incentives. Digital and mobile initiatives can enhance, accelerate and otherwise improve a variety of practical business activities, helping enterprises increase productivity, engage with customers and leverage new insights.

To illustrate: When a field rep needs information to support customers, an edge app on a mobile device can provide access to that data—making customer service more efficient. When a manufacturer or telecom provider needs to monitor and control equipment, smart LAN- or WAN-connected devices can sense and collect data, enabling real-time effectiveness and reducing costs. In these and hundreds of other use cases, organizations can leverage a combination of ubiquitous, connected edge devices and both custom and off-the-shelf apps to support these efforts.

The rise of the edge. Another factor driving digital transformation is the dramatic increase in computing power being built into edge devices—tablets, smartphones and laptops, certainly, but also IoT sensors, virtual reality (VR) systems and other endpoints. To optimize their digital initiatives, enterprises will push computing cycles from centralized or cloud-based servers out to these endpoints, to leverage their growing compute capability, minimize latency and empower end users.

Many critical enterprise assets and resources will, of course, remain behind network firewalls. But access to these resources is needed for edge apps and devices to deliver on their promise to end users.

New power, new risks. The proliferation of devices and apps presents significant security challenges. Hackers and cybercriminals are fully aware of the growing power of edge devices—and of their vulnerabilities. Attackers can exploit weaknesses in devices, apps, networks, back-end servers and other assets, even gaining access to corporate IT resources or bringing down systems and halting business. Malware, hacks and data or infrastructure breaches can derail digital initiatives, violate customer and user privacy, expose enterprise assets and undermine brand trust.

To mitigate these risks, enterprises must implement access control, user authentication, device status, data protection and other security measures—preferably in a manner that’s consistent across all initiatives.

Conventional, device-focused security inadequate. With mobile and edge computing, a device-centric security focus has been both challenging and, in some cases, inadequate. This is especially true with unmanaged endpoints, as is common in bring-your-own-device (BYOD) scenarios. Device-focused security can also have a negative impact on the end user experience, undermining user adoption, upon which success depends.

App-centric security—a forward step. A more effective way to solve the edge security challenge and protect corporate systems and data is to focus on securing apps. But coding security into apps—and then maintaining that code as apps and environments evolve—is time-consuming and costly and can distract enterprises from their core business.

Security policy management and injection. A new approach shows significant promise to enable organizations to configure flexible yet powerful security policies, using an intuitive central console and without writing or maintaining any security code. Those policies can then be directly injected into new or existing apps.

These military-grade security policies can include user and device authentication, encryption of at-rest and in-transit data, enforcement of data-sharing rules and more. With these policies in place, apps can be distributed through normal channels, such as enterprise or public app stores. Security policies can be adjusted at any time through a central console, with no need to recompile or redistribute the apps that enforce them.

By managing security through all its critical business apps—both off-the-shelf and custom-developed, as dictated by enterprise needs—an organization can protect all of its users, data, devices and infrastructure. Consistent security implementation across the enterprise is significantly easier. The enterprise also retains control of the data and the security functions—a capability not possible through most device-centric security technologies.

At least one more important capability comes with policy management and injection: the power to easily collect and analyze usage information from millions of edge devices. The resulting insights can help enterprises optimize their digital transformation efforts and to identify new digital opportunities.

Digital transformation, enabled. Bringing app-centric security policy management and injection to an enterprise means every stakeholder and asset can be protected, with less effort and greater flexibility than through conventional security methods.

The enterprise wins. Why? Because this innovative security technology focuses on mobile apps, not devices. Because app developers and security administrators are relieved from coding security.  Because this technology ensures enterprise access and control over critical data and delivers otherwise difficult-to-expose insight. For all of these reasons,  security policy management and injection promises organizations the tools they need to leverage every advantage digital transformation has to offer.

John Aisien

Avatar photo

John Aisien

John Aisien is co-founder and CEO of Blue Cedar and brings a wealth of experience as a successful enterprise software product and go-to-market executive. His roles have spanned strategy, IT consulting, and stints running multiple functions in emerging, high-growth start-ups and large enterprise software firms. He was most recently the president and COO of Mocana, where he ran go-to-market operations, including sales, marketing, corporate development, product management, and professional services for the Atlas platform business. Before that, he was the VP of product management for Oracle Fusion Middleware, the digital business platform for the enterprise and the cloud. John joined Oracle in November 2005 as part of its acquisition of Thor Technologies, a leader in enterprise identity and security management software. Prior to Thor, John was a strategy and IT consultant at Deloitte Consulting and Gemini Consulting. John serves on Blue Cedar's Board of Directors.

john-aisen has 1 posts and counting.See all posts by john-aisen