Image: Erick Reyes, Thales
It’s hard to discuss digital fitness without examining the fundamentals that make it possible
, and there's nothing more fundamental to digital success today than security.
But leaders face a conundrum: they need to deploy digital services quickly in response to changing market conditions and customer demands, in a way that doesn’t open the door to cyber criminals.
Erick Reyes has worked with numerous organisations to keep their data safe. As the regional sales manager for Thales, Reyes does this by helping them adopt a new approach to data encryption that ensures their data is secure no matter where it is.
Why do you believe encryption is a fundamental part of an organisation's digital capability?
Encryption is one of the security tools that enables you to innovate with speed. It's like a high-performance car – you wouldn't feel comfortable driving it fast safely it unless you knew that there's something you can leverage to stop you.
Organisations that we speak to today face previously unseen challenges brought on by disruptions in their markets and supply chains. Most of the time, these organisations have had to revisit and recalibrate some of their fundamental processes. More and more, to be successful means moving to the cloud, and all of a sudden you no longer have that safety net of a perimeter or a moat around where your crown jewels - your sensitive data - sits.
The way most organisations we speak to see that protection coming is through encryption. Being able to encrypt that data allows them to be more nimble in terms of innovation. But then the question is, how do I apply it without slowing my organisation down?
We've had encryption for decades though, so what's really changed to make it more important now?
Recently, we ran a data threat report that we compiled with 451 Research, which surveyed about 2,600 executives that highlighted an increase in adoption of cloud computing. But that’s also introduced significant risks and security challenges. When organisations review what they're responsible for in the cloud shared security model, they find that they're ultimately responsible for the security of their data. But the challenge here is that their data resides outside their organisation's perimeter. So now they need to work out how to best protect this data, whilst ensuring that they maintain the performance needed by their organisation.
So how should an organisation go about embedding encryption into its innovation and development programs?
When we speak to organisations undertaking this security and digital journey, one of the key reasons why there is a lack of maturity with their data security approach is the complexity of managing legacy encryption technologies. Organisations typically employ five to 10 different management solutions. This is historical, as most technologies that they use include basic encryption mechanisms.
So what we're seeing with our discussions is a data security platform approach. Thales has a great tool called the CipherTrust Data Security Platform, which is allows organisations to reduce overhead, because you can manage all your encryption technologies from a single platform.
This ties into their existing infrastructure and in to native API calls. So this enables them to not only speed up, but to tie into the orchestration tools. And the developers are happy because suddenly security comes as they build. So the data security platform approach is fast evolving and provides organisations with a tool to enable their digital transformation with less complexity and without slowing down progress.
Can you give me an example of an organisation that's used encryption to accelerate its digital program?
Sure, we're currently working with a financial institution, where we've gone on the journey to leverage the CipherTrust platform as the foundation of their digital transformation strategy. The question was, how do we help secure their data without slowing down their digital strategy?
The challenges in their environment that we found were around reliability and performance. There were multiple encryption tools, which were negatively impacting the end users, developers and old applications. They had insufficient security controls and the native encryption tools in the databases were inadequate to meet compliance requirements and didn't give them the non-repudiation that they needed.
So when we started talking about designing and deploying a solution, the customer chose the CipherTrust Data Security Platform to secure sensitive data across the enterprise. This allowed them to lower overhead and simplify management, as the platform’s console allowed them to apply more granular policies to provide that non-repudiation control they needed.
So how should security professionals go about convincing their colleagues to take this approach?
The conversation typically starts with compliance. When you start there, you're able to look at what their business really wants. This approach can help meet compliance requirements and build trust with customers. So start talking about how this platform approach can actually assist to meet business goals and ensure that security is on that critical path to compliance.
So how do you know when you have the right capabilities in your organisation?
When you start seeing that security is no longer holding you back from the objectives of your digital project you might find that your organisation doesn’t have the necessary encryption experts. However you can always ask us – we'll be happy to point you to the right direction. Ultimately, when you start seeing digital transformation accelerating or working without security hampering it, then you know you've got the right skill sets in place.