IT security: The unjustified fears that hinder innovationLaxmi Sharma
A question that has always bothered many CIO’s –
“How to strike the right balance between digital transformation and business continuity and overcome the fears of innovation?”
Once, James Joyce, a famed writer said, “Mistakes are the gates of discovery”
This principle of positive psychology, valid for everyone’s life, also applies to the world of IT companies who are always learning from their mistakes, and trying to understand how they could have been avoided. The resurgence of cybercrime attacks in recent years has caused a veritable wave of paranoia among public opinion and business.
If there are reasons to worry, do not panic: Cybercriminals who are ready to seize your identity, hold your data for ransom or to paralyze a company may be counted in millions, but the real threat lies rather within your organization. The breakdown suffered by British Airways is a very good example. It paralyzed its computer systems blocking many planes and disrupting the current flights, impacting more than 70,000 passengers with a total bill for the company exceeding 115 million euros.
When the failure occurred, everyone immediately thought of a cyber-attack. An understandable conclusion knowing that the same year, the companies went the worst attacks ever seen, with notably WannaCry and NotPetya. But British Airways quickly dismissed this idea, with good reason. In fact, the failure was caused by an IT engineer who made a mistake in protocol tracking. The emergency generators did not take over immediately, this translated into 15 minutes of total interruption of the activity. Result: millions of euros lost, a blow to the brand image of the company and an IT team that showed its weaknesses.
According to forecasts by analyst firm Gartner, by 2018, investment in computer security will reach at 78 billion euros, an increase of 7% in just one year.
As more and more companies migrate their applications and systems to the cloud hosting environment, this number is expected to increase further. In the UK, small and medium sized businesses are more concerned about cybercrime than Brexit, as they plan to invest more than 4 billion euros in the next 12 months, according to a published study by Barclaycard (a division of Barclays plc.)
In fact, it is important to understand that data is the most valuable asset of companies, and ensuring their protection must be a priority. Companies must identify their weaknesses before hackers to always have a head start.
Maintain stability in times of uncertainty
There is nothing more difficult today than finding the right balance between digital transformation and the continuity of business activity. Business leaders and managers are under intense pressure to innovate quickly, while working with IT teams and application developers and managers, to ensure that IT foundations, and thus data are stable, secure, compliant and reliable.
Because, as we know, in fact, as it develops, the company is increasingly exposed to various threats, simply because of its growth, its transformation and therefore the establishment gets increasingly complex and heterogeneous. With the digitization of businesses expected to lead to 1.6 billion euros of investment by 2020, IT systems will become more complex around the world. Solutions that reinforce critical infrastructure, with a constant desire for innovation, inevitably introduce a potential for instability and unpredictability that can be difficult to manage.
But with this in mind, safety should not be a barrier to innovation. Businesses need to continue to embrace the disruptive technologies of cloud and mobility as they make it easy to integrate these new practices into their processes that allow them to achieve this balance. This make it possible to introduce new services and products for their customers more quickly by controlling risks.
Innovate without fear
Fear has no place in a company that has embarked on an innovation process. CIOs therefore focus on developing innovative services based on existing IT infrastructure and different architectures of new models and delivery platforms. Linking the old and the new allows an organization to innovate faster and control risks, reducing exposure to cyber-attacks or data theft.
Whatever the current stage leading to its digital transformation, a company must keep in mind four principles when defining its strategy:
1) Automation is a guardian angel: automating the patches for applications, updated patches for the most used software/application can guard against attacks type like WannaCry. The ransomware has impacted more than 300,000 systems worldwide; and all had not yet applied the patch released by Microsoft two months earlier.
2) Agility reduces risk: Harnessing the power of DevOps enables organizations to design, build, test, evaluate, and deploy applications faster, with much less risk at their fingertips. IT teams and developers work hand-in-hand to ensure business continuity and security, without the detriment of innovation and business growth. This approach gives businesses the competitive advantage they need to continue their development.
3) Secure access to data: This point, obvious, is often overlooked. One of the famed medical insurance company, recently endangered the personal data of more than 500,000 customers because one of its employees had access to it and mishandled it. It is therefore essential to have the right tools to control and monitor access to critical and sensitive data and systems by internal and external users.
4) Be proactive rather than reactive: why? Because it will probably be too late. Systems that have been inactive for a while must be treated as a priority because they demonstrate a lack of business experience in managing bugs or vulnerabilities. In case of attack, it will have two late trains. Never forget what 15 minutes of downtime did to British Airways. Whatever precautions are taken, the systems will inevitably fall down one day or be attacked. But that does not mean that you have to be fatalistic! Organizations that build, test, and deploy applications in a reliable and secure manner can mitigate risk. These measures also make it possible to install applications faster.
Netflix is an example of a company that has opted for a bold innovation policy at 100%. It has deployed a technology called “chaos monkey”, which is combining through all of its infrastructure to automatically disable applications when needed, to be more resilient in the event of a major outage or attack. Chaos monkey works in the background, tirelessly, to ensure optimal protection.
Netflix is one of the most innovative companies in the market. Its ability to find the right balance should be a source of inspiration for all companies because innovation and safety always go hand in hand.
Businesses that are aware of this and react quickly will be able to seize the right opportunities and, in doing so, beat out the competition. Instead of waving the curse on cybercrime at every strategic meeting, it’s better to study, understand and optimize the inner workings of the business to see where the real threat to the business lies.