In Aikido, a Japanese art of self-defense, a master practitioner blends and redirects the motions of attackers instead of confronting their force directly.
Similarly, businesses security leaders must to shift from the traditional, control-focused defensive postures to deal with increasingly sophisticated cyber threats. Despite the resources invested in security, many still fall prey to attacks.
A proactive stance aligned with business priorities can address a number of needs: data protection, understanding potential threats and the changing demands of a global and mobile workforce.
Such an approach should readily integrate with other operations. This includes cloud services, suppliers and identity and access management technologies, as well as information security currently in place.
The five most common issues that need to be addressed to achieve effective, proactive security are:
Linking security and business—Tie security programs to business goals and engage stakeholders in the security conversation.
Thinking outside the compliance (check) box—Go beyond control- or audit-centered approaches and align with two key elements: the business itself and the nature of the threats the enterprise faces.
Governing the extended enterprise—Establish appropriate frameworks, policies and controls to protect extended IT environments.
Keeping pace with persistent threats—Adopt a dynamic approach including intelligence, analytics and response to deal with a widening variety of attacks.
Addressing the security supply & demand imbalance—Develop and retain staff experienced in security architecture planning and design, tools and integration to increase likelihood of successful outcomes.
We urge a five-step action plan to better secure your digital enterprise:
Assess your current security posture and adopt a business-aligned security strategy and road map.
Establish an enterprise security program and integrate it with existing processes to reduce complexity and achieve business results.
Embrace the cloud to boost IT flexibility and reach customers faster. Adopt security-as-a-service that meets business demands and addresses regulatory, privacy and security requirements.
Gain an understanding of threats, take an active defense stance, and use analytics to acquire “context awareness.”
Develop end-to-end delivery and flexible sourcing strategies for all security services, and decide which services to provide in-house and which to outsource to external providers.