Digital transformation (DX) is no longer an optional path for enterprises. The adoption of digital technologies, strategies, and a shift in mindset and culture, is instead an essential route for all businesses. As we enter a new decade, many enterprises will be continuing or expanding transformation roadmaps, whilst others will be dipping a tentative toe into digitalisation, and focussing on updating and innovating areas of their business. However, a significant number in both these camps will have failed to consider the security implications and heightened level of risk such moves introduce.
It’s easy to forgive this attitude, with the benefits of DX stealing the limelight and security issues relegated to the sidelines. Again, this is understandable, as the positive impacts of digitalisation are clear and are well acknowledged among business leaders. Three-quarters of respondents to a 2019 survey, for instance, said that DX will lead to greater agility, and 76% report that a modern digital IT infrastructure better positions their company to produce value for its stakeholders.
The value of DX
This value will not be realised, however, if business leaders fail to consider the security implications of DX and the vulnerabilities adopting such strategies could expose. In fact, in neglecting this key part of DX, organisations risk damaging the value of their service provision, failing to comply with industry regulation, and negatively impacting their image in the eyes of customers and investors.
Neglecting security is rarely intentional. Instead, the complexities of moving different functions of a business to multiple different locations (a key element of DX), is a complex process and one which throws up a number of security challenges. Traditionally, organisations stored and accessed data using on-premise infrastructure, which allowed them to manage and secure everything in a single, centralised location. Great for security, but – without the right approach – not so great for a business’ bottom line.
Cost vs security?
Traditional on-premise data centres are now too costly for many organisations to maintain, and instead we’re seeing a shift to a decentralised model where enterprises can tap cloud providers, SaaS platforms and proprietary data centres. The use of cloud and co-location centres is growing and by 2024, according to one estimate, more than half of global utilised racks will be located at off-premises facilities, such as cloud and colocation sites. The result is a distributed architecture which may be more cost-effective, but is often less secure.
For example, a financial services organisation may store different datasets in different locations. This information will likely be pretty secure when locked in these separate siloes, but when data from both is required – and traffic flows between the two – vulnerabilities emerge. The network may be unsecured and open to cybersecurity abuses, or the data itself may be intercepted by hackers due to the requirement for it to be decrypted when transmitted between different locations. GDPR and today’s sophisticated threat landscape mean that protecting sensitive data in dynamic environments is a major source of concern. This is true for all businesses, but especially so for those operating in sectors like finance, which must comply with strict regulations or else face significant financial penalties.
Fortunately, many business leaders are aware of the security implications of embarking on a DX strategy. Sixty per cent of respondents to a 2019 survey, for instance, said that the state of security among clouds would have the biggest influence on their cloud deployment plans going forward. Similarly, data security and compliance topped the list of variables which determined where an enterprise runs a given workload.
Encryption key management
The key to successful DX and robust security is the adoption of a strategy that combines physical and network security with robust encryption key management to mitigate threats without affecting performance. And key to this is Key Guardian.
Key Guardian uses Interxion’s cloud access and interconnected data centre network to securely store the encryption keys in a dedicated Hardware Security Module appliance outside of but close to the cloud. Businesses can guarantee that their processes and applications are scalable and perform at optimum levels, while at the time ensuring they comply with strict regulatory environments and offer robust data protection.
A DX strategy is essential to the success of businesses as we progress through 2020. However, it’ll only deliver value (for the organisation and its end-users), if it’s combined with a rigorous security strategy which incorporates protection of encryption keys and other cryptographic material.