Manage episode 275629369 series 2478315
All links and images for this episode can be found on CISO Series (https://cisoseries.com/defense-in-depth-securing-digital-transformations/)
Digital transformation. It's definition is broad. Meaning securing it is also broad. But there are some principles that can be followed as companies undergo each step in a deeper dive to make more and more of their processes essentially computerized.
Check out this post for the basis for our conversation on this week’s episode which features me, David Spark (@dspark), producer of CISO Series, co-host Allan Alford (@allanalfordintx), and our guest is Paul Asadoorian (@securityweekly), founder & CTO, Security Weekly, and chief innovation officer, Cyber Risk Alliance.
Thanks to this week's podcast sponsor, Keyavi Data.
Our Keyavi breaks new ground by making data itself intelligent and self-aware, so that it stays under its owner’s control and protects itself immediately, no matter where it is or who is attempting access. Keyavi is led by a team of renowned data security, encryption, and cyber forensics experts. See for yourself at keyavidata.com.
On this episode of Defense in Depth, you’ll learn:
- Digital transformation is about relying on computing technology for more integral processes and aspects in our daily work lives.
- Lots of debate on the definition of digital transformation and as well securing digital transformations.
- Definition: A targeted change to process and technology for the benefit of the people.
- Definition: increasing levels of interoperability of information.
- We heard the recurring argument of the need for security to have a seat at the table at the beginning of a digital transformation, and not at the end. But at the same time reality sunk in and it was argued that security doesn't get to dictate that. And if security tried to, it would create a greater wedge with the business.
- When security is brought in at the end though, security has no option but to disrupt the business. Then no one is happy.
- Digital transformation simply introduce new risks, often greater risk. If the point is to integrate more of your processes, then that integrates the risk as well.
- If you're undergoing a true transformation, you are looking at core processes and saying, "What new tech facilitates, streamlines, and/or actualizes these core processes?" You no longer have to settle for shopping for a solution and then smashing your processes up against it.
- Your security tools should also undergo a transformation. That includes a transformation in monitoring as well.