Arash Ghazanfari, Field CTO and Principal Technologist, Dell Technologies [NYSE: DELL]
NAVIGATING A CHALLENGING REGULATORY LANDSCAPE
To thrive and maintain growth in digitally transformed economies, businesses must become technologically driven. Market forces demand more from businesses and those not willing, or able to, adapt and move forward, will inevitably be left behind. Customers demand more relevant and personalised value-added services, that can be consumed seamlessly. A data-driven strategy is critical in continuous innovation and developing a competitive edge.
With an accumulation of data comes other challenges. Regulatory requirements are typically perceived as barriers to innovation. It is true that policymakers have a responsibility to create a supportive regulatory landscape to protect our rights, but this can be done without stifling innovation. GDPR and other regulatory measures inspired by it are all about giving the individual control over one’s own personal and private information. There are benefits to embracing the GDPR framework, where businesses that respect this right and adhere to GDPR by having transparent and clear privacy policies will enjoy increased consumer confidence and can exploit newly found business opportunities.
Organisations that provide their customers with granular control over their personal data, tend to create more strategic and long-lasting relationships with increased loyalty. Customers will be more likely to share various aspects of their personal data in exchange for products and services that are more relevant to them. Businesses can build a trusted platform and a valuable ecosystem around their offerings.
Developing a data-driven business model can only be achieved through establishing intrinsic security within the fabric of the business architecture. It is vital to maintain information integrity throughout the entire data supply chain.
The majority of the advanced threats that organisations receive are either tailor-made to the targeted organisation or are aimed at specific industry verticals
We are seeing the rise of increasingly sophisticated attacks. Bad actors can subtly manipulate data at source and corrupt the information supply chain. It is important that data maintains its integrity throughout its lifecycle, and the models and systems that are designed to extract insight from data are not compromised in any way. To help mitigate such risks, businesses need to adopt secure by default, yet change-friendly architectures; and develop secure-from-the-start software and application delivery methodologies.
A bolt-on approach to acquiring and deploying numerous security controls invariably creates friction. Businesses must avoid the temptation of “point solution thinking” in an effort to reduce their overall exposure. Lack of a comprehensive technology acquisition and deployment framework without focusing on the desired strategic security outcomes will lead to a proliferation of bolt-on and disjointed security controls. This can lead to a substantial increase in operating costs whilst also adversely impacting the overall security posture within the enterprise.
By starting with the end goal in mind and developing intrinsically secure systems and processes, the time to insight is accelerated. Without a doubt, intrinsically secure businesses are also more resilient. Secure-by-default architectures enhance operational resiliency by maintaining multiple pathways to recovery. Teams will be empowered to take calculated risks, accelerate innovation, to fail-fast and learn-faster and to thrive in a culture of continuous improvement and value delivery.
CHARACTERISTICS OF MODERN ARCHITECTURES
From a technology standpoint, underpinning all of this is a modern software-defined architecture. Often, such architectures take advantage of technologies such as flash, scale-out and hyper-convergence of compute, networking and storage resources. Intelligence around such resource disciplines is defined in software. Such infrastructures are largely operated in a self-driving fashion. The enterprise defines its security policies declaratively, i.e. the business declares what is required and the intelligent software-defined architecture executes and maintains compliance with the desired policies at scale seamlessly. With operational and architectural consistency, this can be achieved across both on-premises deployments as well as multiple public cloud platforms.
Such architectures track the intended state of business applications. Any unauthorised and malicious deviation from a legitimate intended state will be dealt with swiftly and automatically, minimising time to detection and time to remediation. The mindset behind the design of such environments is not necessarily focused on keeping the bad actors out, and the assumption is that they are already in! Such architectures continuously refresh and rebuild at element level without any disruption to application and business services, ensuring malware authors never get an opportunity to dwell within the environment long enough to establish command and control.
The reality is that digital transformation, particularly in mature markets, has effectively turned organisations into targets for bad actors. With the rise in use of smart operational technologies, the surface of attack has increased significantly. The majority of the advanced threats that organisations receive are either tailor-made to the targeted organisation or are aimed at specific industry verticals. The consequence of inaction and a relaxed approach to security can lead to the erosion of trust; adverse impact on market perception and confidence; decreased brand value and more critically, issues around long-term business viability.
Security needs to be intrinsically built into all systems and processes, up and down the organisation. Adopting a secure from the start approach ensures security is not an afterthought, which can cause friction to business agility. Adopting this strategy will result in technology operating at the speed of business. Security can and should be a catalyst for innovation and has to be built into the fabric of the business, both technologically and culturally.
A comprehensive security transformation strategy will deliver operational resiliency, effective risk management and unification of board-level priorities with the overall technology acquisition and deployment strategy. This is what we deliver to our valued customers at Dell Technologies. In order to find out more, please feel free to contact me.