A human-shaped approach to security
Given the myriad of security solutions available today, Danny Ilic says the key challenge is to ensure customers accept new products and services and are comfortable using them.
Danny Ilic, global chief architect, information security head, Wipro
In today's connected environment, consumers need access to services through whatever channel they choose. The challenge for companies to meet these evolving needs is exacerbated by the need for personalised services, a myriad of new technologies and devices, different levels of comfort in the sharing of personal information and employees wanting BYOD!
If this wasn't enough, security challenges are also constantly evolving in tandem. With increasingly sophisticated hacking attempts, data breaches hitting some of the world's largest brands and the potential for real reputational and business challenges, cyber-security is becoming a nightmare.
Security is unique as it goes vertically across all other industries, but there are certain key nuances to security challenges when you enter different markets – for example, it's a very different picture from a financial services point-of-view than from the side of say a technology vendor.
However, whatever sector they operate in, businesses should be looking at opportunities around the convergence of cyber-security and business value and how to integrate this proposition. The problem is that the traditional method of developing and designing security is no longer fit for purpose. The linear design method of looking at the data, then the infrastructure and getting to the user interface last, does not fit in with the way people perceive and use digital devices today.
The three pillars of security
This traditional approach to designing has been almost a one size fits all approach (while obviously not a one size fits all product). The focus has always been equally spread among the three pillars of security: confidentiality, integrity and availability. While these continue to be important elements of any security product or service, the importance of these pillars has now shifted (and continue to shift) depending on the individual industry and indeed organisation you are looking at.
For example the banking industry is far more concerned about privacy, confidentiality and trust, so you have to focus on those issues. In contrast, technology companies are more concerned about availability. However, one thing is for certain, whether you're a financial services organisation concerned about PCI compliance or a web services company thinking about ISO 7001, user experience must now be the first not the last consideration when it comes to security.
A unique evolution of the three pillars approach which we have developed is to use the pillars to design security from the outside looking in. With a focus on the customer experience, this approach to development runs alongside using Artificial Intelligence technologies to deliver security services.
The challenge of legacy infrastructure
While many organisations may be aware of this new way of thinking, they could be struggling with how it integrates with their existing business and legacy systems. Well, this new way of thinking can be mapped with existing legacy infrastructure to allow companies to move into new digital spaces and services, and there are two potential approaches here:
1. Looking at Devops and an agile way of changing processes and infrastructure
2. Develop brand new infrastructure products and services to deliver what is required now, and then later connect it into existing legacy infrastructure, enabling a shift to “green field” cyber-security digital architecture and services
While the first approach is much more common, the second approach will allow security to be designed based on new best practices and approaches, giving a quick kick-start to new digital services while not interfering with the existing way of doing business. As a result, the second approach has the potential to be much more beneficial and cost effective, but is a big mind-set shift that challenges companies to move beyond what they know and look to the future.
The future of security
It's clear that new security offerings are not following the conventional way of developing products, but this customer-centric mind-set is a total shift for the security industry and it is still bedding in right now. It's important to realise though that it is much easier to design new cyber-security products and services from scratch, with reporting, auditing and forensics designed based on best practices and not compromised by old ways of thinking. You can then replicate areas and input points when merging these new services into your existing infrastructure and legacy systems.
The bottom line is that security today needs to be not only agile, reactive and morphed, but seamless and human-shaped, with the customer as the first point of focus. Given the myriad of security solutions available today, the key challenge is to ensure customers accept the new products and services and are comfortable using them. This needs to be considered from the beginning, by looking at the consumer first and determining how the architecture will be designed downward (turning things upside down from how they used to do things) – a human-shaped approach to cyber-security.
Contributed by Danny Ilic, global chief architect, information security head, Wipro