The industrialization of society 5.0 has brought us to the pinnacle of a period of technological evolution, where the mass, real-time flow of data, cloud computing, GB internet connectivity, and billions of devices interconnected with each other have shaped the way we experience the information society.
By José Gomes, IT Operations, Cloud & Security Associate Director at Noesis
The covid-19 pandemic brought several changes in the paradigm of work, business, and life as a whole. In just a few months, we witnessed an extraordinary technological leap, grounded on incorporating new digital capabilities and the development of cloud strategies supported by flexible laaS and PaaS models and the race to consume SaaS applications.
The complexity of managing new IT ecosystems, with multiple actors and stakeholders, is increasing, and the challenges associated with security and safeguarding information emerge as one of the main concerns of decision-makers. With the increasing development of multi-cloud environments, cyber-exposure and vulnerabilities of networks and environments have increased dramatically, so cyber-attackers have taken advantage of this window of opportunity to act. The speed, sophistication, and diversity of attacks targeting organizations' systems have evolved, driven mainly by the increased consumption of SaaS and IoT applications. AI-based phishing, supply chain, and M2M attacks are increasingly frequent.
Therefore, it is fundamental that organizations adopt holistic approaches and include intelligent technological capabilities", with standards, guidelines, processes, and practices that guarantee mechanisms to safeguard security policies and privacy of information and access.
In this time of transition, it is fundamental that organizations remain competitive and invest in the technologies that can truly drive business success. The journey to ensure data safeguarding and security should be framed in the following vision:
■ Cloud-oriented solutions and services: that support the growing use of multi-cloud environments, able to control accesses at points where security policy must be applied, from on-premise to the different deployment models Intelligent Monitoring solutions able to detect all types of threats: insider, cyber-attacks, filtering, data manipulation, and supply chain threats.
■ Compliance and Auditing mechanisms: suitable for each of the different deployment models The security of applications and the data passing between them cannot remain under the individual responsibility of each Service Provider.
■ Data governance: With increased mobility, growing adoption of SaaS applications, and shadow IT, the ability to govern the use of cloud applications is essential to ensure compliance with E2E security policies.
■ Digital Identity: IAM solutions must have levels of sophistication that enable federating authentication across multi-environment and managing provisioning in an integrated and secure manner.
■ Cybersecurity Managed Services: Services that operate 24x7 with highly skilled and experienced talent versed in the use of cutting-edge technologies and proactive threat prevention and neutralization principles.
■ Next-Gen Cybersecurity: More complex cloud environments and increasingly sophisticated intrusion schemes require more demanding, automated, and sophisticated paradigms and solutions, using solutions that incorporate AI and self-learning algorithms.
If 2020 was the year of survival and rapid decision making towards business digitalization, and there was not much time to incorporate security and privacy policies in the evolution of IT ecosystems, 2021 is the year when organizations must take a step back to refocus their strategy and reassess the critical aspects of the security architecture and empower themselves in a structured way with cutting-edge services and technologies to safeguard against increased cyber-exposure and insider threats.
Published (in Portuguese) in business.IT