Lights and Technology
12 July 2022

The importance of Security and Privacy for organizations during the digital acceleration

Protecting confidential customer data is increasingly becoming everyone's "job" in an organisation. José Gomes identifies 8 skills for companies to reduce cyber risks

  By José Gomes, Cloud & Security Associate Director at Noesis

Over the last two years, the organizations that best overcame the crisis caused by the pandemic took the opportunity to channel their efforts into incorporating innovation, new technological capabilities and profound organizational changes to overhaul the way they develop their business entirely. Working methods, tools, team dynamics, and everything that was part of the day-to-day corporate routine of companies changed and evolved! Supporting that evolution was the Development of cloud strategies, backed by flexible IaaS and PaaS models, and the race to consume SaaS applications. However, the proliferation of Multicloud environments has resulted in organizations being more exposed to cyber-attacks and high points of failure and vulnerabilities in networks and environments, which hackers have exploited in detail.

The truth is that protecting confidential customer data is no longer a 'task' exclusive to security and IT professionals but a part of everyday life for everyone in an organization, from the CEO to the customer-facing employee. Nowadays, we live in a time where cyber-attacks are increasingly frequent and reducing all types of risks associated with them is a responsibility that cuts across everyone in the organization. For this, IT must focus on the primary aspects of the Security Architecture through a holistic approach that includes "intelligent" technological capabilities and contains standards, guidelines, processes and practices that ensure mechanisms to safeguard security policies and privacy of information and access.

In this sense, I identify 8 essential capabilities that guarantee resilience, the decrease of cyber risk, the increase of privacy and holistic security in organizations:

  1. Cloud-oriented solutions: that support the growing use of hybrid and multicloud environments, capable of controlling accesses at points where the security policy must be applied, including the different models of public and private clouds, not leaving aside the on-premise environments that generally must be maintained for other reasons;
  2. Cybersecurity & Intelligent Monitoring: sophisticated solutions in SaaS Intelligent Monitoring model capable of detecting all types of threats - internal, cyber-attacks, filtering, data manipulation and supply chain threats - are mandatory nowadays;
  3. Digital Identity: Identity and Access Management solutions must have levels of sophistication that enable federated authentication in multiple environments and manage provisioning in an integrated and secure manner;
  4. Privileged Access: the use of Privileged Access Management (PAM) tools must be implemented to monitor and control accounts with privileged access to crucial IT assets; 
  5. Next-Gen Cybersecurity: increasingly complex cloud environments and more detailed and sophisticated intrusion schemes require more demanding and automated paradigms and solutions, using solutions that incorporate Artificial Intelligence and self-learning algorithms; 
  6. Data governance: with increased mobility, growing adoption of SaaS applications and shadow IT, the ability to govern the use of cloud applications is critical for the sustainability of organizations and to ensure compliance with E2E security policies;
  7. Secure Development: in a world where applications predominate, it is essential to ensure software resilience through SW development models from an on-demand AppSec tool that provides a holistic, inclusive and extensible platform to support the breadth of the software portfolio. 
  8. Cybersecurity Managed Services (SOC): services that operate 24x7 with highly qualified and experienced talent, focused on using the latest technologies in the market and proactive threat prevention and neutralization principles.

Organizations must empower themselves and define structured strategies based on state-of-the-art services and technologies capable of "offering" protection against the growing number of cyber attacks. Organizations, but also Governments, now need to channel a substantial part of their efforts according to the criticality of their operations and empower themselves with a security architecture that safeguards their operations.

Published (in Portuguese) in SapoTek