The reshaping of the enterprise cyber-attack surface speaks to the need for a new approach to enterprise security. In my previous post, I explained how the Internet of Things has contributed to an expanded and extended attack surface. To address this development, firms should implement a dynamic trust-based enterprise security model that can be proactive and nimble in anticipating and responding to potential threats.

In this final post of my series on the self-sustaining enterprise, I’m going to explain how leveraging artificial intelligence (AI) and new infrastructure paradigms can help you transform your enterprise security to create an adaptive, intelligent, self-sustaining enterprise security platform that can keep pace with changing attack surfaces.

The basic requirements for such a platform include:

  • An operating model that understands and addresses risks and vulnerabilities and their impact on processes, and has the agility to mitigate risks quickly
  • A persistent identity, and the capability to identify assets and their role and function
  • Embedded security that guides the business to secure behavior
  • The flexibility to dynamically segment and enforce behaviors and policies throughout the infrastructure

Getting started with a self-sustaining approach

As your firm takes its first steps toward creating a self-sustaining enterprise security platform, be sure you:

  • Employ sophisticated identity methods (such as Identity and Access Management [IAM] services) to reduce vulnerability to unauthorized access
  • Consider serverless processes to potentially help reduce costs and enable rapid development
  • View infrastructure and security as code, rather than physical assets, to gain needed flexibility and agility
  • Be dynamic, with the ability to segment, move, and shapeshift assets and processes to meet changing needs and increase responsiveness

Adopting a self-sustaining approach enables the connectivity and collaboration that’s essential for success in the digital ecosystem. Automation, machine learning, software-defined networking, and new infrastructure approaches are all paths toward enhancing your existing cybersecurity capabilities. These revamped capabilities should allow your firm to collaborate with others when it’s appropriate and address new business opportunities while safely navigating the business ecosystem.

Laying the groundwork

You can lay the groundwork for transforming your firm into a self-sustaining enterprise by taking the following steps:

  1. Understand key business process availability and sustainability goals in terms of their relationship to risk and security
  2. Identify which applications could be separated into microservices and events
  3. Examine how security services could be shared for greater efficiency
  4. Identify those security functions that could be deployed as a virtual service
  5. Build a robust identity and access management system for continuous risk evaluation
  6. Integrate products and/or techniques, such as AI and analytics, that enable a self-sustaining environment through the ability to “think” and “react”

A self-sustaining approach to cybersecurity that leverages automation, machine learning, software-defined networking, and new approaches to infrastructure can give your firm the resilience and swift security support you need to be “safe in your neighborhood.”

For additional detail, please see: The Self-Sustaining Enterprise―Using Technology Innovation to Enhance Cyber Security Skills

Dr. Christian Tölkes

Dr. Christian Tölkes

Managing Director, Technology Consulting Lead Financial Services Austria, Switzerland & Germany

View Profile

Submit a Comment

Your email address will not be published.