With the adoption of digital transformation must come increased awareness of cyber security. All too often, companies embark on these big programmes without considering the security implications for their internal systems and customers, with disastrous consequences.
“Digital transformation makes use of three key technologies,” says Jaco Botha, Senior Product Manager at Ansys, “Cloud infrastructure, artificial intelligence and the Internet of Things”. These technologies blur the boundaries of your corporate network perimeters, making traditional boundary-based security much more difficult.
The good news, Botha says, is that the cloud providers themselves have invested heavily in providing a secure environment. Right now, one of the most critical areas for attention is around user authentication for those cloud services, and making sure that all interactions with sensitive data are by known users, and fully auditable. In other words, as you create systems which are more open and flexible, it becomes increasingly important to know who is accessing them, when and from where.
The “user” doesn’t have to be human either. It’s just as important to be sure that an IoT device is what it says it is when it accesses network services as it is to be sure an employee is real.
“If you follow through to the endgame of digital transformation,” Botha explains, “The role of the IT department changes drastically. They stop worrying about the hardware and platforms and focus on endpoints and user authorisation.”
This is where new security solutions, such as Ansys’s SOLID webKey, become important. SOLID webKey ensures that users are using unique and difficult to guess passwords, and also acts as a physical second factor token for authentication for online accounts.
“Authentication is just the starting point though,” Botha continues, “you also need to create digital trust through the use of digital certificates to sign, encrypt and secure data at rest, in flight and across organizational boundaries.”
There are other concerns that make migration to the cloud undesirable. As a company with clients in sensitive sectors such as finance and the military, Ansys is bound by certain restrictions to ensure data security by the strictest rules. This can mean, for instance, that off-the-shelf platforms for collaboration, such as Slack, cannot be used for communication between teams.
To overcome this, Botha explains, Ansys is developing its own secure collaboration suite for voice and instant messaging, in which users are cryptographically authenticated, all communications are encrypted and recorded for auditing purposes.
Perhaps the most important part of security in a digitally transformed workplace, though, is the workers themselves. Strong authentication and trust models can prevent many methods of attacking IT infrastructure, but that often leaves the human element as the most vulnerable to being subverted. Security training is rarely implemented with enough rigour, Botha says, and can no longer be a tick-box exercise in which a policy is signed during induction, then never revisited.
“Cyber security awareness training becomes critical,” Botha says, “It has to be ongoing. We’re looking at ways to change insecure habits and ensure best practices all the time.”