By Marcel Rizcallah, Senior Director, Security Domain Leader, EMEA Oracle Consulting
Digital transformation is changing our world today. Cars and homes are connected and can be controlled remotely. People are connected through social
networks and can share ideas, services and goods. Organizations are providing services on customers’ mobile devices such as online banking or taxi
bookings. These are only few real-life examples of how digital transformation is changing the way we consume services and interact with each other. In a
few years, most services will be digitalized including healthcare, government services for citizens, online shopping, and more.
But can we imagine those services without protecting all private data handled by the service providers? Or without complying with EU data privacy
regulations? What does security means in a digital solution? Is it enough to enforce strong passwords when users enroll to the system? Is it enough to
encrypt data exchanged between the user, the device and the service? Not at all – this is only the visible part of the iceberg. In this blog, I’ll explain:
Why security is important?
First of all, security is about trust and trust is the major enabler for a successful digital transformation.
“TRUST is like the air we breathe. When it’s present, nobody really notices. But when it’s absent, everybody notices.” - Warren Buffet.
What will happen if connected cars that can be remotely started and stopped with a smartphone or geo-localized with a web browser, are hacked or stolen?
What will happen if home smart devices such as energy boxes or connected cameras to cable networks are attacked and hackers start controlling the devices
from the outside? What will become of the company providing the service? And what will happen if this same company is attacked from the inside and the
customers’ data is stolen, including history of locations, credit cards, customers’ mail and phones, and more?
Second, security is becoming mandatory by law, and not simply an option or a recommendation. The reasons are multiple: if security is not
implemented by design in a new system, organizations expose not only their own data but their customers’ personal data, which do not belong to the service provider, to security breaches from day 1. In addition, implementing security by design will significantly
reduce associated costs as opposed to adding security on a running system or on legacy applications.
The EU is working on a regulation that will apply to European businesses that process personal data. This means that compliance to the regulation will be
mandatory and there will be significant fines for companies that do not comply with the proposed regulation of up to 5% of annual worldwide turnover, or
€100m, with the possibility for individuals and associations, acting in the public interest, to bring claims for non-compliance. The regulation includes
compliance procedures and policies, including adopting privacy by design or appointing a data protection officer (DPO) when sensitive data such as health
information is handled by the service provider.
What needs to be secured?
My answer would be everything! But what do we mean by everything? Let’s have a look first at the major components of a digital solution.
Securing all those components means the following:
How to proceed?
Let’s give first some basic recommendations on how to proceed to define the security requirements, and prioritize solutions.
Finally, you will need to select the right product for each requirement and implement the solution while taking into account technical and organizational
impacts with quick wins. This is where Oracle Consulting can help you
implementing Oracle Security products in your environment.