For today’s business leaders, the pandemic has emphasized the need for cloud readiness and digital modernization. The new normal is driving organizations to act faster while maintaining business continuity and ensuring data security. Growth of remote work and acceleration of cloud adoption now challenge CISOs to ensure responsive protection against rapid change, while supporting new digital transformation (DX) and cloud computing initiatives. Technology advancements are triggering greater collaboration between IT and business, resulting in a cultural shift for modern executives. As businesses ramp up their modernization plans, it’s up to CISOs to ensure a robust foundation that protects against critical company and market shifts.
As part of “Designed for Change” series we’ll highlight how CISO roles have expanded over the years while exploring the benefits of always-on security.
Threat Detection and Security Posture during COVID-19
As people and businesses adjust to new norms of social distancing and remote work, it’s cultivated a critical reliance on digital connectivity. This demand has accelerated cloud adoption, as cloud spending rose 37% to $29 billion during the first quarter of 2020 - and this trend is likely to persist as virtual work becomes increasingly normalized. However, with growing cloud usage comes new and expanded opportunities for threat actors. As work becomes more de-centralized, it will require greater diligence around maintaining cyber hygiene and monitoring insider threats. Today’s organizations are reporting a 47% increase in cybersecurity attacks, including phishing attacks. Meanwhile, misconfigurations have also become a leading source of security breaches, a top problem being over privileged accounts (44%) over the last 24 months.
Ensuring Business Continuity and Scalability
The broad adoption of cloud services demands a cybersecurity cultural shift that aligns the organization’s business needs for cloud with its associated risk. As a result, CISOs are shifting towards a business focus to help ensure secure execution of new digital initiatives. Today, we’re seeing the emergence of the DX CISO (digital transformation CISO). These executives will be called upon to drive cybersecurity into the corporate culture, integrate cybersecurity into DX initiatives, and embed strong cybersecurity within all aspects of IT technology - especially public cloud computing.
Business leaders recognize that modernization requires security mechanisms that can scale and adapt to change. As new cloud services become integrated into traditional business processes, the complexity of activity between human and machine will evolve, producing new cybersecurity challenges. CISOs must continuously work with LoB leaders to align business processes to cloud computing while explaining cyber-risks to stakeholders, updating threat models, and identifying instances of shadow IT applications. These functions are critical for ensuring business continuity and scalability as companies pursue new digital initiatives. In fact, 73% of organizations have hired or plan to hire a CISO with greater cloud computing skills, while 53% of organizations employ or plan to employ a business information security officer (BISO) to work with LoB managers to ensure secure business processes.
Digital Modernization: Benefits of a Security-First Model
Despite their new business functions, CISOs are fundamentally responsible for selecting, deploying, and operating the required security controls that enable the business while addressing cyber-risk. The challenge here is enabling an integrated and cohesive security strategy across the entire technology portfolio. Disparate agendas across lines of business, application development, IT operations, cybersecurity risk, and compliance teams, must be met with an internalized cybersecurity strategy and shared responsibility. CISOs must rationalize and transform the cloud ecosystems into a tightly integrated and scalable security stack while meeting divergent business needs. This requires a high-performance data pipeline for stream and batch data processing, API integration between tools, threat intelligence ingestion for data enrichment, and process automation for immediate incident response and risk mitigation.
To find the right balance between enabling the use of cloud services and protecting sensitive transactions and data, businesses need to cultivate a culture of “security-first”. A security-first model follows the principle that security is embedded in all digital functions, powered by automation and intelligence to deliver a robust and agile infrastructure. For example, in DevOps, this means the automation of cybersecurity processes and controls via integration with the continuous integration and continuous delivery (CI/CD) toolchain, an approach often referred to as “DevSecOps”. Privilege policies may also establish zero-trust network access by locking down privileged accounts to enable effective monitoring of sensitive data in flight and at rest. Organizations also need visibility across IT assets and third-party connections to address changing risk factors like cyber-attacks and software vulnerabilities in real-time. Collectively, it’s about strengthening your security posture and reducing risk with security-first design principles that center on built-in security controls for simplified and effective management.
Oracle Security Solutions for CISOs
Oracle provides a security-first architecture, reducing risks against continuous and evolving threats. Our architecture features design principles that include built-in tenant isolation and least privilege access. Security controls are always-on, with layered defenses that prevent misconfiguration errors and implement mandatory security best practices. Customers can automate security to reduce complexity, prevent human error, and lower costs with automated patching for Autonomous Database and threat mitigation for Oracle Cloud Infrastructure provided by our Cloud Guard, Maximum Security Zones and Identity Cloud Service. This includes always-on encryption and continuous monitoring of user behavior for end-to-end protection.
Oracle’s security solutions alleviate the challenges of cloud adoption by providing intelligent resources to simplify manual practices. As people, companies, and CISOs continue to adjust against today’s every-changing state of normalcy, Oracle’s solutions focus on cultivating new forms of agility to enable seamless business transformation.
To learn more, visit https://www.oracle.com/cloud/oracle-cloud-services/ or download the e-book “Mission of the Cloud-centric CISO”.