Mitigating the Risks of Digital Transformation

compromise sensitive data, disrupt operations, and damage the reputation of the enterprise. A separate study by the Ponemon Institute found that the average cost of a data breach for companies in the United States is $8.6 million. The same study found that the average time to identify and contain a breach is 280 days. These numbers are alarming and should push all business leaders to take decisive action to secure their businesses if they haven’t already done so. To mitigate the risks associated with cyber threats, enterprises must take a proactive approach. They should develop a comprehensive cybersecurity strategy that includes:

• Adopting a Defense-in-Depth (DiD) approach to stop bad actors from accessing enterprise applications via various security technologies such as firewalls, intrusion prevention systems, zero trust network access solutions, identity-aware access controls, anti-malware, anti-phishing systems, and more.

• Identity and access management (IAM) solutions to protect enterprise assets by using least privilege access methodologies. IAM coupled with multi-factor authentication (MFA) helps protect enterprise assets even in cases of password compromise.

• Encryption solutions to encrypt sensitive data to protect data from being comprehended even in cases of data breaches.

• Threat monitoring systems that conduct a regular risk assessment of digital infrastructure, applications, data protection policies, access control policies to identify potential vulnerabilities, misconfigurations, and act upon any risks identified.

• Training employees in cybersecurity on how to recognize and respond to potential phishing and other threats.

Two security architectures are worth mentioning as they are key to the success of digital transformation as they mitigate many challenges associated with cyber threats. They are unified secure access service edge (SASE) and cloud native application protection platform (CNAPP). 

Unified SASE plays an important role in cybersecurity by providing comprehensive network security for enterprise assets that can be deployed anywhere—OnPrem, Cloud, Edge—for workforces distributed across the globe. SASE addresses the DiD part of the cybersecurity strategy along with CNAPP and endpoint security technologies. SASE protects enterprise data via cloud access security broker (CASB), enterprise applications via zero trust network access (ZTNA), endpoint assets via security web gateway (SWG), which combines anti-phishing, anti-malware, and site reputation filter technologies along with basic security foundational firewall, intrusion detection and prevention system (IDPS), distributed denial of service (DoS/DDoS), and data loss prevention (DLP) technologies. By combining multiple security technologies, SASE provides comprehensive security for distributed enterprise assets.

CNAPP security technologies are becoming important too due to adoption of cloud and cloud services by digital transformation. CNAPP security includes cloud security posture management (CSPM) and cloud workload protection platform (CWPP). CSPM gives visibility into cloud assets, scanning of data for malware, and conformance to regularity requirements. It also scans for any misconfiguration of cloud services used by enterprise applications. CWPP checks for vulnerabilities in application images, malware, or unwanted software detection in images, and provides runtime workload protection via host intrusion prevention system (HIPS) and runtime application self-protection (RASP) technologies. Though cybersecurity will continue to be a concern for enterprises, especially in a challenging economy, those that take it seriously and treat