/
News Article

The Safe Evolution of Digital Infrastructures Requires Education

By Miriam Bello | Wed, 06/01/2022 - 13:29

Companies have moved away from singular on-premise networks, as evidenced by increasingly disaggregated digital infrastructures that use multi-cloud and edge deployments. This evolution is only starting, with digital infrastructures responding and adapting to the introduction of new technologies and cybersecurity protocols. This growing digitalization will open businesses to more complex cybersecurity threats, which will only be mitigated through new and innovative security strategies.

After the COVID-19 pandemic, 47 percent of IT decision makers said their organizations had accelerated their digital transformation initiatives, while 60 percent said the pandemic forced them to revisit and revise their IT strategy, according to the results of the Equinix 2020-21 Global Tech Trends Survey (GTTS).

There are five main risks that can arise when evolving the digital infrastructure. “The first one arises when companies try to digitize what is not digitizable or should not be digitalized. The second one comes as a result of an accelerated process that skips tools and processes for this digitization. The third is an inadequate integration, the fourth is the acquisition of products that do not necessarily benefit the environment and the last one is failing to comply with privacy and security regulations,” said Julia Urbina, CISO, Cyberiiot.

The right processes for a digital infrastructure evolution enable organizations to adapt to technology trends dynamically so that when the need arises, they can rapidly assemble and reassemble the right building blocks and resources. In many ways, the ability to interconnect with partner and customer ecosystems is key to helping organizations realize the true value of their digital infrastructures.

“Companies have now realized the value of cybersecurity and how they use it to evolve their organizations and achieve business continuity in a better way than they could achieve it without tech. Now, the IT team reports to the Security team and not the other way around. This is already bringing benefits to companies and final users,” said Brenda Zetina, Territory Director, Datadog.

This transition needs integrated planning to be organized. All facets of the business, such as customer service, HR, IT, sales and management, must work together to review their current systems and the data generated as part of their daily operations, explained Manuel Diaz, Director of Cybersecurity and Privacy Protection, Huawei Technologies México. Using that information, companies should define a path to connect their data, break information silos and share their knowledge to become smarter. Integration planning can improve the experiences of customers, employees, business partners and every other player involved in the company.

Through integration, companies can define corporate priorities, develop functions and responsibilities in all areas of the company, have a clear and updated corporate legislation and ensure they comply with national regulations to avoid being penalized for legal breaches.

In this integrated ecosystem, cybersecurity must be a priority, especially as no one is exempt from risks in these rapidly evolving environments, said Zetina. Thus, companies need to have a unique source of information on what is happening to reduce risks with end customers and the company itself. Communication and training are also essential. “Training and awareness for employees in security areas is also fundamental as they can also be a target of threats,” said Diaz.

Other effective ways to reduce risks include incorporating multifactor recognition and ensuring the clarity of connection processes from network to users and physical security mechanisms because “not all people work from the office and many companies have third parties where information is shared,” said Diaz.

Cybersecurity in the cloud is also key, said Urbina. In the past year, companies have struggled to secure their cloud infrastructure given that their inherent disaggregated design has introduced multiple entry points for cybercriminals to exploit, MBN reported.

These security gaps, which normally form during the initial onboarding process and more commonly during changes between different cloud service providers, constitute the leading cause of cloud data breaches. Companies lack the know-how and the security tools to protect their public cloud infrastructure even as they are considering the addition of other cloud services. “Thus, authentication is also fundamental in this step, not just for our direct collaborators but also for our third parties and cloud providers,” Urbina said.

Nonetheless, “there are systems that can help companies achieve a safe digital space and infrastructure at all levels,” said Erika Sánchez, Coordinator, Women's ANUIES ICT Network Mexico. These measures include making cybersecurity part of the basic culture of companies, establishing a collaborative relationship with providers, regulatory clients and academia and investing in the R&D of further tools that can support the company.

“Companies can base their risk assessment through a NIST Cybersecurity Framework, which has five core functions; identification, protection, detection, response and recovery, and can be used from SMEs to governments to analyze their tangible and non-tangible assets under one profile,” said Urbina.

Photo by:   Mexico Business News
Miriam Bello Miriam Bello Senior Journalist and Industry Analyst