Scaling digital transformation initiatives results in more variety and volume of data being processed, stored and analyzed at varying velocities by the enterprise, more data being shared with an increasing number of stakeholders and allowing an ever-increasing number of internal and external users, devices and things access to this data.
For a CIO, this brings in more security and privacy risk to the enterprise for which existing mechanisms may not be sufficient. What are the trends being adopted by leading digital enterprises (large companies who have successfully scaled their digital transformation initiatives) for securing their enterprise against risks?
Security and privacy risks introduced or amplified by scaling digital transformation initiatives:
Digital transformation introduces and increases the following security and privacy risks to any enterprise:
Cybersecurity risk: Has there been any unauthorized access or break-in into the enterprise network? If this has occurred, what are the systems and data stores which have been compromised? How did the compromise occur? Can a break-in be detected in real-time?
Artificial intelligence (AI)-induced-risk: Does a CIO have a view of where AI is used by the enterprise? Will the use of AI lead to a privacy and compliance risk, especially if user data is being used to provide personalized services to the customer?
Compliance risk: In case of a security breach, does the CIO know the impact to the enterprise from a financial perspective? Does the CIO know what systems and data stores need to be protected from a privacy perspective? Does the CIO know where does sensitive data reside, where all does this data get processed and who does the data processing?
Risk-mitigation mechanisms being adopted by leading digital enterprises:
The following risk-mitigation mechanisms are being increasingly looked at by CIOs of leading digital enterprises:
Cognitive SOCs: Over the last few years, Security Operation Centers (SOCs) have been used as a standard mechanism to detect breaches. Given that security analysts in a SOC are inundated with more and more information and false positives, their speed of detecting and responding to a breach is increasingly becoming slower. The power of artificial intelligence (AI) and machine learning (ML) to analyze structured, semi-structured and unstructured information coupled with its ability to learn is helping SOCs automate repetitive manual tasks of their security analysts and thereby improve speed and accuracy of detecting any breach and respond faster.
Ethical AI: Personalization, which involves the analysis of customer profile, location and preference data, using AI techniques, is being increasingly used by marketing departments of most enterprises to target their products and services to the right customers. Use of AI in personalization, however, introduces compliance risks related to “User Consent Management” and “Automated Decision Making”.
Ethical AI is gradually evolving into a framework which helps enterprises frame policies and guidelines to remove biases from data analysis, restrict use of AI for “moral” and “ethical” purposes only and ensure privacy protection, taking into account scenarios where consent management and automated decision making would be required.
Cyber insurance: Today, CIOs are aware that the best of cybersecurity mechanisms may not completely ensure that the enterprise is secured against all forms of breaches that may occur in the future and hence sign up for cyber insurance policies.
Cyber insurance policies, provided by various insurance companies, charge premiums based on the amount of data collected, processed and shared by the enterprise and also take into account whether the company is a data controller or a data processor. These policies cover liability of an enterprise due to data breaches, losses due to any cyber-ransom attack and losses due to any denial of service attack.
In some organizations, cognitive SOCs may fall under the purview of CISO (Chief Information Security Officer) rather than a CIO, but nevertheless, it is important for CIOs to ensure adoption of cognitive SOCs, ethical AI and cyber insurance as risk-mitigation mechanisms to protect against risks induced and amplified by scaling digital transformation initiatives.
Balaji Raghunathan is General Manager and Associate Partner-Technology Consulting & Enterprise Architecture, ITC Infotech
Disclaimer: This article is published as part of the IDG Contributor Network. The views expressed in this article are solely those of the contributing authors and not of IDG Media and its editor(s).