Over the last seven decades, global carbon emissions have increased almost eightfold. Meanwhile, since 1980, the planet’s average temperature has risen significantly, with nine out of 10 warmest years on record having been in the last nine years. For sustainable development, it is now widely agreed that we must achieve a shared global goal of cutting carbon emissions by 45% in the next 20 years from 2010 levels.   

The good news is that businesses have started responding actively. More than 100 companies worldwide have pledged 100% use of renewables. Food companies have set a goal to reverse forest loss and land degradation by 2030. And more than 30 financial institutions with global assets worth $8.7 trillion have pledged to avoid investing in any business that can be held responsible for deforestation.  

Making such a pledge is one thing—finding ways to measure, track, and implement it is entirely another. Pledges like the ones above, for instance, mean tracking data on the deforestation impact of ingredients such as soya, palm, cocoa, and coffee, which many consumer goods and retail businesses use in their food and personal care products.  

To evaluate how effectively enterprises are managing their sustainability imperatives, TCS and Microsoft worked together to research and analyze publicly available data. We found that irrespective of size and revenue, enterprises are becoming increasingly conscious of sustainability. However, they are struggling to measure the true value of decarbonization efforts in their supply chains. By improving the quality of global supply chain data, enterprises can better measure their true carbon footprint—and ultimately help find the missing link to a net-zero business ecosystem.   

Read the white paper 

Green IT, Retail Industry, Supply Chain

Digital Transformation is a phrase prominent in the mind of every board executive. Gartner reports that 87% of senior leaders see digital transformation as a priority for their enterprise.  The need to digitalise and modernise business processes and services has long been a desire, but the need to innovate has been accelerated by what we have faced in the past few years. As transformation demand is now greater than ever, we are seeing smaller, more agile, technology-first businesses entering the market without the legacy constraints and threatening to overtake the larger enterprises, which typically take much longer to pivot and evolve digitally.

With the rise of readily available digital products and services at our fingertips that we have all consumed in our personal lives, enterprise boards are now looking to their IT leaders for rapid solutions that will open new digital revenue streams and give them that competitive edge. The well-celebrated scale and pace that many businesses were forced to adopt during the pandemic are now the expectation for IT projects and the wide variety of cloud-based, software-as-a-service solutions certainly lend themselves to this approach.

However, this expectation that IT shifts from a back-office cost centre to a revenue generator doesn’t come without pitfalls. 

Why a Security Tool Glut is an Issue in the Modern Enterprise

There are now new challenges and considerations facing enterprise IT leaders. A report from the national cyber security centre for the UK found that 81% of large enterprises have experienced some sort of cyber-attack, supported by the statistic that roughly every 11 seconds there is some sort of ransomware attack. Digital Transformation has put a digital target on the head of every organisation. 

As technology becomes more sophisticated and accessible, threat actors today are targeting large enterprises with increased frequency. They know that the larger the enterprise, the greater the volumes of systems, endpoints, and sensitive data, presenting more opportunities to exploit. The impact of this would be damaging both operationally and reputationally and therefore, these threat actors know the financial rewards are greater. 

Suddenly, more and more of our products, services, and data are exposed to the outside world and that same scale and agility available to us is available to those wishing to disrupt their industry. The threat landscape has significantly evolved from protecting websites and back-office infrastructure to ensuring the security of a plethora of end-user devices that may not even be managed by the enterprise. This threat scales with the number of employees, all of whom could have multiple devices and are often located across the world. The more connected devices or digital touchpoints we introduce, the greater the risk.

Enterprises, whatever the size, can find themselves in breach of the general data protection act and face fines of up to 4% of their annual turnover or in some cases, completely unable to trade due to ransomware attacks exploiting vulnerabilities at the endpoint. The latter resulted in over $600M being paid out by organisations in 2021. To add fuel to the fire, the insurance market is becoming increasingly difficult due to the ever-changing landscape. The controls required to satisfy cyber insurance are putting a real strain on IT departments.

None of this comes as a surprise though. Enterprise IT departments have been busy arming themselves with the tools to protect these accessible systems and devices for some time. Gartner predicts an increase of 11% in spending on enterprise security in 2022, that’s up 25% in just two years. But there is such a thing as too many! 

Once again, the volume only increases the risk and makes the task more challenging. Every tool needs to be managed, every alert verified, every incident managed. Another Gartner survey found that 75% of respondents are planning to consolidate the number of security vendors they use, citing an increase in dissatisfaction with operational efficiencies and lack of integration of a heterogenous security stack as the main reasons. This overhead directly impacts the IT department’s ability to focus on the client and drive the innovation and transformation required. 

Driving Digital Transformation Through Partnerships

So, where do you start? How do you keep every aspect of your enterprise secure without huge overheads distracting the IT department from adding value? An enterprise already has challenges managing its workforce but with the volume of connected devices, how do you keep track of what assets you have and where they are located? 

My recommendation would be not to tackle this in isolation. We’ve discussed how the IT department needs to drive digital transformation and focus on creating value. Visibility, awareness, and education are crucial elements in preventing breaches and are a lot easier than trying to remedy any breach, so engage a partner to help understand your objectives, baseline your security posture and develop a strategy that will complement the organisation’s goals. 

Partners like Tanium offer a free, customised risk report that will present you with a risk score to assist with business decision-making and prioritisation based on organisational objectives, a proposed implementation plan to roadmap the journey the organisation needs to go on, asset inventory to understand the landscape of your enterprise devices, and vulnerability analysis to highlight immediate threats. 

Of course, it’s important that IT teams first set a benchmark that they can assess themselves against, so they know where they’re excelling and where they will need improvements. This type of assessment puts minimal strain on the IT department, with a lightweight agent being deployed to collect data and one of Tanium’s expert technical solution engineers being on hand to analyse and produce your report. If enterprises are to stay secure and evolve digitally, they need this visibility of their whole IT estate as a standard. 

Tanium’s extensive, enterprise-grade, solutions consolidate toolsets and reduce overheads and costs, whilst offering consistency for the IT department. IT departments can get a real-time view and manage endpoints from a central point, creating efficiency within the team and allowing them to focus on what really matters. 

Tanium Benchmark

Find out your risk score today and get a holistic view on your organisation’s IT risk metrics.

This post is brought to you by Tanium and CIO. The views and opinions expressed herein are those of the author and do not necessarily represent the views and opinions of Tanium.

Digital Transformation

By Dr. May Wang, CTO of IoT Security at Palo Alto Networks and the Co-founder, Chief Technology Officer (CTO), and board member of Zingbox

At the foundation of cybersecurity is the need to understand your risks and how to minimize them. Individuals and organizations often think about risk in terms of what they’re trying to protect. When talking about risk in the IT world, we mainly talk about data, with terms like data privacy, data leakage and data loss. But there is more to cybersecurity risk than just protecting data. So, what should our security risk management strategies consider? Protecting data and blocking known vulnerabilities are good tactics for cybersecurity, but those activities are not the only components of what CISOs should be considering and doing. What’s often missing is a comprehensive approach to risk management and a strategy that considers more than just data.

The modern IT enterprise certainly consumes and generates data, but it also has myriad devices, including IoT devices, which are often not under the direct supervision or control of central IT operations. While data loss is a risk, so too are service interruptions, especially as IoT and OT devices continue to play critical roles across society. For a healthcare operation for example, a failure of a medical device could lead to life or death consequences.

Challenges of Security Risk Management

Attacks are changing all the time, and device configurations can often be in flux. Just like IT itself is always in motion, it’s important to emphasize that risk management is not static.

In fact, risk management is a very dynamic thing, so thinking about risk as a point-in-time exercise is missing the mark. There is a need to consider multiple dimensions of the IT and IoT landscape when evaluating risk. There are different users, applications, deployment locations and usage patterns that organizations need to manage risk for, and those things can and will change often and regularly.

There are a number of challenges with security risk management, not the least of which is sheer size and complexity of the IT and IoT estate. CISOs today can easily be overwhelmed by information and by data, coming from an increasing volume of devices. Alongside the volume is a large variety of different types of devices, each with its own particular attack surface. Awareness of all IT and IoT assets and the particular risk each one can represent is not an easy thing for a human to accurately document. The complexity of managing a diverse array of policies, devices and access controls across a distributed enterprise, in an approach that minimizes risk, is not a trivial task.

A Better Strategy to Manage Security Risks

Security risk management is not a single task, or a single tool. It’s a strategy that involves several key components that can help CISOs to eliminate gaps and better set the groundwork for positive outcomes.

Establishing visibility. To eliminate gaps, organizations need to first know what they have. IT and IoT asset management isn’t just about knowing what managed devices are present, but also knowing unmanaged IoT devices and understanding what operating systems and application versions are present at all times.

Ensuring continuous monitoring. Risk is not static, and monitoring shouldn’t be either. Continuous monitoring of all the changes, including who is accessing the network, where devices are connecting and what applications are doing, is critical to managing risk.

Focusing on network segmentation. Reducing risk in the event of a potential security incident can often be achieved by reducing the “blast radius” of a threat. With network segmentation, where different services and devices only run on specific segments of a network, the attack surface can be minimized and we can avoid unseen and unmanaged IoT devices as springboards for attacks for other areas of the network. So, instead of an exploit in one system impacting an entire organization, the impact can be limited to just the network segment that was attacked.

Prioritizing threat prevention. Threat prevention technologies such as endpoint and network protection are also foundational components of an effective security risk management strategy. Equally important for threat prevention is having the right policy configuration and least-privileged access in place on endpoints including IoT devices and network protection technologies to prevent potential attacks from happening.

Executing the strategic components above at scale can be optimally achieved with machine learning and automation. With the growing volume of data, network traffic and devices, it’s just not possible for any one human, or even group of humans to keep up. By making use of machine learning-based automation, it’s possible to rapidly identify all IT, IoT, OT and BYOD devices to improve visibility, correlate activity in continuous monitoring, recommend the right policies for least-privileged access, suggest optimized configuration for network segmentation and add an additional layer of security with proactive threat prevention.

About Dr. May Wang:

Dr. May Wang is the CTO of IoT Security at Palo Alto Networks and the Co-founder, Chief Technology Officer (CTO), and board member of Zingbox, which was acquired by Palo Alto Networks in 2019 for its security solutions to Internet of Things (IoT).

IT Leadership, Security