Many businesses are being forced to be increasingly creative in managing this new challenge, employing strategies to protect enterprises and their stakeholders through sophisticated, data-centric security models. The fortress mindset of security barriers and firewalls no longer fits the business. I believe we need new security approaches that can offer sophisticated controls over third-party access to sensitive data, allow effective collaborative working in the cloud, and track the use (and misuse) of that data. Of course, these models also need to respect the privacy concerns of the original provider of that data, which means metadata matters in a way it never has before.
More than that, I think we need new approaches for identification and authentication for those third parties, reflecting the complex web of trust, which now exists in our digital economy. Suddenly, old fashioned passwords based authentication models seem crude and open to exploitation—those credentials are difficult to manage and open to compromise. New models are needed for authentication of both B2B and B2C interactions. Managing this shift co-operatively over the next few years will be vital to underpinning digital trust.
As cloud service providers roll-out multi-tenanted cloud platforms, we will have the basis of a much more flexible collaborative environment. Partners can collaborate with greater confidence knowing their data will be protected and their privacy and commercial intellectual property respected. The technology is maturing, and the opportunities are there – if we embed security from the start.
Traditional approaches to third-party assurance are hard to apply in this new digital economy. Tick box compliance approaches no longer scale, at the very time that regulators are driving the need for greater surety in the security of the supply chains of regulated industries. Perhaps there is a growing role for continuous security monitoring of firms and provision of real-time confidence to their partners, clients and customers.
But more than that, there is a need for new partnerships to defend this digital economy against increasingly ruthless, rational and entrepreneurial cyber criminals. While information sharing has become common in certain sectors such as finance and critical infrastructure, cross-sector sharing is rarer. But there are opportunities when finance and telecommunications firms come together with government to better understand and block the actions of organized crime.
Some countries have adopted the idea of ‘active defense’, working to quickly disrupt the infrastructure used by criminals to attack government systems handling tax and welfare payments and protect the citizens who interact with those systems. There is much that can be done to extend these models to provide real-time protection and defense of our digital economy, the critical infrastructure that underpins it, and the firms that provide that.