Approach digital transformation with urgency and caution, Paul Hidalgo Trend Micro
At its core, digital transformation helps tackle the traditional business challenges with digital technologies, such as mobility, cloud, IoT. In the early days of digital transformation, companies had pursued growth and innovation at the expense of security. They decided that security should not slow down digital transformation, and could be attended to at a later time.
This approach has led to some cybersecurity issues and even data breaches. In recent years, many enterprises have taken on a balanced approach – they try to incorporate security into their digital plan in the early stages.
“At Trend Micro, we believe there is another crucial piece to the digital transformation roadmap – security. We believe that approaching digital transformation with both urgency and caution should be the way to move forward,” says Paul Hidalgo, Cloud Business Development Manager AMEA, Trend Micro.
Cloud adoption is definitely one of the biggest key drivers of digital transformation. Synergy Research said in early 2018 that cloud computing market in the Gulf Cooperation Council was worth $180 billion in vendor revenues and would grow by 24% a year. However, compared to other regions, GCC’s spending on cloud services is still one of the lowest across the world.
And this is partially due to the fact that there is currently a dearth of cloud service providers located in the region. A lack of cloud-specific regulations locally also means confusion and difficulty in meeting compliance goals for companies.
However, opportunities abound. Being late to cloud adoption is not all that bad. For one, GCC is able to leapfrog technology and avoid some of the mistakes the other more adventurous regions were not able to. Secondly, both Microsoft and Amazon have committed to opening their first dedicated datacenters in the Middle East by 2019. “We expect cloud adoption to ramp up after that,” continues Hidalgo.
Another key driver for business transformation is the increasing availability of specialised knowledge and services in the market. For one, companies should start learning and looking into urgent cybersecurity matters, such as hybrid cloud security and network defense. Threats taking advantage of the cloud and the network will inevitably rise as cloud adoption gathers steam.
Cloud vulnerabilities
First and foremost, the threats and vulnerabilities encountered in the cloud environment are the same as those in the on-premise environment. The reason is that both cloud and on-premise run on software, and software has vulnerabilities.
“One of the biggest misconceptions about cloud is that it is less secure than its on-premise counterpart. This is not true,” explains Hidalgo.
Cloud security operates on a different model from on-premises security. In this model, cloud service providers, such as AWS or Microsoft Azure, protect the infrastructure, physical servers, power, cooling, networking, and who has access to the datacenters.
“However, this does not mean the customer’s job is done. They need to be responsible for everything that is in the cloud, including data, applications, and operating systems. Any business thinking of adopting the cloud needs to be aware of this security model,” adds Hidalgo.
Secondly, they need to make sure that the security solutions they use are made for the cloud environment. This will eliminate compatibility issues and provides better protection. Thirdly, companies need to automate their security. Cloud is all about automation and accelerating deployment, and security needs to move at the same speed. These are some of the things, companies need to deal with as they transition to cloud.
IoT vulnerabilities
IoT as a category encompasses many aspects of segmentation, such as connected homes and cities, connected cars, wearables, sensors deployed in the industrial environment monitoring different parameters of the machines, to name a few.
The biggest danger about IoT devices is that they often come with default passwords that do not get changed even after deployment. This makes them vulnerable to hacking. IoT devices also have too many hardware constraints, making sophisticated security implementation difficult.
And they also cannot install or deploy security software after they have been shipped to the market. This means the only way to fix any security issue is to go through firmware updates.
Trend Micro solutions
Protecting the cloud
Trend Micro Deep Security solution is made for the physical, virtual, cloud, and hybrid environments. Integrated with cloud platforms such as AWS, Microsoft Azure, and VMware Cloud, Deep Security is easy to use and provides a centralised platform for managing all cloud workloads. It also prevents data breaches and ensures business uptime. In addition, Deep Security helps companies meet major compliance requirements, and provides audit reports and compliance status.
When customers migrate from on-premise servers to the cloud, they often do not know or cannot decide at once how many servers will be moved. In this case, they will benefit from a more flexible solution. Customers who are using AWS can easily get Deep Security as a Service from AWS Marketplace. With agile security built for the cloud, it can secure workloads in minutes and features a usage-based pricing.
Trend Micro’s Deep Security enables security polices to be automatically applied, maintained, and scaled across the cloud environment, allowing IT administrators to easily manage the workloads.
Protecting IoT networks
Trend Micro has a full-range of protection to secure IoT, including the edge, network, and cloud. For network and edge layer protection, Trend Micro IoT Security is a built-in IoT security software that monitors and protects IoT devices from potential risks, such as data breaches and ransomware attacks. Trend Micro IoT Security can be integrated or pre-installed in IoT devices during the product development cycle. It works with IoT devices, mobile apps, web apps, and IoT gateways. On top of IoT security, companies should also implement security solutions for the network and cloud layers.
