[Infographic] Five Monster Threats to a Secure Digital Transformation
Five Monster Threats to a Secure Digital Transformation
You're underway with your transformation program, ensuring you’re ready for the next generation of digital innovation. On your journey you'll face many hidden monsters that pose a threat to security and compliance.
We’ve outlined the biggest threats to watch out for on your digital transformation journey as well tips on how to overcome them.
1. The Non-Compliance Goblin
The Threat
Every year this goblin visits to check you’re following the required terms of compliance… if you’re not, beware!
The Impact
The goblin kicks things off with an audit, creating chaos as the organisation rushes to ensure they have the documents needed - often delaying projects in progress. If the goblin finds sizable non-compliance items you'll be in for a massive fine that could wipe out your profits.
- Financial Hit: 80
- Operational Challenge: 30
- Customer Threat: 50
- Risk Factor: 20
How to Defeat
Automate! Use a CSPM solution and automate most of compliance checks via code
2. The Hacker Troll
The Threat
The Hacker Troll plots to infiltrate your
environment. They'll exploit public-facing apps, misconfigurations in the systems or use techniques such as phishing to get in!
The Impact
This troll can spread ransomware across your entire network and make you pay up. They can use phishing to infiltrate your systems or encrypt your files using ransomware. Beware, they'll exploit any vulnerability they can.
- Financial Hit: 60
- Operational Challenge: 50
- Customer Threat: 50
- Risk Factor: 100
How to Defeat
Follow the MITRE ATT&CK framework to prevent common vectors of attack. Shift security left - ensure anything you deploy goes through some security scans. Embed a culture of security in your teams, do threat modelling exercises and evaluate the controls you have in place to prevent future attacks.
3. The Devil Vendor
The Threat
Watch out for this slippery devil! Vendors always attempt to rebrand their old on-prem solutions as cloud friendly. They’ll use existing relationships to worm their way in but be warned - it might be a deal just too good to be true.
The Impact
This devil attacks in multiple ways! They'll sweet talk their way in to gather support whilst luring you in with a free trial to check out the functionality. They'll lock you in for 2-3 years with the promise of a great discount - but once that deal is signed you'll need to purchase additional services for it to work.
- Financial Hit: 50
- Operational Challenge: 40
- Customer Threat: 40
- Risk Factor: 10
How to Defeat
Consider cloud native services first. Even if the solution is 70% feature complete in the next couple of years it will surpass the legacy choice. Ask the devil if they provide APIs or offer the product as SaaS - you can save money not running it yourself! Don't do short trials - a minimum of three months is needed!
4. The On-Prem Mummy
The Threat
The mummy just wants things to stay the way they are! Refuses to learn about cloud and delays any initiatives to speed things up!
The Impact
This mummy slows things down! Will take their time to respond to requests, refuse to cooperate and can actively prevent you from becoming more cloud-native. They'll hide behind security requirements or architecture standards to keep you on-prem.
- Financial Hit: 40
- Operational Challenge: 80
- Customer Threat: 20
- Risk Factor: 40
How to Defeat
Educate them about cloud! Whether that be through training, certifications or game days and hackathons to show the art of the possible in the cloud. Bring in new security architects to help your teams understand new concepts.
5. The Yes Djinn
The Threat
The Yes Djinn often comes in the form or your Material Risk Taker. Teams will visit the Djinn when they need to implement a new solution and when they need to cut corners. Usually that corner is security! Once the Djinn says YES it's written in stone.
The Impact
The Djinn can be the most expensive monster to deal with in your cloud journey. You often won't see the damage caused until a year later where correct security functionality hasn't been implemented and the Hacker Troll has made his way in!
- Financial Hit: 100
- Operational Challenge: 80
- Customer Threat: 40
- Risk Factor: 90
How to Defeat
Avoid having a single Djinn and make decisions by quorum. Focus on facts not favours. Make sure your Djinn understands the risks and keep them accountable - if a risk was accepted it needs to be remediated!
To find out more about these threats and for additional advice on how to successfully navigate your digital transformation journey, get in touch!
The State of the Public Cloud in the Enterprise: Contino Research Report 2020
Why is the public cloud the greatest enabler in a generation? We asked 250 IT decision-makers at enterprise companies about the state of the public cloud in their organisation