www.cloudsec.com | #cloudsec

Digital Trust: Cyber Security Becomes a Strategic Asset

Simon Piff | VP Security Research

IDC Asia Pacific

Race to reinvent for multiplied innovation requires digital determination

2

DX initiatives are

tactical and

disconnected from

enterprise strategy

DX initiatives are

initiated at the

functional or LoB

level with some

connection to

enterprise strategy

DX initiatives are

tied to enterprise

strategy but with

short-term focus

Integrated,

continuous

enterprise-wide DX

innovation is in

place with

operations and

customer/service

experiences

The enterprise

strategy is to use

DX to transform

markets and

customers by

creating new

business models

and products/

service

10.6% 24.9% 24.9% 28.3% 11.3%

Digitally distraught Digitally determined

Source: IDC WW DX Executive Sentiment Survey, 2018 (APeJ N=1,011; 776 CIO/CTO/CISO and 235 CEO/LoB); Q2, Q5

3

20

17

$-

$2,000

$4,000

$6,000

$8,000

$10,000

$12,000

$14,000

2006 2007 2008 2009 2010 2011 2012 2013 2014 2015 2016

DX Leader BankFinancials Over 10-Year Period ($M)

Revenue Profit before tax

$-

$2,000

$4,000

$6,000

$8,000

$10,000

$12,000

$14,000

2006 2007 2008 2009 2010 2011 2012 2013 2014 2015 2016

DX Laggard Bank Financials Over 10-Year Period ($M)

Revenue Profit before tax

43% more in revenue and

S$1.3 billion more in profit!

The economic impact of DX

Source: IDC IT Industry FutureScape 2018, Nov 2017; Prediction #1; Digitization and Digitalization can be used interchangeably to refer to DX; Publicly available financial data from respective banks

IaaS

Australia

Singapore

New Zealand

Hong Kong

Thailand

Indonesia

Malaysia

Philippines

© IDC 4

2019 Cloud Share & Growth by Country

PaaS

Australia

Singapore

Hong Kong

New Zealand

Malaysia

Thailand

Indonesia

Philippines

SaaS

Australia

Singapore

New Zealand

Hong Kong

Thailand

Malaysia

Philippines

Indonesia

13.5%

11.8%

15.2%

18.6%

14.7%

17.4%

13.7%

11.8%13.2%

0.0%

2.0%

4.0%

6.0%

8.0%

10.0%

12.0%

14.0%

16.0%

18.0%

20.0%

Region Australia New Zealand

Cloud Growth 5year CAGR 2019 -2023

IaaS PaaS SaaS

0.0%

10.0%

20.0%

30.0%

40.0%

50.0%

60.0%

70.0%

80.0%

Total Australia New Zealand

Mobile user devices Public Cloud - Software-as-a-Service

Public Cloud - Infrastructure-as-a-Service Corporate Internet-of-Things devices

10+ year-old legacy systems Public Cloud - Platform-as-a-Service

Existing corporate network Current on-prem data center

Consumer Internet of Things devices Connected business partner systems

Industrial Control Systems / Critical Infrastructure

© IDC 5

Mobile & Cloud Concerns Driving Security

Source: IDC IT Industry FutureScape 2018, Nov 2017; Prediction #1; Digitization and Digitalization can be used interchangeably to refer to DX; Publicly available financial data from respective banks

Cloud concerns high in ANZ

NZ concerns around legacy

Current on-

prem!!

6

Source: IDC FutureScapes 2019 – Prediction #6 of CIO Agenda (Nov 2018)

Resilience By 2020, 55% of CIOs will initiate a digital trust framework that goes beyond preventing cyberattacks and enables organizations to resiliently rebound from adverse situations, events, and effects.

Impact on

technology buyers

• Prevention is not enough; every enterprise will be attacked or impacted by

adverse events and CIOs must lead efforts to build resilience for response and

recovery.

• Security products and solutions must be complemented with adaptive processes

that respond to the changing nature of attacks. Bolster “sense and respond”

measures with proactive approaches to security.

• Security and trust are attributes of the business, so IT has a significant stake in

brand and reputation management.

• Make security a highly visible and vital part of all IT and LoB workers’ job

responsibilities.

• Build resiliency by simulating attacks and testing responses on an ongoing basis.

IDC

© IDC 7

Digital Trust: The Key Driver for Digital Transformation

In 1972, Nobel Prize winning economist Kenneth Arrow pointed out that "virtually every commercial transaction has within itself an element of trust, certainly any transaction conducted over a period of time. It can be plausibly argued that much of the economic backwardness in the world can be explained by the lack of mutual confidence".

It typically involves concepts of collaboration and reputation in driving decisions

© IDC 8

Data-driven risk management

Level 1: Internal IT risk architecture, methods, data

Level 2: Shared IT resource risk architecture, methods, data

Level 3: Digital activity reputation methods, data

Level 4:Organization reputation

IDC digital trust framework

Source: IDC Digital Trust Practice, 2019

IDC Digital Trust Index

9© IDC

37.3

-1.5

21.9

-4.5

10 9

12.4

7.5 8

3.5

-8.5

-1.5

-13.4

1

-5.5

6

-0.5

-5.5

8.2

-10.2

-17.9-19.7

-22.6-24.9

-27.1

-30.3-32.1 -33.1

-36.6

-44

-48.8 -49 -49.8

-55

CISOs’ most trusted market segments

Your Company

0

Your Business

PartnersTop 20 High Tech

Companies

Cloud Service

Providers

Online Financial

ServicesTop 20 Online

Media

Social Media

Companies

All Online

MediaInternet Users in-

Country

Other GovernmentsYour Government Top 20 eCommerce

Sites

Internet Service

Providers

Your Direct

Competitors

Top 1,000 Online

Sites

All Online Entities Online Health Care

Services

All Internet Users

US APeJ

Source: US and APeJ Digital Trust and Cyber Economics Study 2018

IDC Digital Trust Index – ANZ!

37.3

-1.5

21.9

-4.5

10 9 12.47.5 8

3.5

-8.5-1.5

-13.4

1

-5.5

6

-0.5-5.5

8.2

-10.2-17.9 -19.7 -22.6 -24.9 -27.1 -30.3 -32.1 -33.1 -36.6

-44-48.8 -49 -49.8

-55-61.9 -63.2

20

-70

-37

-50

-40

-53 -50 -47

-57

-43

-73-80

-73-80 -80

-43

-70 -70

10

-60

-20-27

-50-43

-53

-63

-73

-20

-77

-67

-93-87

-93

-60

-97-93

-120

-100

-80

-60

-40

-20

0

20

40

60

US APeJ Australia New Zealand

Your Company

Your Business

PartnersTop 20 High Tech

Companies

Cloud Service

Providers

Online Financial

ServicesTop 20 Online

Media

Social Media

Companies

All Online

MediaInternet Users in-

Country

Other GovernmentsYour Government Top 20 eCommerce

Sites

Internet Service

Providers

Your Direct

Competitors

Top 1,000 Online

Sites

All Online Entities Online Health Care

Services

All Internet Users

Source: US and APeJ Digital Trust and Cyber Economics Study 2018

Do We Agree On What To Focus On?

Source: APeJ Digital Trust and Cyber Economics Study 2018

0.0%

5.0%

10.0%

15.0%

20.0%

25.0%

30.0%

35.0%

Top 3 Qualities That Affect Perception of Trustworthiness

APeJ Australia New Zealand

Are We Focussing On The Right Things?

Digital Trust!

Compliance

0.00%

10.00%

20.00%

30.00%

40.00%

50.00%

60.00%

70.00%

80.00%

90.00%

APeJ Australia New Zealand

New ZealandFocus on trust 3%

0% increase in sharing security

information

Source: APeJ Digital Trust and Cyber Economics Study 2018

Digital Trust – Core Concepts

Level 4: Organization Reputation

Level 3: Digital Activity Reputation

Methods, Data

Level 2: Shared IT Resource Risk

Architecture, Methods, Data

Level 1: Internal IT Risk

Architecture, Methods, Data

DigitalTrustIDENTITY

VULNERABILITY THREAT

TRUST

Bug Bounties

as Goodwill

Privacy &

Consumer Rights

3rd/4th Party Risk

Jurisdiction

Attribution &

Info Sharing

14

Digital Trust Part I: Risk ManagementIntelligent Core

and Data ServicesIntelligent Core

and Data ServicesIntelligent Core

and Data ServicesIntelligent Core

and Data Services

Developer Services

Engagement Services

Integration and Orchestration Services

Identity

Management

Vulnerability

Management

Threat

Management

Trust

Management

Multifactor auth. and federation

Hardened security posture

Cognitive and analytics

Blockchain and rights management

Risk-based authentication

Security orchestration

Monitoring and automation

PKI/ certificates and roots of trust

User behavior analytics

PaaS/ API Security

SecDevOps

Threat modelling

Software security data sheets

Federation and notification

SDN security and third-party scores

Intelligence and deception

Compliance and cyberinsurance

Digital Trust Part II: Reputation Management

IDENTITY

VULNERABILITY THREAT

TRUST

© IDC

Bug Bounties

as Goodwill

Privacy &

Consumer Rights

3rd/4th Party Risk

Jurisdiction

Attribution &

Info Sharing

16 Source: IDC FutureScapes 2019 – Prediction #6 of CIO Agenda (Nov 2018) 16© IDC, 2017

Data-driven security and trustBy 2020, 55% of CIOs will initiate a digital trust framework that goes beyond preventing cyberattacks and enables organizations to resiliently rebound from adverse situations, events, and effects.

IDC

• Digital Trustworthiness Impacts Business Success

• Transparency and Ethics; Collaboration and Reputation help define Trust

• The Data Economy is upon us; maintaining security and integrity of data become business drivers

• Customer intimacy breeds success, but as custodians of customer data, there are security implications

• Cloud is a critical enabler of DX – embrace, understand and position

• Security needs to redefine it’s value to the business

• Change the conversation from “IT Security” to “Business Risk that IT can help mitigate”

#cloudsec www.cloudsec.com

THANK YOUSimon Piff | IDC Asia Pacific