Digital Trust: Cyber Security Becomes a Strategic Asset IDC_Simon Piff.pdfdigital determination 2 DX...
Transcript of Digital Trust: Cyber Security Becomes a Strategic Asset IDC_Simon Piff.pdfdigital determination 2 DX...
www.cloudsec.com | #cloudsec
Digital Trust: Cyber Security Becomes a Strategic Asset
Simon Piff | VP Security Research
IDC Asia Pacific
Race to reinvent for multiplied innovation requires digital determination
2
DX initiatives are
tactical and
disconnected from
enterprise strategy
DX initiatives are
initiated at the
functional or LoB
level with some
connection to
enterprise strategy
DX initiatives are
tied to enterprise
strategy but with
short-term focus
Integrated,
continuous
enterprise-wide DX
innovation is in
place with
operations and
customer/service
experiences
The enterprise
strategy is to use
DX to transform
markets and
customers by
creating new
business models
and products/
service
10.6% 24.9% 24.9% 28.3% 11.3%
Digitally distraught Digitally determined
Source: IDC WW DX Executive Sentiment Survey, 2018 (APeJ N=1,011; 776 CIO/CTO/CISO and 235 CEO/LoB); Q2, Q5
3
20
17
$-
$2,000
$4,000
$6,000
$8,000
$10,000
$12,000
$14,000
2006 2007 2008 2009 2010 2011 2012 2013 2014 2015 2016
DX Leader BankFinancials Over 10-Year Period ($M)
Revenue Profit before tax
$-
$2,000
$4,000
$6,000
$8,000
$10,000
$12,000
$14,000
2006 2007 2008 2009 2010 2011 2012 2013 2014 2015 2016
DX Laggard Bank Financials Over 10-Year Period ($M)
Revenue Profit before tax
43% more in revenue and
S$1.3 billion more in profit!
The economic impact of DX
Source: IDC IT Industry FutureScape 2018, Nov 2017; Prediction #1; Digitization and Digitalization can be used interchangeably to refer to DX; Publicly available financial data from respective banks
IaaS
Australia
Singapore
New Zealand
Hong Kong
Thailand
Indonesia
Malaysia
Philippines
© IDC 4
2019 Cloud Share & Growth by Country
PaaS
Australia
Singapore
Hong Kong
New Zealand
Malaysia
Thailand
Indonesia
Philippines
SaaS
Australia
Singapore
New Zealand
Hong Kong
Thailand
Malaysia
Philippines
Indonesia
13.5%
11.8%
15.2%
18.6%
14.7%
17.4%
13.7%
11.8%13.2%
0.0%
2.0%
4.0%
6.0%
8.0%
10.0%
12.0%
14.0%
16.0%
18.0%
20.0%
Region Australia New Zealand
Cloud Growth 5year CAGR 2019 -2023
IaaS PaaS SaaS
0.0%
10.0%
20.0%
30.0%
40.0%
50.0%
60.0%
70.0%
80.0%
Total Australia New Zealand
Mobile user devices Public Cloud - Software-as-a-Service
Public Cloud - Infrastructure-as-a-Service Corporate Internet-of-Things devices
10+ year-old legacy systems Public Cloud - Platform-as-a-Service
Existing corporate network Current on-prem data center
Consumer Internet of Things devices Connected business partner systems
Industrial Control Systems / Critical Infrastructure
© IDC 5
Mobile & Cloud Concerns Driving Security
Source: IDC IT Industry FutureScape 2018, Nov 2017; Prediction #1; Digitization and Digitalization can be used interchangeably to refer to DX; Publicly available financial data from respective banks
Cloud concerns high in ANZ
NZ concerns around legacy
Current on-
prem!!
6
Source: IDC FutureScapes 2019 – Prediction #6 of CIO Agenda (Nov 2018)
Resilience By 2020, 55% of CIOs will initiate a digital trust framework that goes beyond preventing cyberattacks and enables organizations to resiliently rebound from adverse situations, events, and effects.
Impact on
technology buyers
• Prevention is not enough; every enterprise will be attacked or impacted by
adverse events and CIOs must lead efforts to build resilience for response and
recovery.
• Security products and solutions must be complemented with adaptive processes
that respond to the changing nature of attacks. Bolster “sense and respond”
measures with proactive approaches to security.
• Security and trust are attributes of the business, so IT has a significant stake in
brand and reputation management.
• Make security a highly visible and vital part of all IT and LoB workers’ job
responsibilities.
• Build resiliency by simulating attacks and testing responses on an ongoing basis.
IDC
© IDC 7
Digital Trust: The Key Driver for Digital Transformation
In 1972, Nobel Prize winning economist Kenneth Arrow pointed out that "virtually every commercial transaction has within itself an element of trust, certainly any transaction conducted over a period of time. It can be plausibly argued that much of the economic backwardness in the world can be explained by the lack of mutual confidence".
It typically involves concepts of collaboration and reputation in driving decisions
© IDC 8
Data-driven risk management
Level 1: Internal IT risk architecture, methods, data
Level 2: Shared IT resource risk architecture, methods, data
Level 3: Digital activity reputation methods, data
Level 4:Organization reputation
IDC digital trust framework
Source: IDC Digital Trust Practice, 2019
IDC Digital Trust Index
9© IDC
37.3
-1.5
21.9
-4.5
10 9
12.4
7.5 8
3.5
-8.5
-1.5
-13.4
1
-5.5
6
-0.5
-5.5
8.2
-10.2
-17.9-19.7
-22.6-24.9
-27.1
-30.3-32.1 -33.1
-36.6
-44
-48.8 -49 -49.8
-55
CISOs’ most trusted market segments
Your Company
0
Your Business
PartnersTop 20 High Tech
Companies
Cloud Service
Providers
Online Financial
ServicesTop 20 Online
Media
Social Media
Companies
All Online
MediaInternet Users in-
Country
Other GovernmentsYour Government Top 20 eCommerce
Sites
Internet Service
Providers
Your Direct
Competitors
Top 1,000 Online
Sites
All Online Entities Online Health Care
Services
All Internet Users
US APeJ
Source: US and APeJ Digital Trust and Cyber Economics Study 2018
IDC Digital Trust Index – ANZ!
37.3
-1.5
21.9
-4.5
10 9 12.47.5 8
3.5
-8.5-1.5
-13.4
1
-5.5
6
-0.5-5.5
8.2
-10.2-17.9 -19.7 -22.6 -24.9 -27.1 -30.3 -32.1 -33.1 -36.6
-44-48.8 -49 -49.8
-55-61.9 -63.2
20
-70
-37
-50
-40
-53 -50 -47
-57
-43
-73-80
-73-80 -80
-43
-70 -70
10
-60
-20-27
-50-43
-53
-63
-73
-20
-77
-67
-93-87
-93
-60
-97-93
-120
-100
-80
-60
-40
-20
0
20
40
60
US APeJ Australia New Zealand
Your Company
Your Business
PartnersTop 20 High Tech
Companies
Cloud Service
Providers
Online Financial
ServicesTop 20 Online
Media
Social Media
Companies
All Online
MediaInternet Users in-
Country
Other GovernmentsYour Government Top 20 eCommerce
Sites
Internet Service
Providers
Your Direct
Competitors
Top 1,000 Online
Sites
All Online Entities Online Health Care
Services
All Internet Users
Source: US and APeJ Digital Trust and Cyber Economics Study 2018
Do We Agree On What To Focus On?
Source: APeJ Digital Trust and Cyber Economics Study 2018
0.0%
5.0%
10.0%
15.0%
20.0%
25.0%
30.0%
35.0%
Top 3 Qualities That Affect Perception of Trustworthiness
APeJ Australia New Zealand
Are We Focussing On The Right Things?
Digital Trust!
Compliance
0.00%
10.00%
20.00%
30.00%
40.00%
50.00%
60.00%
70.00%
80.00%
90.00%
APeJ Australia New Zealand
New ZealandFocus on trust 3%
0% increase in sharing security
information
Source: APeJ Digital Trust and Cyber Economics Study 2018
Digital Trust – Core Concepts
Level 4: Organization Reputation
Level 3: Digital Activity Reputation
Methods, Data
Level 2: Shared IT Resource Risk
Architecture, Methods, Data
Level 1: Internal IT Risk
Architecture, Methods, Data
DigitalTrustIDENTITY
VULNERABILITY THREAT
TRUST
Bug Bounties
as Goodwill
Privacy &
Consumer Rights
3rd/4th Party Risk
Jurisdiction
Attribution &
Info Sharing
14
Digital Trust Part I: Risk ManagementIntelligent Core
and Data ServicesIntelligent Core
and Data ServicesIntelligent Core
and Data ServicesIntelligent Core
and Data Services
Developer Services
Engagement Services
Integration and Orchestration Services
Identity
Management
Vulnerability
Management
Threat
Management
Trust
Management
Multifactor auth. and federation
Hardened security posture
Cognitive and analytics
Blockchain and rights management
Risk-based authentication
Security orchestration
Monitoring and automation
PKI/ certificates and roots of trust
User behavior analytics
PaaS/ API Security
SecDevOps
Threat modelling
Software security data sheets
Federation and notification
SDN security and third-party scores
Intelligence and deception
Compliance and cyberinsurance
Digital Trust Part II: Reputation Management
IDENTITY
VULNERABILITY THREAT
TRUST
© IDC
Bug Bounties
as Goodwill
Privacy &
Consumer Rights
3rd/4th Party Risk
Jurisdiction
Attribution &
Info Sharing
16 Source: IDC FutureScapes 2019 – Prediction #6 of CIO Agenda (Nov 2018) 16© IDC, 2017
Data-driven security and trustBy 2020, 55% of CIOs will initiate a digital trust framework that goes beyond preventing cyberattacks and enables organizations to resiliently rebound from adverse situations, events, and effects.
IDC
• Digital Trustworthiness Impacts Business Success
• Transparency and Ethics; Collaboration and Reputation help define Trust
• The Data Economy is upon us; maintaining security and integrity of data become business drivers
• Customer intimacy breeds success, but as custodians of customer data, there are security implications
• Cloud is a critical enabler of DX – embrace, understand and position
• Security needs to redefine it’s value to the business
• Change the conversation from “IT Security” to “Business Risk that IT can help mitigate”
#cloudsec www.cloudsec.com
THANK YOUSimon Piff | IDC Asia Pacific