We are living in a digital economy. Process automation of enterprise workflows encompassing various tedious and mundane tasks is on the rise. While the perks of this transformation- mobility, agility, and convenience- cannot be ignored, the big question still remains- how secure is the management of data captured in this digitally integrated environment?
Most enterprise automation softwares have a set of functions and procedures that allow the creation of applications which access the features or data of an operating system, application, or other services. This enables organizations to have a faster, almost continuous workflow in the forefront while allowing different apps to interact with one another seamlessly in the background. Functionally, this is a win win situation providing convenience to the end user & hassle-free software compatibility for the implementation team at the enterprise.
However, the understanding of the hindsight is coming of age now. With the mass integration of various softwares at the workplace, the enterprises are now waking up to the importance of securing access to individual components & data. Ensuring that the right individual gains access to the right enterprise assets in the right context. Access management is set to occupy a major share in the overall enterprise security sector. Security services will continue to be the fastest growing segment in enterprise IT, in fact, they comprise 63% of the total IT enterprise market currently. Spending on information security products and services in India is forecasted to reach $1.5 billion in 2018, up 12 percent over 2016 says a report by Mckinsey. Given this transformation following trends would continue to play an important role in the near future.
“DevOps has become second nature for agile, high-performing enterprises and a foundation for the success of their online business,” says Pascal Geenens, a security evangelist and researcher at Radware. IT has historically operated in silos from other business units in the enterprise. DevSecOps (development, security & operations) for the first time is getting automated & synced for cross-functional teams to work together, minimize vulnerabilities and bringing security closer to IT and business objectives – this could be the case when migrating to microservices, building out a CI/CD pipeline, compliance automation or simply testing cloud infrastructure.
Attribute Based Access Control
A good access control helps you define what users can do with applications by providing multiple mechanisms to ensure the right people, get the right access, to the right things—at the right time. Traditionally access control decisions were simpler based on broad categorisation of user roles or designations. As business applications now become more complex & decision making process needs more granularity under a certain set of rules & conditions- is when Attribute Based Access Control (ABAC) is used. ABAC provides the most flexible, dynamic and comprehensive authorization model based on the attributes of the individual user matched with the attributes of the data & attributes of the environment under which the access is being granted.
New age regulatory compliance
Entities operating in the EU or even outside have to significantly adjust their businesses if they hold, process or transact with data of EU nationals. GDPR mandates companies and authorities to take unambiguous consent from users (customers/ employees/ visitors) for their data, explicitly mentioning its use, and giving people the option to revoke the consent any time. Firms violating these rules will have to cough up penalties of 2-4% of their annual revenues or nearly $25 million, whichever is higher. As per industry estimates, only one-third of Indian companies are prepared for the change. Enterprises are now waking up to the need of opting for software solutions that can provide the foundation for them to become GDPR compliant. For instance – Veris, a visitor management software solution for offices and multi-tenant buildings- in its latest update is now working with many of its Fortune 500 clients to enforce GDPR compliance-
- by collecting only the visitor data absolutely needed by the enterprise,
- by taking necessary consents for data usage,
- by providing the visitors an option to opt out of visitor management services,
- by storing visitor data only for a stipulated period of time as per the need requirement of the enterprise,
- by implementing a robust data breach notification plan
- by leading all data security efforts under the guidance of a Data Protection Officer
Physical Identity and Access Management
Enterprises are increasingly automating routine tasks like parking management, visitor management, material movement process, meeting room booking, attendance tracking etc using enterprise softwares. Physical access solutions such as the above directly link to enterprise security for two reasons. One- they process data to authenticate personnel/ visitor identity & movement within an enterprise, Two- they integrate with a number of other IT applications within the enterprise for seamless workflows. Given these factors, the choice of such softwares needs to be well thought off from the security angle. Most established companies now follow a rigorous vetting process to evaluate these softwares.
Enterprises are now unifying and integrating their security platform by linking IT, OT and Physical Security for seamless provisioning and risk prevention.