The age of digital transformation is upon us. Cloud, virtualisation and containerisation are becoming mainstream. With all of the buzzwords and technology hype, it is easy to forget the real business drivers behind this age of innovation. Established industries like finance and healthcare are being disrupted by new and nimble startups that have leap-frogged established players with new technologies that bring tremendous competitive advantage with speed-to-market, flexibility and resiliency. Now, established enterprises are adopting these new technologies to ensure and recapture their market leadership positions. It truly is an exciting time in B2B technology, but what about the engine of the enterprise? Business critical applications are the motor that keep firms running. They too are seeing change with the adoption of cloud and SaaS applications, but are often overlooked when it comes to their security.
Business critical for a reason
Consider the vast information and applications within your organisation. Depending on your line of work and industry you will have your own list of critical business applications and related data that if compromised or lost, put your business at a stand-still. These can include applications like financial transaction apps, and their related sensitive customer data, enterprise resource planning (ERP) applications that help manage crucial inventory for retailers or hospitals, or critical electronic health record (EHR) applications storing vital electronic personal health information (ePHI) for health care providers, hospitals and insurers.
But how do organisations secure all of this sensitive information and the applications that store and manage it? Unfortunately, many business and IT stakeholders in the Asia-Pacific region are lagging in cyber security investment, and are finding themselves in a risky position even though they are as likely as the Americas region to report that they are in the process of migrating business-critical applications to the cloud. While they are doing a great job curating the right applications for their needs, they are missing the boat on protecting these costly investments that run their enterprises – and drive customer relationships.
Similarly, in a recent poll of business and IT decision makers, we uncovered that nearly three quarters of respondents did not prioritise the security of business critical applications even though over 60 percent acknowledged that the slightest downtime affecting business critical app would massively disrupt and severely impact the business. Forrester Research estimates that 80 percent of security breaches are related to compromised, privileged credentials. In Asia, this is especially important since the region accounted for about 27 percent of compromised records globally in the first half of 2018. The stakes are only growing, as hackers are known to be 80 percent more likely to target APAC companies and are beginning to incur a higher financial impact and multiple breach attempts from the same hackers. So what businesses can do to secure their business critical apps? Consider taking these five steps to secure the most important applications running the business.
1. Identify what apps are truly business critical
As a security leader, it goes without saying that you need to be one with the business. Get to know your line of business leaders and the leaders of key functions such as finance, human resources and marketing. Once you have a handle on important business initiatives, you will be in a better place to identify the business apps that are truly critical. These could be SaaS applications or even custom applications built using DevOps tools and methodologies.
2. Get comfortable with the cloud (and securing it)
Businesses are rapidly migrating to hybrid cloud solutions. Businesses need to understand what is their cloud strategy, migration plan and timelines are for on-premises applications that are moving to the cloud or new cloud-native applications. It is essential to partner cross-functional stakeholders to ensure privileged access security is a majorconsideration when businesses are looking to migrate applications to the cloud or to adopt new cloud applications.
3. Secure the access of the admins who manage your business critical applications
Once business critical applications are identified, vault and rotate alladmin credentials associated with these apps, including the underlyinginfrastructure. Also isolate sessions to prevent credential theft and providesa full audit trail of all privileged activity involving your business-criticalapplications. Bear in mind that in many cases, the admins for your theseapps will sit outside IT as part of a line of business or within a functionalorganisation such as Finance, HR or Marketing.
4. Don’t forget the machines
Secure the human and application-to-application privileged credentials and service accounts used by your business-critical on-premises applications, SaaS applications as well as your cloud-native applications built using DevOps tools and methodologies. The use of hard-coded credentials represents a significant security risk to your business critical applications and should be eliminated.
5. Limit the risk to your business critical applications from unmanaged end user workstations
Prevent attacks against your business critical apps by removing local admin rights to prevent the download ofmalware. Also invest in anti-phishing protection and security education andawareness to educate end users so they can recognize phishing attacks as well.Privileged access security solutions offer you the opportunity to take aholistic approach to protecting your business-critical applications. Nomatter how your environment and users change, you can prioritise andprotect your most valuable applications and data.
The downsides of compromised business critical applications are clear: the negative impact to the bottom line, soured customer relations and continuing business risks from compromised data. Conversely, the upside of implementing a strong privileged access security solution does more than secure applications, it also offers business benefits to the entire organization.