Herjavec Group: Don't Forget Security in Digital Transformation

Herjavec Group: Don’t Forget Security in Digital Transformation

Written by Edward Gately
January 15, 2020

Threat modeling allows an organization to assess the threat landscape.

With organizations globally focused on making the most of digital transformation, it’s important for them to place as much emphasis on cybersecurity.

That’s according to Herjavec Group‘s latest Cyber Conversations for the C-Suite Report. Robert Herjavec, Herjavec founder and CEO, and Shark Tank star, surveyed his executive team on how context-based identity programs, industry-specific threat modeling and security orchestration, automation and response (SOAR) tools play a pivotal role in securing digital transformations.

Adam Crawford, vice president of managed services at Herjavec, tells us the report points to challenges and opportunities for MSSPs and other cybersecurity providers in that enterprises are moving very fast to incorporate tools and technologies for both internal and customer audiences, and in most cases security teams are left to catch up to these business requirements, he said.

Herjavec Group’s Adam Crawford

The three top conversations security professionals should be having are around identity, threat modeling and SOAR, he said.

“Threat modeling allows an organization to assess the threat landscape and understand how threat actors would target their organization, allowing them to understand the security controls in place to detect or respond to potential tactics employed by threat actors,” Crawford said. “Organizations can measure their ability to detect and respond to identified threat vectors, and how effective their employed controls are to manage the risk.”

SOAR can assist in automating some of the manual work performed by security operations personnel, allowing an increased mean time to detect (MTTD) in respect to a potential incident, he said. In addition, the orchestration functionality of SOAR allows for integrated access to the security controls used to protect the organization and potential automatic configuration of the security control in respect to execution of a specific playbook.

In addition, it’s important to build a context-aware security program that focuses on the identity of the user accessing the data, according to Herjavec.

The most common mistakes made by organizations when adopting a digital transformation strategy are not including the security group during the inception of the project and having them as an important stakeholder throughout the life cycle of the project, Crawford said. Usually the competitive demands and rush to get to market result in the security group being an afterthought in the digital-transformation process, he said.

Herjavec recommends having three key conversations with your executive team this year in order to prepare for the inevitable digital transformations facing your enterprise:

Is your identity focused digital transformation driven by content or context?
How are you practicing proactive and customized security planning through threat modelling?
Are you maximizing the power of SOAR?

“Digital transformation isn’t new, and it certainly isn’t bad,” Herjavec said. “It’s important to understand that as enterprises embrace digital transformation, their security measures must evolve in response. The CIOs and CISOs I meet daily are challenged to manage the risk associated with these digital transformation efforts.”