Rishi Mehta is the Chief Information Security Officer at Cyble, an AI-powered, Y Combinator-backed, cyber threat intelligence company that empowers organisations with darkweb and cybercrime monitoring and mitigation services.
In a career spanning over 20 years, Rishi has made his mark as an eminent cybersecurity expert, enabling multiple organisations to ensure business resilience through risk management and information security programmes.
Mehta shares his views on democratisation of digital risk protection through careful analysis, innovation, and automation.
Digital transformation journeys differ in every organisation, but they share a common thread – data.
While the adoption of modern technologies creates opportunities for businesses and consumers, it also generates new risks that need to be addressed. The inability to balance digital transformation and cybersecurity challenges can adversely impact a business’s ability to grow and stay resilient. A key parameter of the success of the digital transformation process hinges on how data is collected, curated, secured, and managed for access through its life cycle.
Cyble is a global threat intelligence SaaS provider that helps enterprises protect themselves from cybercrimes and exposure in the Darkweb. Its prime focus is to provide organisations with real-time visibility to their digital risk footprint. Backed by Y Combinator as part of the 2021 winter cohort, Cyble has also been recognized by Forbes as one of the top 20 Best Cybersecurity Start-ups To Watch In 2020.
Headquartered in Alpharetta, Georgia, and with offices in Australia, Singapore, and India, Cyble has a global presence. To learn more about Cyble, visit www.cyble.com.
The need for democratised data platforms
Data security has undergone changes as a consequence of the digital transformation journey. For instance, data is now much more democratised. For collaborative deliverables and driving innovation, it is a necessity to have more democratized data platforms so that the appropriate teams/individuals can act on it as needed. Hence the need to build data platforms that enable the sources and tenants of data to integrate seamlessly.
The sheer volume of data that organisations are handling is exponential, with around 22 billion devices on the Internet of things (IoT) alone. Data in any form is being structured to gauge consumer behaviour patterns and drive business insights. This makes it necessary for organisations to refine their ability to store, retrieve, and query large volumes of data.
In addition, shifting to a digitally transformed ecosystem means that data can be integrated across internal and external systems. The extraction of data from one application to the next in a secure and seamless way presents its own set of security challenges and risks.
For a seamless experience and building trust with customers
As we transition into a digitally transformed ecosystem, organisations need to enable a seamless experience and build trust with customers. It makes it important for enterprises to exercise a zero-tolerance approach to system unavailability. Creating the right visibility and metrics to monitor and improve this experience is key to the transformation journey.
The inability to keep pace with the business development and the growing need for change leads to the resurgence of Shadow IT. In the event that the security does not evolve in tandem with digitally transformed model, employees may resort to Shadow IT to meet their productivity and collaboration needs. This adds to the innate risks that Shadow IT or ad hoc measures carry.
“The democratisation of data will necessitate an architecture-first approach to the data platforms to ensure the balance of scalability, performance, and security. Cybersecurity teams can build a frictionless security ecosystem around these data platforms”, says Mehta.
Additional risk considerations
Follow basic principles of authentication and authorisations such as maintaining the least user privileges, federations ensuring a frictionless experience, risk-based MFA, and establishing simple entitlement review processes.
As applications modernise, microservices become key to building products and bring the ability to integrate internal and external systems. API security best practices need to be adopted and evolve organically as businesses transition into an API economy. The flow of data between these internal and external systems needs to be managed from a cybersecurity perspective to limit or eliminate the exposure of a business’s assets, data, and services.
The proliferation of data and its sources, along with the evolving AI/ML models have enabled a more comprehensive view of cyber threat intelligence that businesses can leverage to manage security risks.
Rounding out the cyber risk aspect of moving to a digitally transformed business model, Beenu Arora, CEO and co-founder of Cyble, says, “In the Digital Transformation journey, the pace of change internally in these businesses and externally in the ecosystem, poses a challenge for security teams. Transformation of security teams to a more agile and experience-centered model will help in managing risk in this dynamic space.”
The information security triad of confidentiality, integrity, and availability needs to be reconsidered in the digital transformation journey. As businesses transform digitally, the perimeter or the total surface area of attack will also change radically. Building security into the journey will help ensure that data is available to unlock business value and elevate the customer experience while ensuring that businesses stay resilient to cyber-attacks.
(ThePrint ValueAd Initiative content is a paid for, sponsored article. Journalists of ThePrint are not involved in reporting or writing it.)