Waves Of Change In Security: Fear To Foresight

NS Srivathsa, Engineering Director, Unisys | Friday, 10 January 2020, 11:19 IST

NS Srivathsa, Engineering Director, UnisysThe last few years have seen continuous waves of change from a security perspective - at all levels, be it individual, organization, society or country. There can be multiple ways to look at the changes, adaption and impact. For the sake of this article, I will use the following elements:

• Key drivers of change – like new threats and new technologies, new use cases, new possibilities, etc.

• Ripple effects - new possibilities, leading to new use cases, new threats, newer technologies, and newer regulations

Levels – From Individuals, to Organization, to Society, and Country, at every level, there has been tremendous pressure to understand the changes, adapt to them and keep pace with the changing landscape. Despite tiding over one wave of change, there is a risk of missing the next one which follows rapidly. Some of these changes have been quite disruptive. This article tries to think about both Capability and Character needed, irrespective of the level, to deal with the changes. It dwells on how we feel about the new changes that are coming in, and what we do. It also looks at the journey from Fear to Foresight as a combination of the right feeling and right action.

Waves of Change

If the domain of security is an ocean, the waves of change emanating have been continuous with high tides.

For an individual, a number of areas have undergone radical transformation in the last few years, affecting the concept of Security.

• Key drivers of change (examples)

Waves Of Change In Security: Fear To Foresight

1. Threats – around issues like Identity and Privacy. According to the Unisys Security Index survey in 2019, about 69% of consumers are more concerned about being victims of Identity theft than other risks like physical harm or natural disaster.

2. Technologies - Smart devices including wearables are an example of new technologies bringing in new possibilities.

3. Use Cases - The pace at which money transactions went digital, the use of mobile for payments, the linking of identity to mobile, a large population getting used to multi-factor authentication

• Ripple Effects - regulation on cryptocurrency is an example of the need for the government to step in.

A lot of people have surfed these changes successfully, some with incomplete understanding. This momentum will only see more products and services adding convenience to our lives.

For a significant number of people who haven’t embraced many of these changes, the learning deficit will only grow with time, so will the fear associated with these technologies as well as use cases.

For an Organization, the definition and scope of security itself has undergone multiple changes.

• Key drivers of change (examples) –

1. Technologies - movement to the cloud, permeability of user devices, software defined infrastructures, everything as a service, etc.

2. Use Cases – Use Cases have changed a lot around how people access resources. For both internal and external users, there has been a lot of move towards simplifying use cases, in tune with the technology advances.

3. Threats - The attack surfaces have increased and the boundaries have started to become thinner. The nature of attacks have changed, increasing what’s at stake, bringing more focus to a Zero Trust based approach to security.

• Ripple Effects - To respond to the technology and use case changes, there are a lot of regulatory changes (like GDPR) which the organization must comply with for both its products and services.

Thus, the organization must absolutely stay on top of disruptive changes in security to cope with the changing needs of users and regulations. Although organizations are relatively better structured and equipped to recognize opportunities and deal with change, it is still challenging to continuously deal with disruptive changes and demonstrate strategic agility. An organizational leader should be able to look beyond the organization, understand disruption that happens at various levels, anticipate changes, predict what’s coming and shape the organization’s security strategy and tactics.

For the Society, there has been rapid embracement of digital technologies in the last decade, radically changing the nature of how we look at information and consume them.

• Key drivers of change (examples) –

1. Technologies – Penetration of smart phones, Social Media, 3G/4G, etc.

2. Threats - concerns around privacy, role of social media, influence of news and views.

• Ripple effects – focus has been on regulation of information, which can be used to collectively influence societal choices and outcomes.

There are two kinds of people in society – the ones that have embraced technologies and social media and the others who have not. This creates two different virtual worlds of beliefs, opinions and choices. Even at the societal level, the learning curve deficit keeps accumulating, making the entire gamut of technologies very alien. Security wise, the threats are more fundamental – of influence and control.

For the nation, the rapid penetration of technologies and availability has fundamentally increased the scope of what to secure and defend.

• Key drivers of change (examples) –

1. Technologies – the sudden emergence of drones as a commoditized technology giving rise to newer threats and possibilities. Rapid emergence of cryptocurrency, and the potential threats to currency.

2. Threats – the assets under threat move beyond physical – to social, financial and digital

• Ripple Effects – a good example is the DigitalSky initiative by the government to regulate usage and tracking of drones. Another example is the government stepping in with regulations around cryptocurrency.

The government is often challenged to make swift changes to the policies and frameworks that help the country to embrace technology changes with minimal security issues and threats. With the increase in electronic assets every day, the government must create strategies to cope with newer threats, including cyberwars. Hence, the pressure at a national level to understand, assimilate, embrace and define is consistent in the last few years.

Dealing with the changes – matter of both Capability and Character

Irrespective of the level, the risk of not keeping in pace with these disruptive changes is obvious:

• Not being connected enough to the drivers of changes will introduce fear about the uncertainties associated with the changes.

• Not developing early knowledge, enough to act on these changes might make us a victim of these changes

The right approach is to address how we feel about the changes and how we act towards them. Picture 1 captures both the feeling and action around changes on a scale. It is a combination of both Capability and Character.

How you feel about the drivers of change is indicated on the Y-Axis. In the absence of any interest or exposure to the change could be indicated as fear, which is on the negative axis.

A good change is to transition from ‘fear’ to ‘caution’ on how you feel about the change. Being more ‘curious’ will move you towards being ‘confident’ about the changes.

Once you start ‘watching’ the trends and changes, the eagerness to check out the use cases or adapt to the new technologies will begin. Eventually, when you see opportunities that exist around the drivers of change, you will be able to ‘create’ products, technologies or services to address them.

The combination of what you feel v/s what you do about various drivers of change and the opportunities around them will lend a natural foresight on what will happen across multiple layers. On the diagram, your path from fear to foresight can traverse through any of the blocks. The colored lines show sample paths. It is a combination of Capability and Character that will take you from the Fear of being a victim towards enough Foresight to benefit from the changes, and also influence them.

Eventually, you will start being adept at welcoming disruptions and benefiting from them because there are more to come.

Don't Miss ( 1-5 of 25 )