Partnership and automation are the keys to a secure data kingdom in an increasingly digital and cloud-based marketplace, according to the technology giant.
As a 21st-century technology company, Xerox Corp. (NYSE: XRX) recognizes the challenges and opportunities presented by the ascendance of the Internet of Things (IoT).
As the maker of so many of the “things” that have come online — from printers and scanners to all manner of digitally enabled and connected office equipment — the company has learned data-security lessons on the front lines. And it is now in a position to share its experience with its customers. To do so, Xerox is forming relationships with other security leaders, while helping customers understand how they can thrive in the virtual world and withstand the daily proliferation of security threats.
The company’s cybersecurity leaders include Chief Information Security Officer Alissa Johnson, Ph.D., who in January led Xerox’s cybersecurity summit at the New York Stock Exchange. That summit was focused on the incredible scope of the data-security challenge: billions of connected devices, a geometric increase in the amount of data, and an unknown but growing population of hackers.
We have to accept the blurring of lines and provide great security controls around data.Alissa Johnson, Ph.D., chief information security officer.
To take on this challenge, Xerox is banking on human ingenuity, effective partnership, data prioritization and smart deployment of automation to keep business a few steps ahead of the bad actors. Johnson says the process of safeguarding data begins with security experts, who have to adjust their data-security practices to keep up with changing threats and the need to satisfy their respective corporate cultures, but who also must change that culture.
Managing The Data That Travels
One important concession to the realities of business is what Johnson refers to as the “blurring of the lines” between personal and professional uses of data. As data travels between personal and business endpoints, and workers expect to access critical information conveniently outside the office, protecting data becomes still more complex and more essential. “We have to accept the blurring of lines and provide great security controls around our data,” says Johnson.
Security controls begin with prioritizing and tagging the most important data, and providing rock-solid encryption around it. “We have to stop thinking in terms of a boundary around our networks, because now networks have no boundaries,” Johnson says. “People forward business data to their personal devices on a regular basis now. If technologists don’t have a way of stopping that, we need more security around the data.”
The means of data protection, such as tagging, VPNs and encryption, can differ depending on the needs of the enterprise. But without a system backed up by strong governance, she argues, the critical piece of enterprise security is missing.
Automation Needed Yesterday
For security experts, one of the biggest challenges is to provide more security for ever-more-complicated networks despite a shortage of trained experts to keep up with the security necessities, such as patching, port monitoring, password updates and other routine but critical elements. That’s where automation comes in, says Garland Nichols, Ph.D., Xerox vice president of worldwide information security, who adds that automation “can simplify our processes and help increase our security posture.”
The successful use of automation in data security depends on what Johnson calls “cognitive security”: Automation and artificial intelligence (AI) need to take over basic network monitoring and free up security professionals for more complex tasks and thinking.
Talent, Johnson says, needs to be pulled away from “babysitting data centers and blinking lights, and focus on high-risk, high-opportunity data that gives the user a richer, higher-level experience.” It will ultimately be technology, she says, that resolves the Catch-22 presented by expanding security needs and insufficient labor.
Partners For Security And Seamless Functionality
Quality decision-making of the human variety informs another critical component of any security solution, says Nichols: choosing the right partners. For security vendors and their customers alike, it’s not enough to find partners with the knowledge and tools the in-house staff lacks.
“A security solution is not just about securing a device,” says Johnson. “It has to integrate seamlessly with existing infrastructure. We can talk about all the innovation and security we’re putting inside a device, but if a customer has to disconnect or disable some rich functionality we put in, then it really means nothing.”
Xerox believes its partnerships with security leaders are critical to ensuring that its products work well within trusted networks. But partnership doesn’t end with selecting the providers of software and infrastructure. Johnson stresses the need to keep seeking partnerships that see their industry “through the lens of data security and data ownership. If you look at things from the data layer, you think up a different road map.”
Fitting Security Into The Big Picture
Johnson says that enterprises need a greater understanding of the ebb and flow of their security operations, which may open the door to more consumption-based models. “I may not need certain security resources all the time every day,” she explains. As a result, a software-as-a-service model may work better for companies that need more pricing flexibility or that need an expert only to chart out their security solution, rather than to keep it running.
“I might want 15 security experts today, and by the end of the year, I might need just five,” Johnson says.
Ultimately, solving the security puzzle for most enterprises comes down to strategic deployment of automation to free up human capital, Johnson says. But security experts need to facilitate that process, she adds, by helping to explain how security organizations can reduce costs through automation and refining a pay-as-you-go model.