Executive Roundtable: The CISO's Role in Digital Transformation

The benefits of digital transformation are vast, however, it opens up a whole new level of security concerns. Companies are realizing that their cybersecurity risk surface has greatly expanded across new cloud, mobile, and next-generation database technologies. As threat actors evolve their tactics and target business-critical applications specifically, CISOs face an even greater challenge of keeping their companies safe.

Cybersecurity leaders from Optiv, NightDragon, Levi Strauss & Co. and Onapsis came together for a roundtable to examine the latest security methods including SAP and ERP risk assessment, ERP hardening, and attack surface reduction.

We’re seeing a lot of transition of SaaS-based applications, ERP, CRM, HR apps. As C-Suite leaders, can you talk about how this SaaS application growth is impacting your organizations?

Steve Zalewski, Former CISO, Levi Strauss & Co.: Digital transformation creates a heightened responsibility to enable businesses to fail fast, but for security not to fail. Doing it in a way where the business is now more enabled to use resources that are not within IT. It’s almost a double whammy because I now have to do something that is a little foreign to me, and I don’t necessarily have a key IT partner to be able to do that. What that really comes down to is third-party risk. When you look at SAP in the cloud, we have to leverage third-party vendors to be able to provide services to secure the business while it tries to move even faster.

How have the applications of organizations you’ve worked with expanded and changed over the last two years?

Dave Dewalt, Founder, NightDragon: These last 12-18 months have been a perfect storm. One of the things I’ve witnessed is an incredible inertia of digital transformation. In one of my companies, we cloud-modernized 95% of all of our applications—we literally shipped and lifted those applications into the cloud, into a multi-cloud framework. With this accelerated shift to an incredibly dynamic environment, there was a bit of a visibility problem and we even had some of our business-critical applications exposed. The current threat environment is at a very dangerous place right now.

What actions can CISOs take to prepare?

Kevin Lynch, CEO, Optiv: We’ve invested a ton in digital transformation across the board. One of the challenges we faced is that ERP has been treated more at an arm’s length rather than being considered critical in terms of issues for remediation and security profiling. It’s time to change and break the way it’s done today. To bring security earlier and deeper into the conversation. It’s time to start incorporating business-critical applications into your Incident Response, your playbooks, tabletop exercises, etc. It’s time to look at the trust-based relationships between your SSO environments, your identity access, and identity governance and start to make sure that you’re really making those robust, between not only the balance of your corporate infrastructure, but your apps and the ERP environment and then diving down into the ERP and apps themselves.

Listen to the rest of the session here.

Additional Resources

  • As a leader in the business-critical applications security market, Onapsis is a proven business partner to have on your side. Learn how we can help.
  • Secure your business-critical applications. Here are five reasons why you need vulnerability management capabilities for SAP, Oracle, and other enterprise systems.
  • What’s needed to protect your organization’s business-critical applications from the looming threat of ransomware? That’s exactly what SAP and Onapsis will seek to address here.