Top Banner
Executive Report Security Implications of the Accenture Technology Vision 2015
8

Security Implications of Accenture Technology Vision 2015 - Executive Report

Aug 06, 2015

Download

Technology

Welcome message from author
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
Page 1: Security Implications of Accenture Technology Vision 2015 - Executive Report

Executive Report

Security Implications of the Accenture Technology Vision 2015

Page 2: Security Implications of Accenture Technology Vision 2015 - Executive Report

The digital business era and the rapidly growing Internet of Things (IoT) are adding billions of devices and data connections between businesses, smart machines and consumers. As connections, data and interactions grow, security becomes an increasingly important and pervasive issue.

#techv i s i on2015

2

Page 3: Security Implications of Accenture Technology Vision 2015 - Executive Report

Leading businesses are stretching their boundaries

and creating the fabric that connects customers,

services and devices through the IoT1. Security

implications emerge that should be proactively

addressed by enterprises looking to operate in the

broad digital ecosystem and the “We Economy.”

Accenture Technology Labs identified five security

implications businesses should address to stretch

their digital boundaries:

Edge AutonomyEnabling autonomous devices at the edge

Data IntegrityMaking data-driven decisions at Internet of

Things scale

Big Data SecuritySecuring volume, variety and velocity

Security PlatformsMaximizing protection across digital

ecosystem platforms

Customer TrustBuilding customer trust in a digital economy

3

SECURITY IMPL ICAT IONS OF THE ACCENTURE TECHNOLOGY V IS ION 2015

Page 4: Security Implications of Accenture Technology Vision 2015 - Executive Report

Edge AutonomyMany of the smart devices entering the

marketplace are considered on the edge, such as

embedded sensors, smart meters and wearable

devices. These devices typically have fixed

functions, perform specific tasks and are set up

outside a business’ security perimeter. Some

devices connect directly to the Internet. Security

concerns for edge devices include physical

tampering, data integrity, device authentication

and privilege management.

What should organizations do? Enterprises using

edge devices must extend their security footprint

beyond their existing borders and take a holistic

approach to security planning before deploying

these types of devices. Options to evaluate include

physical protection, data encryption, network

access control, trust zones for device operation,

whitelisting for device access and intrusion

detection. Although edge devices are operating

with more autonomy, organizations must maintain

supervisory control over the devices. Security

planning should include breach scenarios

and recovery.

Data IntegrityEdge devices and the IoT generate increasingly larger

amounts of data for organizations to collect, process

and analyze. To reap the most benefit, enterprises

should ensure they can rely on the integrity of that

data. This becomes increasingly important as smart

tools trigger automatic action and make more

informed decisions.

What should organizations do? Data assurance is

key, and should be confirmed through every stage of

the data life cycle, from creation to disposal. For

devices that do not have effective security controls

built in, evaluate IoT gateways and agents to perform

these functions. Establish security policies for the

data to be collected, including how to handle

personal information. Data quality tools and audit

frameworks should scale to match the speed and

volume of operations. Remember to evaluate the

communications protocols being used; IoT protocols

offer different security capabilities, depending on the

underlying network protocol.

#techv i s i on2015

4

Page 5: Security Implications of Accenture Technology Vision 2015 - Executive Report

Big Data SecurityWith the exponential growth in data, it’s critical

for organizations to securely process and protect

what they collect. Many traditional database

management systems cannot scale to handle the

three Vs of big data: volume, acquisition velocity

and data variety. Large data repositories being

formed also become targets for attack. Some

cloud-based storage policies make it difficult to

use data encryption effectively because of an “all

or nothing” approach.

What should organizations do? Apply the

principles of information security across all aspects

of data collection and management. Processing

tools should be carefully evaluated for security

features. Consider the variety of data elements to

be collected; some may not be sensitive on their

own, but become so when combined with other

pieces of information. Segregate the data collected

based on sensitivity level and compliance

requirements, and protect that data with

attribute-based encryption. Secure big data

platforms and monitor the access to that data.

Evaluate products that offer end-to-end

data encryption.

Security PlatformsAs digital industry ecosystems develop with the IoT,

platform-based businesses offer opportunities for

growth and profitability. Digital platforms will

support machine-to-machine communications and

advanced analytics, with intelligent enterprises

benefitting from shared, cross-industry data. With

these platform capabilities, businesses must

increase their focus on security, leveraging the

platform to augment existing security intelligence.

Increased processing power, data science and

cognitive technology can help organizations

prepare for the growing wave of complex

cyber-attacks.

What should organizations do? Evaluate all digital

platforms, including cross-industry, for

vulnerabilities and monitor them for irregular

behavior. Select platforms that provide cyber-threat

assessment indicators. Threat modeling can help

organizations understand what adversaries might

target within the platforms. Identify security

threats from data collected from numerous systems

and devices into a broader ecosystem. Look for

changes in system performance or in customer

behavior that could signal threats. Use ecosystem

partners to brainstorm security challenges and

evaluate how the platform can monitor devices for

abnormal activity.

5

SECURITY IMPL ICAT IONS OF THE ACCENTURE TECHNOLOGY V IS ION 2015

Page 6: Security Implications of Accenture Technology Vision 2015 - Executive Report

Customer TrustTo succeed in the “Internet of Me” era, digital

businesses will need to deliver highly personalized

products and services, based on customers’ specific

habits and preferences. To meet these expectations,

businesses collect personally identifiable

information, and subsequently hold an increased

responsibility to protect the customer information

that is gathered. Organizations must apply more

stringent security measures to protect customers’

privacy, in order to build and maintain trust.

What should organizations do? Become

transparent about what data is collected and how

it will be used. Establish responsible data

management practices to protect the information.

When processing data, use privacy-preserving

analytics techniques. Innovative approaches can

appeal to privacy-wary customers, such as applying

enhanced services to protect customer data, using

anonymous services, or deploying global identity

validation services so customers have more control

over their data.

#techv i s i on2015

6

Page 7: Security Implications of Accenture Technology Vision 2015 - Executive Report

Forward-thinking business leaders who address the security implications of the broad digital ecosystem will be better positioned to capitalize on the growth opportunities available. Establish security approaches and potential threat responses with your business planning, to maximize protection across digital ecosystem platforms and build trust with both ecosystem partners and customers.

7

SECURITY IMPL ICAT IONS OF THE ACCENTURE TECHNOLOGY V IS ION 2015

Page 8: Security Implications of Accenture Technology Vision 2015 - Executive Report

Copyright © 2015 Accenture All rights reserved.

Accenture, its logo, and High Performance Delivered are trademarks of Accenture.

For more information:Prith Banerjee Managing Director, Accenture Technology R&D [email protected]

Lisa O’Connor Managing Director, Accenture Technology Labs Security R&D [email protected]

Malek Ben Salem Research & Development Principal,Accenture Security [email protected]

www.accenture.com/securityvision

About AccentureAccenture is a global management consulting, technology services and outsourcing company, with approximately 319,000 people serving clients in more than 120 countries. Combining unparalleled experience, comprehensive capabilities across all industries and business functions, and extensive research on the world’s most successful companies, Accenture collaborates with clients to help them become high-performance businesses and governments. The company generated net revenues of US$30.0 billion for the fiscal year ended Aug. 31, 2014. Its home page is www.accenture.com.

CONTACTS

1 The Accenture Technology Vision 2015 (http://www.accenture.com/us-en/Pages/insight-technology-vision-2015.aspx)