While information-centric security practice is still the dominant responsibility of most security organizations today, it doesn’t take into account the increasing impact of technology use in other areas of business, both by the organization and by the supply chains that service them. As IT security requirements grow to encompass the “edge” of most organizations, broader cybersecurity needs grow to include cyberphysical needs, as well.
Digital business offers enterprises unprecedented opportunities, along with new risks. Two key characteristics of digital business are challenging conventional IT control:
- As the business claims increasing autonomy in deploying new digital technologies, it degrades the authority of the central IT organization.
- The dramatic increase in the number of elements (for example, systems, devices, things, data and dynamic relationships) exposes scalability issues with many traditional security control solutions.
This reality challenges the status quo in information risk and security management. Many conventions and technologies on which risk and security practices have been based do not scale in the new reality.