The COVID19 pandemic has had a disruptive effect on the business operations of millions of enterprises worldwide. Many enterprises had to accelerate their digital transformation and to convert physical activities into digital ones. They also had to deploy new IT infrastructures and to re-engineer their business processes in a digital direction. Some of the changes are likely to be maintained following the end of the COVID19 era i.e., in the new normality. In this context, these changes will have a long-lasting impact on the security and risk management processes of modern businesses.
Security and risk management processes are vital to business operations and business continuity. They entail the tasks of identifying valuable assets, determining potential threats, and estimating the likelihood of events that could trigger the materialization of the identified threats. Moreover, they determine the criticality of the events and their overall impact on the enterprise. Finally, they score and prioritize various risks, while creating proper mitigation plans. In the post COVID19 era, security and risk management processes must consider the new enterprise environment that is characterized by increased digitalization, changing work patterns, and new organizational models and behaviours.
1. Security Decentralization
Once upon a time security functions were centralized within an organization. Their main objective was to create a secure perimeter around the organization that made it almost impossible for outsiders to invade and attack the enterprise. Additional measures were employed to protect the organization from insiders’ attacks. During the last year, companies have applied remote work practices at scale, including policies that boost remote interactions and collaboration with business partners. Hence, it is no longer enough to create a secure perimeter. Rather organizations must focus on more decentralized approaches for securing assets, notably approaches that account for remote workers and the assets they manage. Likewise, security and risk management must consider this highly decentralized environment.
2. Flexible Security Policies
Security policies are among the most important assets of modern organizations. It usually takes significant time to establish a proper security policy. It also requires significant effort to ensure that employees, clients, and other stakeholders abide by it. This is the main reason why security policies do not change frequently. This is bound to change in the COVID19 era and beyond, as enterprise environments have become volatile and unpredictable. As a prominent example, working patterns are constantly changing due to COVID19 measures and restrictions. Following the pandemic, many organizations are likely to retain this flexibility in working patterns and behaviours. Therefore, organizations must become flexible and agile in terms of their security policies. The latter are likely to change much more frequently than in the past. This will complicate tasks like security risk assessment and compliance auditing.
3. Virtual Organizations
The advent of globalization has come along with the concept of virtual organizations, which operate without geographical borders and administrative boundaries. It is for example possible for organizations to run production operations, sales, marketing, and accounting functions in completely different locations. Nevertheless, this virtualization was not the norm before the COVID19 pandemic. During the last year, this is gradually becoming popular: An increased number of organizations become more flexible and location independent. This provides a great deal of opportunities, yet it comes with new risks as well. Virtualization must therefore be considered when shaping the security management and risk management processes of modern enterprises.
4. Integration and Consolidation
COVID19 has accelerated the digital transformation of many enterprises, leading them to the deployment of new IT systems and processes. It has also led organizations to rethink and reengineer their existing processes towards optimizing operations and reducing costs. In this direction, many organizations have integrated and consolidated their security systems. Rather than managing different systems, vendors, and processes, they have opted to integrate existing systems into more unified security platforms. In this way, they have managed to reduce costs and to become more responsive to alerts from different channels. This consolidation is likely to continue during the post COVID19 era, as it leads to tangible business benefits. Organizations that have already started the consolidation of their security systems are likely to continue this integration journey. Moreover, enterprises that have not yet discovered the value of consolidation are also expected to ride the wave of security integration as well.
5. New Measures for Privacy and Data Protection
In recent years, the amount of data that are collected and managed by business enterprises is exploding. These data comprise a host of personal data, including users’ sensitive data. In this context, modern enterprises place privacy and data protection at the very top of their security management and risk management agendas. This is due to the need for complying with regulations (e.g., the European General Data Protection Regulation (GDPR)) and for protecting employees, customers and their brand image. In this direction, organizations will leverage emerging technologies for secure and confidential computing such as Edge Computing, federated learning, and homographic encryption. These technologies will empower the implementation of effective plans for mitigating privacy risks.
6. Identity Management
During the pandemic, citizens performed most of their transactions through digital channels. Likewise, processes for seamless exchange of data across organizations were implemented towards supporting end-to-end digital processes. For instance, citizens were able to share certificates and health records across different organizations without any need for physical processes. A key prerequisite for such integrated processes was the implementation of unified identity management processes across different systems and organizations. This was what enabled all citizens and organizations to securely access the information they needed regardless of time and their location. In this landscape, organizations have to rethink and prioritize identity management as a core security function. In the years to come, this will greatly affect security management processes, which will have to consider the resilience and robustness of identity management processes.
Overall, the COVID19 pandemic has accelerated the digital transformation of modern enterprises. It has also led them to a complete rethinking of their processes, including their security management, risk management and business continuity processes. Earlier paragraphs have highlighted some of the factors that have driven this rethinking. Businesses had better consider these factors in their post COVID19 security management and risk management methodologies.