Products and Solutions

Managing the Future of Digital Risk

Feb 11, 2020 | by Ben Desjardins |

As RSA Conference 2020 fast approaches, I've been reflecting on my conversations with customers over the past year. This time last year, RSA established the notion of digital risk, the unwanted and often unexpected wake of risk that trails rapid adoption of technology and expansion of business digitalization. Twelve months later, there is the acceleration of the technology trends driving digital risk, an increased appetite to identify high impact use cases related to the underlying tenant of Digital Risk Management—specifically the data driven coordination between IT, security and risk management.

I rely upon several "listening posts" to guide my thinking on where markets are heading, none more important than the direct inputs of customers. Be they quantitative, qualitative, anecdotal or otherwise, the collective provides the rails on which the engine runs ... even if with the occasional switch change. This period of reflection on recent conversations acts as an important step in preparing to leverage interactions at RSA Conference to steer the next wave of discussion.

Naturally, the focus of customers sometimes overlaps and other times diverge. But the one area I see every single customer target is the challenge posed by speed. Accelerated adoption of new technologies and expanded use across the business is not new, but the speed with which CIOs, CISOs and other IT leaders are pressured to innovate and implement has reached new highs. Secondly, the speed of impact – both positive and negative – as technology touches parts of the business largely manual or non-integrated from an IT perspective. The net effect of these two elements of speed intersecting (or colliding) is more pressure on the teams responsible for risk identification, analysis and treatment.

There are clear areas emerging as needing to not only corral the challenge of speed but also address the foundational element of coordination across security and risk. Third-party risk continues to be one of the more top-of-mind yet simultaneously sprawling aspects of digital risk. Consider recent studies indicating that nearly two-thirds of data breaches involve a third-party vulnerability, while nearly 90% of organizations acknowledge third-parties host critical data or applications. Most of my conversations with customers on the Risk Management side drive the third-party risk discussion towards understanding who their vendors are, what critical data they might have, or what essential processes are reliant upon their sustainability. Worthy efforts, to be sure, but does not keep pace with the proliferation of security threats or incidents. In this mode, the CISO and his or her team end up ultimately accountable for the shortcomings of the vendor ecosystem. This drives a keen interest from CISO team to leverage real-time monitoring technologies to drive towards continuous, objective assessments.

This example, though prevalent, shouldn't be misinterpreted to mean either of the following: that digital risk is all about cyber, or that the risk teams struggle to keep pace with security. In the case of the latter, the opposite is also true. Consider the security team's struggle to maintain the pace of the risk or governance team's efforts in maintaining compliance with an exploding regulatory landscape. The challenge to keep pace with new regulation and the dynamics associated with everything from hosting to use of in-scope data has driven us to extend our long history around machine learning into the compliance arena using natural language processes and ML/AI to push automation into a mapping of requirements and controls.

The growing needs around expanded visibility, advanced technology for data analysis, a focus on modern digital tools and addressing modern digital risk challenges are all at the heart of our product announcements ahead of RSA Conference 2020.  For our customers focused on the digital imperative of increased consumer interaction, the RSA® Adaptive Authentication solution includes a set of enhancements aligning it with growing requirements like those in the Payments Services Directive 2 (PSD2) for implementing new standards to detect fraud in card-not-present transactions. RSA NetWitness® Platform added a series of enhancements that extend the automation capabilities for detecting and responding to network threats, including high fidelity detection leveraging advanced analytics in conjunction with packet-level visibility. As a long-standing leading platform for managing risk across the enterprise, RSA® Archer took another step in supporting the needs of customers with the availability of a SaaS deployment option that can reduce maintenance and upgrade cycles, freeing teams to focus on evolving their risk management function.

RSA Conference week always yields a fresh set of perspectives on both the evolving needs of customers and their thoughts on the vendor community's efforts to address them. I look forward to the process of hearing those inputs first-hand and leveraging to shape our evolving view on Digital Risk Management.  For a sense of our starting point as we head into those conversations, I encourage you to read our most recent edition of the Digital Risk Report, which is based on both the qualitative and quantitative inputs gathered over the past year.

# # #

Join the #TalkingDigitalRisk conversation on Twitter and social media by following @RSAsecurity

Learn more about how RSA NetWitness® Platform bolsters threat detection and incident response; how RSA® Archer SaaS delivers full suite of integrated risk management solutions; and how RSA® Adaptive Authentication for eCommerce improves fraud protection and user experience.

Attending RSA Conference 2020? Be sure and catch RSA at one of our many activities.