SlideShare a Scribd company logo

Overcoming Security Shortcomings: Why Tech Companies Must Embrace a 360-Degree Perspective

Cognizant
Cognizant

Technology company leaders face a unique security challenge, as breaches not only impact their products and services but also their enterprise assets. Here is how they can take a comprehensive approach to addressing these challenges.

Technology
1 of 8
• Cognizant 20-20 Insights Overcoming Security Shortcomings: Why Tech Companies Must Embrace a 360-Degree Perspective Executive Summary Security Attacks Persist Companies across industries depend on products According to the Digital Forensics Association, created by technology vendors to run their between 2005 and 2011 U.S. businesses have infrastructure, enable communications, deliver publicly reported 3,765 security breach incidents, business and consumer applications, power costing more than $156 billion.1 mobile devices and facilitate social experiences. In many ways, these products have become the Each time a security breach is revealed by the nerve center for business, which makes them media, business leaders become more concerned highly visible targets for security threats — inten- about the vulnerabilities of their own organiza- tional or otherwise. tions in today’s always connected and available digital enterprise. Unauthorized sharing of digital Technology companies face security challenges information by Wikileaks and Anonymous made like any other business. But what makes it a sig- this abundantly clear. 2 Security breaches, whether nificant business concern is that security issues through security failure of an organization’s imple- also directly impact their products and services. mentation of its security or through a security This unique double whammy not only places their flaw within the technology company’s products enterprise assets at risk (including customer data, and services themselves, can result in millions in transaction data and intellectual property, etc.), financial losses. On top of the monetary impact, but also threatens the integrity of their products. negative publicity can have a serious impact on All this sets off painful and expensive reputa- brand and customer trust — not to mention the tional damage control exercises around patching potential to undermine competitive advantage, vulnerabilities, delivering product revisions and particularly if confidential corporate trade secrets restoring customer confidence. This white paper and intellectual property are exposed to rivals. discusses the unique challenges technology And if security glitches are not identified and industry business leaders must address to keep remediated quickly, companies are susceptible to their companies ahead of the game. It also further exploitation. Moving forward, technology provides a perspective on how a more compre- companies are expected to become a higher value hensive approach can help technology companies target for organized crime activities as infiltration address these challenges. of their Web-enabled products and services offers a potential windfall in illegally gained profits. cognizant 20-20 insights | november 2011
Forms of attack have evolved distinctly over the years. In the ‘80s, attacks were primarily targeted Tech Companies Hit by Security at the physical infrastructure layer where data Vulnerabilities since 2009 was stored on archival tapes. With the rise of the Internet and online communications in the ’90s, • Security failure in EDS’ RSA product networks became the target asset. At this time, cost customers an estimated $100 the concepts of security and compliance were an million. after-thought at best. Since • Hackers stole personal information The naïve view that 2000,and services, along with tions as Web-based applica- of 77 million members of the Sony “it won’t happen email, gained widespread Playstation Network in multiple waves, costing Sony $20 million in lost to us” needs to popularity, business vulner- revenue and much more in settlements. be jettisoned, and abilities virtual concentrated in the were environment. • A major data security breach at quickly, and replaced Finally, in the current decade, Monster.com led to the theft of with a clarion call to with the rise of social media usernames, passwords, and contact and personal information, and resulted action: “How do we and online private data personal and transactions, in the company spending $80 million stop it happening are the primary target asset to repair and improve its platform. to us?” of hackers seeking to exploit • Adobe Systems investigated incidents security vulnerabilities. involving sophisticated, coordinated attacks against corporate networks. Moreover, the primary threat of single hacker attacks on corporate data has shifted to concern over organized attacks from criminal elements or even from more sophisticated foreign powers. Your organization is a target, whether you know it or not. Today, technology companies must focus Technology companies face potential external on both the security and safety of their enterprise and internal security threats. Unsecured activities as well as the security and safety of their products such as email attachments, uncertified software and services. Proactive assessment of emerging downloads, Wi-Fi computing through mobile technologies and a forward vision of adoption devices, etc. can be just as lethal as intentional are vital to building robust security features. malicious attacks like SQL injections, cross-site The naïve view that “it won’t happen to us” scripting, brute force cryptography and unau- needs to be jettisoned, and quickly, and replaced thorized access. Traditional information systems with a clarion call to action: “How do we stop it and infrastructure relying on Web applications/ happening to us?” services, encryption, etc. are extremely sus- Security Risk Matrix Enterprise Internal Enterprise Risks Internal External Examples: Email Servers, Employee Enterprise Enterprise Mobile Phones. Risks Risks External Enterprise Risks External Internal Examples: Social Networks, B2B Network. Internal Product Risks Internal External Examples: Stolen Hardware, Stolen Code. Product Product Risks Risks External Product Risks Examples: Hacked Customer Accounts, SaaS Product Security. Product Figure 1 cognizant 20-20 insights 2 1
ceptible to various forms of security incursions. threats from an end-to-end perspective. This (Ask yourself, “why do organizations still use means creating a comprehensive threat and risk passwords to protect corporate assets” or “why landscape. Technology companies should not aren’t security policies strictly enforced?” The be overconfident that they have ensured that answer reflects how serious an organization is no security vulnerability has been introduced with protecting the assets under its control.) into their infrastructure or products, either by Adoption of new business virtualization models accident or on purpose. like SaaS, outsourcing, online transactions and mobile computing are based on on-demand and Challenges in Protecting ubiquitous provisioning of services and multi- Enterprise Assets tenancy/shared access to data and to application Security threats can extend beyond network/ services. These attributes greatly amplify vulnera- application outages or reputational defacement. bilities due to increased transactional, operational Many attacks are specifically targeted to steal and technical interconnectivities. If your security information. An enterprise is rich in valuable organization is struggling today, how effectively information assets that contribute to the strategy, can it adapt to the mounting challenges of these operations and delivery of its products and evolving technologies? services. Some information assets like customer account and personal details can have severe Furthermore, technology companies face threats legal and financial implications for the enterprise. that originate from security gaps in the very Leakage of assets such as confidential keynotes, products and services their companies create. fiscal plans, product road maps, leads and oppor- Vendors often give higher priority to product tunities, etc. can wipe out substantial revenue and features, customer experience, usability and share price in the short term; leakage of other aesthetics compared with security capabilities. assets such as intellectual property could cripple This results in hackers who exploit this security long-term viability. vulnerability. For technology vendors to fully assess vulnerabilities and potential threats, they As briefly covered in the previous section, existing must address all external and internal touchstone Security Vulnerabilities Within the Enterprise External Technology External Touchpoints Offerings & Channels Touchpoints Cloud-based Internal users Customer Portals products, services & infrastructure Sales Partner Portals Product Marketing/ Mobile services & Management/PR infrastructure Social Media Customer Support B2B Partners, Traditional Wikis, Content Distributors, products, services Management Supply Chain & infrastructure Areas of vulnerability Figure 2 cognizant 20-20 insights 3
Challenges in Protecting Enterprise Assets Fiscal plans, Customer credit/ Cloud Computing strategic bank details, Current Infrastructure � Virtualization introduces initiatives transaction data � Web applications, many interconnectivities Web services, encryption & vulnerabilities. highly prone to security attacks. Sales leads, Intellectual opportunities, property deals, discounts Partner list, Employee payroll, Mobile Computing partner profile, Regulations personal data � Devices capable of buying patterns � Dynamic regulations dictate running malwares. compliance to data structure, � Ability to avoid intrusion storage, security policies etc. detection systems. Product catalog, Enterprise content/ price lists knowledge base Figure 3 infrastructure technologies are extremely Securing the Enterprise with vulnerable. Most enterprises are connected to a Framework-based Approach the outside world through the Internet, VPNs, Security must be approached using a holistic B2B networks, etc. and unfortunately all of these perspective — both for the enterprise itself, as channels are susceptible to unauthorized and well as for the well-being of customers. There unauthenticated access. Virtual environments are two key aspects to consider when building a epitomized by cloud and mobile computing add to solution framework. One is to approach security these security challenges. as an enterprise asset feature; the other is to As a result of these challenges, enterprises are approach it from a product feature point of view impacted in three major areas (see Figure 4). (see Figure 5). Security Attacks’ Impact Brand and Operational Financial Impact Customer Impact Model Impact • Lost time in product devel- • Customer service issues • Impact to customer facing opment due to insufficient crop up, leading to issues in portals, newer business security assessments(s). customer satisfaction. models around SaaS deployment, etc. • Direct revenue impact due to • Branding suffers due to low lost product opportunities. customer satisfaction and • Security issues directly customer retention issues. impact scalability of Web • Impact due to delays in sites and could possibly lead product development. to blacklisting, etc. Figure 4 cognizant 20-20 insights 4
Enterprise Security Enablement Methodology Security as a Differentiators ‘key product feature’ � Security should be the central theme to both Security as a enterprise asset protection and product management. ‘key enterprise asset feature’ Methodology � Charter for enterprise & product security office. Organization Process � Clear criteria for confidentiality, authorization, authentication and non-repudiation. � Scalability and flexibility to new business models Policy Technology and emerging technologies. � Continuous vulnerability assessment & risk monitoring. Benefits � Robust enterprise brand, security and trust, growth. � Healthy and successful customer ecosystem. Figure 5 Foremost, clear policies and standards must be tingency planning and response, collaborative defined for security. These must consider the product lifecycle management, etc. must be built classification of information and the respective into the information systems environment. Fur- degree of their confidentiality. Furthermore, these thermore, these processes must be both flexible procedures should describe the set of personnel and scalable to ensure that security is delivered who may have access to the specific information even for new and disruptive and what procedures to follow when authenti- business models. To a large In order to ensure cating for access. In order to ensure executive extent, similar concepts of flex- oversight over enterprise and product security, ibility and scalability apply to executive oversight a dedicated organization with a specific security the adopted technologies as over enterprise and charter must be enabled. The organization should well. Emerging technologies product security, also be responsible for building the required must be constantly analyzed business process and technology capabilities and their current state must a dedicated to ensure security is a key requirement in every be dynamically assessed for organization with stage of operations. Most technology companies vulnerabilities. As the threat a specific security today have this group in place, but the emphasis landscape has continuously placed on the importance of this group varies. evolved, ask yourself if or how charter must be The emphasis usually changes after a security your organization’s approach enabled. attack or mishap. to security has changed in response to changing vulnerabilities. Is your orga- SMEs with appropriate domain expertise, nization ready for these new threats? program managers and analysts should own and have direct responsibility for the delivery We provide a security solution based on a proven of comprehensive security within their spheres framework that offers capabilities specific to an of influence. Specific processes, like continuous organization’s needs (see Figure 6). risk monitoring, vulnerability assessment, con- cognizant 20-20 insights 5
A Managed Services Security Framework Risk Management & Compliance ITIL, ISO 27001 Based Service Delivery Managed Security Services Framework Enterprise Monitor Assess Manage Security Information & Vulnerability Assessment Identity & Access Workflow & Reporting Event Management Penetration Testing Management plicat lica Application Business Continuity End-Point and Third-Party Enterprise Data Disaster Recovery Access Analysis Protection Services Incident Infrastructure/Config Network Security & System st System Incident Management Health Checks End Point Content Support Compliance and Security DR Configuration SDLC Security Program Monitoring Management & Testing Network etwor Network Emerging Technologies/ Use/Misuse Case Security as a New Business Model Analysis Analysis and Testing Requirement/Feature du Products Security Operations Center Figure 6 Why Cognizant? security design, security organization and industry certified service delivery models. We can provide a customized security solution based on our Managed Security Services Remember, there is no one answer for solving framework which can assist with discover- security vulneratibilities. There is no magic bullet ing areas of vulnerabilities in your enterprise for security! Securing an organization against across products/offerings, applications, networks today’s substained threats requires a diligent, and infrastructure that if gone unnoticed may well-thought-out and comprehensive security directly affect your business. Our global security program. Without a proper security program, any operations center can supplement your security organization is liable to become another negative monitoring and employ new technologies to help statistic. By improving your organization’s security maintain a watchful eye over your key assets. We posture, substantial internal and external benefits can help design, build, or improve your enterprise can be realized (see Figure 7). A Managed Services Security Framework Benefits for Technology Enterprises Benefits for Technology Customers • Increased brand value and reduced negative • Worry-free transactions protecting customer PR due to reduced impact of thwarted sensitive data like identity, credit/bank security attacks. details, buying patterns etc. • Reduced data theft, legal implications and • Increased profitability and branding due to financial loss. robust operations and thwarted security attacks. • Increased revenue due to robust and secure products. • Reduced impact to business operations. Figure 7 cognizant 20-20 insights 6
Looking Ahead Paying attention to and providing comprehensive security will separate leaders from laggards in the Dynamic and disruptive business models and software, high-tech and online industries. technologies will continue to emerge and it is imperative that technology enterprises acknowl- Start Today edge and embrace them. Unfortunately, the same powerful technologies are available to antisocial For more information on how to drive your elements as well and the online ecosystem business results, contact us at inquiry@cognizant. makes almost any enterprise — and specifically com or visit our website at: www.cognizant.com. technology enterprises — a vulnerable target. Footnotes 1 Digital Forensics Association, “The Leaking Vault - Six Years of Data Breaches,” August 2011. 2 http://en.wikipedia.org/wiki/Anonymous_(group) References Online Trust Alliance Customer Trust Online — Examining the role of experience with Websites Forrester Research, Inc. Web Hacking Incident Database (WHID) Reuters PR Newswire HP 2011 Cyber Security Risks Report Digital Forensics Association About the Authors Abhijeet Khadilkar is a Director with Cognizant Business Consulting, where he advises technology companies on sales enablement and business transformation. Abhijeet can be reached at Abhijeet.Khadilkar@cognizant.com. Tom Pai is a Manager with Cognizant Business Consulting and is focused on helping technology companies with customer experience, customer support strategy and enterprise technology business challenges. Tom can be reached at Tom.Pai@cognizant.com. Shabbir Ghadiali is a Manager with the Cognizant Business Consulting Practice and is focused on operations enablement of new business models, including cloud and mobile computing. He also spe- cializes in online retail, channels strategy, sales and service operations. Shabbir can be reached at Shabbir.Ghadiali@cognizant.com. Contributors The authors would like to recognize the contributions of Sriram Sundararajan, a Manager with Cognizant Business Consulting, Ananthakrishnan Sitarama, Director, Technology Vertical, and Jim Kates, who heads Cognizant’s IT Security Consulting Practice. cognizant 20-20 insights 7
About Cognizant Cognizant (NASDAQ: CTSH) is a leading provider of information technology, consulting, and business process out- sourcing services, dedicated to helping the world’s leading companies build stronger businesses. Headquartered in Teaneck, New Jersey (U.S.), Cognizant combines a passion for client satisfaction, technology innovation, deep industry and business process expertise, and a global, collaborative workforce that embodies the future of work. With over 50 delivery centers worldwide and approximately 130,000 employees as of September 30, 2011, Cognizant is a member of the NASDAQ-100, the S&P 500, the Forbes Global 2000, and the Fortune 500 and is ranked among the top performing and fastest growing companies in the world. Visit us online at www.cognizant.com or follow us on Twitter: Cognizant. World Headquarters European Headquarters India Operations Headquarters 500 Frank W. Burr Blvd. 1 Kingdom Street #5/535, Old Mahabalipuram Road Teaneck, NJ 07666 USA Paddington Central Okkiyam Pettai, Thoraipakkam Phone: +1 201 801 0233 London W2 6BD Chennai, 600 096 India Fax: +1 201 801 0243 Phone: +44 (0) 20 7297 7600 Phone: +91 (0) 44 4209 6000 Toll Free: +1 888 937 3277 Fax: +44 (0) 20 7121 0102 Fax: +91 (0) 44 4209 6060 Email: inquiry@cognizant.com Email: infouk@cognizant.com Email: inquiryindia@cognizant.com © Copyright 2011, Cognizant. All rights reserved. No part of this document may be reproduced, stored in a retrieval system, transmitted in any form or by any means, electronic, mechanical, photocopying, recording, or otherwise, without the express written permission from Cognizant. The information contained herein is subject to change without notice. All other trademarks mentioned herein are the property of their respective owners.

Recommended

Extending Function Point Estimation for Testing MDM Applications
Extending Function Point Estimation for Testing MDM ApplicationsExtending Function Point Estimation for Testing MDM Applications
Extending Function Point Estimation for Testing MDM ApplicationsCognizant
 
Innovative, Cloud-Based Order Management Solutions Lead to Enhanced Profitabi...
Innovative, Cloud-Based Order Management Solutions Lead to Enhanced Profitabi...Innovative, Cloud-Based Order Management Solutions Lead to Enhanced Profitabi...
Innovative, Cloud-Based Order Management Solutions Lead to Enhanced Profitabi...Cognizant
 
Flexibility in Software Development Methodologies: Needs and Benefits
Flexibility in Software Development Methodologies: Needs and BenefitsFlexibility in Software Development Methodologies: Needs and Benefits
Flexibility in Software Development Methodologies: Needs and BenefitsCognizant
 
How U.S. Telecoms Can More Effectively Convert Data to Foresight
How U.S. Telecoms Can More Effectively Convert Data to ForesightHow U.S. Telecoms Can More Effectively Convert Data to Foresight
How U.S. Telecoms Can More Effectively Convert Data to ForesightCognizant
 
Seizing Opportunities, Overcoming Productivity Challenges in the Virtually Co...
Seizing Opportunities, Overcoming Productivity Challenges in the Virtually Co...Seizing Opportunities, Overcoming Productivity Challenges in the Virtually Co...
Seizing Opportunities, Overcoming Productivity Challenges in the Virtually Co...Cognizant
 
Canadian Banking Industry: Performance and Perspectives
Canadian Banking Industry: Performance and PerspectivesCanadian Banking Industry: Performance and Perspectives
Canadian Banking Industry: Performance and PerspectivesCognizant
 
U.S. Lending Industry Meets Mortgage Process as a Service
U.S. Lending Industry Meets Mortgage Process as a ServiceU.S. Lending Industry Meets Mortgage Process as a Service
U.S. Lending Industry Meets Mortgage Process as a ServiceCognizant
 
Oil and Gas IT Game Plan
Oil and Gas IT Game PlanOil and Gas IT Game Plan
Oil and Gas IT Game PlanCognizant
 

Recommended

Extending Function Point Estimation for Testing MDM Applications
Extending Function Point Estimation for Testing MDM ApplicationsExtending Function Point Estimation for Testing MDM Applications
Extending Function Point Estimation for Testing MDM ApplicationsCognizant
 
Innovative, Cloud-Based Order Management Solutions Lead to Enhanced Profitabi...
Innovative, Cloud-Based Order Management Solutions Lead to Enhanced Profitabi...Innovative, Cloud-Based Order Management Solutions Lead to Enhanced Profitabi...
Innovative, Cloud-Based Order Management Solutions Lead to Enhanced Profitabi...Cognizant
 
Flexibility in Software Development Methodologies: Needs and Benefits
Flexibility in Software Development Methodologies: Needs and BenefitsFlexibility in Software Development Methodologies: Needs and Benefits
Flexibility in Software Development Methodologies: Needs and BenefitsCognizant
 
How U.S. Telecoms Can More Effectively Convert Data to Foresight
How U.S. Telecoms Can More Effectively Convert Data to ForesightHow U.S. Telecoms Can More Effectively Convert Data to Foresight
How U.S. Telecoms Can More Effectively Convert Data to ForesightCognizant
 
Seizing Opportunities, Overcoming Productivity Challenges in the Virtually Co...
Seizing Opportunities, Overcoming Productivity Challenges in the Virtually Co...Seizing Opportunities, Overcoming Productivity Challenges in the Virtually Co...
Seizing Opportunities, Overcoming Productivity Challenges in the Virtually Co...Cognizant
 
Canadian Banking Industry: Performance and Perspectives
Canadian Banking Industry: Performance and PerspectivesCanadian Banking Industry: Performance and Perspectives
Canadian Banking Industry: Performance and PerspectivesCognizant
 
U.S. Lending Industry Meets Mortgage Process as a Service
U.S. Lending Industry Meets Mortgage Process as a ServiceU.S. Lending Industry Meets Mortgage Process as a Service
U.S. Lending Industry Meets Mortgage Process as a ServiceCognizant
 
Oil and Gas IT Game Plan
Oil and Gas IT Game PlanOil and Gas IT Game Plan
Oil and Gas IT Game PlanCognizant
 
Using Adaptive Scrum to Tame Process Reverse Engineering in Data Analytics Pr...
Using Adaptive Scrum to Tame Process Reverse Engineering in Data Analytics Pr...Using Adaptive Scrum to Tame Process Reverse Engineering in Data Analytics Pr...
Using Adaptive Scrum to Tame Process Reverse Engineering in Data Analytics Pr...Cognizant
 
Data Modernization: Breaking the AI Vicious Cycle for Superior Decision-making
Data Modernization: Breaking the AI Vicious Cycle for Superior Decision-makingData Modernization: Breaking the AI Vicious Cycle for Superior Decision-making
Data Modernization: Breaking the AI Vicious Cycle for Superior Decision-makingCognizant
 
It Takes an Ecosystem: How Technology Companies Deliver Exceptional Experiences
It Takes an Ecosystem: How Technology Companies Deliver Exceptional ExperiencesIt Takes an Ecosystem: How Technology Companies Deliver Exceptional Experiences
It Takes an Ecosystem: How Technology Companies Deliver Exceptional ExperiencesCognizant
 
Intuition Engineered
Intuition EngineeredIntuition Engineered
Intuition EngineeredCognizant
 
The Work Ahead: Transportation and Logistics Delivering on the Digital-Physic...
The Work Ahead: Transportation and Logistics Delivering on the Digital-Physic...The Work Ahead: Transportation and Logistics Delivering on the Digital-Physic...
The Work Ahead: Transportation and Logistics Delivering on the Digital-Physic...Cognizant
 
Enhancing Desirability: Five Considerations for Winning Digital Initiatives
Enhancing Desirability: Five Considerations for Winning Digital InitiativesEnhancing Desirability: Five Considerations for Winning Digital Initiatives
Enhancing Desirability: Five Considerations for Winning Digital InitiativesCognizant
 
The Work Ahead in Manufacturing: Fulfilling the Agility Mandate
The Work Ahead in Manufacturing: Fulfilling the Agility MandateThe Work Ahead in Manufacturing: Fulfilling the Agility Mandate
The Work Ahead in Manufacturing: Fulfilling the Agility MandateCognizant
 
The Work Ahead in Higher Education: Repaving the Road for the Employees of To...
The Work Ahead in Higher Education: Repaving the Road for the Employees of To...The Work Ahead in Higher Education: Repaving the Road for the Employees of To...
The Work Ahead in Higher Education: Repaving the Road for the Employees of To...Cognizant
 
Engineering the Next-Gen Digital Claims Organisation for Australian General I...
Engineering the Next-Gen Digital Claims Organisation for Australian General I...Engineering the Next-Gen Digital Claims Organisation for Australian General I...
Engineering the Next-Gen Digital Claims Organisation for Australian General I...Cognizant
 
Profitability in the Direct-to-Consumer Marketplace: A Playbook for Media and...
Profitability in the Direct-to-Consumer Marketplace: A Playbook for Media and...Profitability in the Direct-to-Consumer Marketplace: A Playbook for Media and...
Profitability in the Direct-to-Consumer Marketplace: A Playbook for Media and...Cognizant
 
Green Rush: The Economic Imperative for Sustainability
Green Rush: The Economic Imperative for SustainabilityGreen Rush: The Economic Imperative for Sustainability
Green Rush: The Economic Imperative for SustainabilityCognizant
 
Policy Administration Modernization: Four Paths for Insurers
Policy Administration Modernization: Four Paths for InsurersPolicy Administration Modernization: Four Paths for Insurers
Policy Administration Modernization: Four Paths for InsurersCognizant
 
The Work Ahead in Utilities: Powering a Sustainable Future with Digital
The Work Ahead in Utilities: Powering a Sustainable Future with DigitalThe Work Ahead in Utilities: Powering a Sustainable Future with Digital
The Work Ahead in Utilities: Powering a Sustainable Future with DigitalCognizant
 
AI in Media & Entertainment: Starting the Journey to Value
AI in Media & Entertainment: Starting the Journey to ValueAI in Media & Entertainment: Starting the Journey to Value
AI in Media & Entertainment: Starting the Journey to ValueCognizant
 
Operations Workforce Management: A Data-Informed, Digital-First Approach
Operations Workforce Management: A Data-Informed, Digital-First ApproachOperations Workforce Management: A Data-Informed, Digital-First Approach
Operations Workforce Management: A Data-Informed, Digital-First ApproachCognizant
 
Five Priorities for Quality Engineering When Taking Banking to the Cloud
Five Priorities for Quality Engineering When Taking Banking to the CloudFive Priorities for Quality Engineering When Taking Banking to the Cloud
Five Priorities for Quality Engineering When Taking Banking to the CloudCognizant
 
Getting Ahead With AI: How APAC Companies Replicate Success by Remaining Focused
Getting Ahead With AI: How APAC Companies Replicate Success by Remaining FocusedGetting Ahead With AI: How APAC Companies Replicate Success by Remaining Focused
Getting Ahead With AI: How APAC Companies Replicate Success by Remaining FocusedCognizant
 
Crafting the Utility of the Future
Crafting the Utility of the FutureCrafting the Utility of the Future
Crafting the Utility of the FutureCognizant
 
Utilities Can Ramp Up CX with a Customer Data Platform
Utilities Can Ramp Up CX with a Customer Data PlatformUtilities Can Ramp Up CX with a Customer Data Platform
Utilities Can Ramp Up CX with a Customer Data PlatformCognizant
 
The Work Ahead in Intelligent Automation: Coping with Complexity in a Post-Pa...
The Work Ahead in Intelligent Automation: Coping with Complexity in a Post-Pa...The Work Ahead in Intelligent Automation: Coping with Complexity in a Post-Pa...
The Work Ahead in Intelligent Automation: Coping with Complexity in a Post-Pa...Cognizant
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Mark Simos
 
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionDilum Bandara
 

More Related Content

More from Cognizant

Using Adaptive Scrum to Tame Process Reverse Engineering in Data Analytics Pr...
Using Adaptive Scrum to Tame Process Reverse Engineering in Data Analytics Pr...Using Adaptive Scrum to Tame Process Reverse Engineering in Data Analytics Pr...
Using Adaptive Scrum to Tame Process Reverse Engineering in Data Analytics Pr...Cognizant
 
Data Modernization: Breaking the AI Vicious Cycle for Superior Decision-making
Data Modernization: Breaking the AI Vicious Cycle for Superior Decision-makingData Modernization: Breaking the AI Vicious Cycle for Superior Decision-making
Data Modernization: Breaking the AI Vicious Cycle for Superior Decision-makingCognizant
 
It Takes an Ecosystem: How Technology Companies Deliver Exceptional Experiences
It Takes an Ecosystem: How Technology Companies Deliver Exceptional ExperiencesIt Takes an Ecosystem: How Technology Companies Deliver Exceptional Experiences
It Takes an Ecosystem: How Technology Companies Deliver Exceptional ExperiencesCognizant
 
Intuition Engineered
Intuition EngineeredIntuition Engineered
Intuition EngineeredCognizant
 
The Work Ahead: Transportation and Logistics Delivering on the Digital-Physic...
The Work Ahead: Transportation and Logistics Delivering on the Digital-Physic...The Work Ahead: Transportation and Logistics Delivering on the Digital-Physic...
The Work Ahead: Transportation and Logistics Delivering on the Digital-Physic...Cognizant
 
Enhancing Desirability: Five Considerations for Winning Digital Initiatives
Enhancing Desirability: Five Considerations for Winning Digital InitiativesEnhancing Desirability: Five Considerations for Winning Digital Initiatives
Enhancing Desirability: Five Considerations for Winning Digital InitiativesCognizant
 
The Work Ahead in Manufacturing: Fulfilling the Agility Mandate
The Work Ahead in Manufacturing: Fulfilling the Agility MandateThe Work Ahead in Manufacturing: Fulfilling the Agility Mandate
The Work Ahead in Manufacturing: Fulfilling the Agility MandateCognizant
 
The Work Ahead in Higher Education: Repaving the Road for the Employees of To...
The Work Ahead in Higher Education: Repaving the Road for the Employees of To...The Work Ahead in Higher Education: Repaving the Road for the Employees of To...
The Work Ahead in Higher Education: Repaving the Road for the Employees of To...Cognizant
 
Engineering the Next-Gen Digital Claims Organisation for Australian General I...
Engineering the Next-Gen Digital Claims Organisation for Australian General I...Engineering the Next-Gen Digital Claims Organisation for Australian General I...
Engineering the Next-Gen Digital Claims Organisation for Australian General I...Cognizant
 
Profitability in the Direct-to-Consumer Marketplace: A Playbook for Media and...
Profitability in the Direct-to-Consumer Marketplace: A Playbook for Media and...Profitability in the Direct-to-Consumer Marketplace: A Playbook for Media and...
Profitability in the Direct-to-Consumer Marketplace: A Playbook for Media and...Cognizant
 
Green Rush: The Economic Imperative for Sustainability
Green Rush: The Economic Imperative for SustainabilityGreen Rush: The Economic Imperative for Sustainability
Green Rush: The Economic Imperative for SustainabilityCognizant
 
Policy Administration Modernization: Four Paths for Insurers
Policy Administration Modernization: Four Paths for InsurersPolicy Administration Modernization: Four Paths for Insurers
Policy Administration Modernization: Four Paths for InsurersCognizant
 
The Work Ahead in Utilities: Powering a Sustainable Future with Digital
The Work Ahead in Utilities: Powering a Sustainable Future with DigitalThe Work Ahead in Utilities: Powering a Sustainable Future with Digital
The Work Ahead in Utilities: Powering a Sustainable Future with DigitalCognizant
 
AI in Media & Entertainment: Starting the Journey to Value
AI in Media & Entertainment: Starting the Journey to ValueAI in Media & Entertainment: Starting the Journey to Value
AI in Media & Entertainment: Starting the Journey to ValueCognizant
 
Operations Workforce Management: A Data-Informed, Digital-First Approach
Operations Workforce Management: A Data-Informed, Digital-First ApproachOperations Workforce Management: A Data-Informed, Digital-First Approach
Operations Workforce Management: A Data-Informed, Digital-First ApproachCognizant
 
Five Priorities for Quality Engineering When Taking Banking to the Cloud
Five Priorities for Quality Engineering When Taking Banking to the CloudFive Priorities for Quality Engineering When Taking Banking to the Cloud
Five Priorities for Quality Engineering When Taking Banking to the CloudCognizant
 
Getting Ahead With AI: How APAC Companies Replicate Success by Remaining Focused
Getting Ahead With AI: How APAC Companies Replicate Success by Remaining FocusedGetting Ahead With AI: How APAC Companies Replicate Success by Remaining Focused
Getting Ahead With AI: How APAC Companies Replicate Success by Remaining FocusedCognizant
 
Crafting the Utility of the Future
Crafting the Utility of the FutureCrafting the Utility of the Future
Crafting the Utility of the FutureCognizant
 
Utilities Can Ramp Up CX with a Customer Data Platform
Utilities Can Ramp Up CX with a Customer Data PlatformUtilities Can Ramp Up CX with a Customer Data Platform
Utilities Can Ramp Up CX with a Customer Data PlatformCognizant
 
The Work Ahead in Intelligent Automation: Coping with Complexity in a Post-Pa...
The Work Ahead in Intelligent Automation: Coping with Complexity in a Post-Pa...The Work Ahead in Intelligent Automation: Coping with Complexity in a Post-Pa...
The Work Ahead in Intelligent Automation: Coping with Complexity in a Post-Pa...Cognizant
 

More from Cognizant (20)

Using Adaptive Scrum to Tame Process Reverse Engineering in Data Analytics Pr...
Using Adaptive Scrum to Tame Process Reverse Engineering in Data Analytics Pr...Using Adaptive Scrum to Tame Process Reverse Engineering in Data Analytics Pr...
Using Adaptive Scrum to Tame Process Reverse Engineering in Data Analytics Pr...
 
Data Modernization: Breaking the AI Vicious Cycle for Superior Decision-making
Data Modernization: Breaking the AI Vicious Cycle for Superior Decision-makingData Modernization: Breaking the AI Vicious Cycle for Superior Decision-making
Data Modernization: Breaking the AI Vicious Cycle for Superior Decision-making
 
It Takes an Ecosystem: How Technology Companies Deliver Exceptional Experiences
It Takes an Ecosystem: How Technology Companies Deliver Exceptional ExperiencesIt Takes an Ecosystem: How Technology Companies Deliver Exceptional Experiences
It Takes an Ecosystem: How Technology Companies Deliver Exceptional Experiences
 
Intuition Engineered
Intuition EngineeredIntuition Engineered
Intuition Engineered
 
The Work Ahead: Transportation and Logistics Delivering on the Digital-Physic...
The Work Ahead: Transportation and Logistics Delivering on the Digital-Physic...The Work Ahead: Transportation and Logistics Delivering on the Digital-Physic...
The Work Ahead: Transportation and Logistics Delivering on the Digital-Physic...
 
Enhancing Desirability: Five Considerations for Winning Digital Initiatives
Enhancing Desirability: Five Considerations for Winning Digital InitiativesEnhancing Desirability: Five Considerations for Winning Digital Initiatives
Enhancing Desirability: Five Considerations for Winning Digital Initiatives
 
The Work Ahead in Manufacturing: Fulfilling the Agility Mandate
The Work Ahead in Manufacturing: Fulfilling the Agility MandateThe Work Ahead in Manufacturing: Fulfilling the Agility Mandate
The Work Ahead in Manufacturing: Fulfilling the Agility Mandate
 
The Work Ahead in Higher Education: Repaving the Road for the Employees of To...
The Work Ahead in Higher Education: Repaving the Road for the Employees of To...The Work Ahead in Higher Education: Repaving the Road for the Employees of To...
The Work Ahead in Higher Education: Repaving the Road for the Employees of To...
 
Engineering the Next-Gen Digital Claims Organisation for Australian General I...
Engineering the Next-Gen Digital Claims Organisation for Australian General I...Engineering the Next-Gen Digital Claims Organisation for Australian General I...
Engineering the Next-Gen Digital Claims Organisation for Australian General I...
 
Profitability in the Direct-to-Consumer Marketplace: A Playbook for Media and...
Profitability in the Direct-to-Consumer Marketplace: A Playbook for Media and...Profitability in the Direct-to-Consumer Marketplace: A Playbook for Media and...
Profitability in the Direct-to-Consumer Marketplace: A Playbook for Media and...
 
Green Rush: The Economic Imperative for Sustainability
Green Rush: The Economic Imperative for SustainabilityGreen Rush: The Economic Imperative for Sustainability
Green Rush: The Economic Imperative for Sustainability
 
Policy Administration Modernization: Four Paths for Insurers
Policy Administration Modernization: Four Paths for InsurersPolicy Administration Modernization: Four Paths for Insurers
Policy Administration Modernization: Four Paths for Insurers
 
The Work Ahead in Utilities: Powering a Sustainable Future with Digital
The Work Ahead in Utilities: Powering a Sustainable Future with DigitalThe Work Ahead in Utilities: Powering a Sustainable Future with Digital
The Work Ahead in Utilities: Powering a Sustainable Future with Digital
 
AI in Media & Entertainment: Starting the Journey to Value
AI in Media & Entertainment: Starting the Journey to ValueAI in Media & Entertainment: Starting the Journey to Value
AI in Media & Entertainment: Starting the Journey to Value
 
Operations Workforce Management: A Data-Informed, Digital-First Approach
Operations Workforce Management: A Data-Informed, Digital-First ApproachOperations Workforce Management: A Data-Informed, Digital-First Approach
Operations Workforce Management: A Data-Informed, Digital-First Approach
 
Five Priorities for Quality Engineering When Taking Banking to the Cloud
Five Priorities for Quality Engineering When Taking Banking to the CloudFive Priorities for Quality Engineering When Taking Banking to the Cloud
Five Priorities for Quality Engineering When Taking Banking to the Cloud
 
Getting Ahead With AI: How APAC Companies Replicate Success by Remaining Focused
Getting Ahead With AI: How APAC Companies Replicate Success by Remaining FocusedGetting Ahead With AI: How APAC Companies Replicate Success by Remaining Focused
Getting Ahead With AI: How APAC Companies Replicate Success by Remaining Focused
 
Crafting the Utility of the Future
Crafting the Utility of the FutureCrafting the Utility of the Future
Crafting the Utility of the Future
 
Utilities Can Ramp Up CX with a Customer Data Platform
Utilities Can Ramp Up CX with a Customer Data PlatformUtilities Can Ramp Up CX with a Customer Data Platform
Utilities Can Ramp Up CX with a Customer Data Platform
 
The Work Ahead in Intelligent Automation: Coping with Complexity in a Post-Pa...
The Work Ahead in Intelligent Automation: Coping with Complexity in a Post-Pa...The Work Ahead in Intelligent Automation: Coping with Complexity in a Post-Pa...
The Work Ahead in Intelligent Automation: Coping with Complexity in a Post-Pa...
 

Recently uploaded

Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Mark Simos
 
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionDilum Bandara
 
SALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICESSALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICESmohitsingh558521
 
What is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfWhat is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfMounikaPolabathina
 
DSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningDSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningLars Bell
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsSergiu Bodiu
 
Generative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersGenerative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersRaghuram Pandurangan
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brandgvaughan
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsPixlogix Infotech
 
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxThe Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxLoriGlavin3
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .Alan Dix
 
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024BookNet Canada
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024Lonnie McRorey
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.Curtis Poe
 
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxDigital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxLoriGlavin3
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 3652toLead Limited
 
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Manik S Magar
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxhariprasad279825
 

Recently uploaded (20)

Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
 
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An Introduction
 
SALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICESSALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICES
 
What is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfWhat is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdf
 
DSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningDSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine Tuning
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platforms
 
Generative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersGenerative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information Developers
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brand
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and Cons
 
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxThe Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .
 
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.
 
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxDigital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365
 
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptx
 

Overcoming Security Shortcomings: Why Tech Companies Must Embrace a 360-Degree Perspective

  • 1. • Cognizant 20-20 Insights Overcoming Security Shortcomings: Why Tech Companies Must Embrace a 360-Degree Perspective Executive Summary Security Attacks Persist Companies across industries depend on products According to the Digital Forensics Association, created by technology vendors to run their between 2005 and 2011 U.S. businesses have infrastructure, enable communications, deliver publicly reported 3,765 security breach incidents, business and consumer applications, power costing more than $156 billion.1 mobile devices and facilitate social experiences. In many ways, these products have become the Each time a security breach is revealed by the nerve center for business, which makes them media, business leaders become more concerned highly visible targets for security threats — inten- about the vulnerabilities of their own organiza- tional or otherwise. tions in today’s always connected and available digital enterprise. Unauthorized sharing of digital Technology companies face security challenges information by Wikileaks and Anonymous made like any other business. But what makes it a sig- this abundantly clear. 2 Security breaches, whether nificant business concern is that security issues through security failure of an organization’s imple- also directly impact their products and services. mentation of its security or through a security This unique double whammy not only places their flaw within the technology company’s products enterprise assets at risk (including customer data, and services themselves, can result in millions in transaction data and intellectual property, etc.), financial losses. On top of the monetary impact, but also threatens the integrity of their products. negative publicity can have a serious impact on All this sets off painful and expensive reputa- brand and customer trust — not to mention the tional damage control exercises around patching potential to undermine competitive advantage, vulnerabilities, delivering product revisions and particularly if confidential corporate trade secrets restoring customer confidence. This white paper and intellectual property are exposed to rivals. discusses the unique challenges technology And if security glitches are not identified and industry business leaders must address to keep remediated quickly, companies are susceptible to their companies ahead of the game. It also further exploitation. Moving forward, technology provides a perspective on how a more compre- companies are expected to become a higher value hensive approach can help technology companies target for organized crime activities as infiltration address these challenges. of their Web-enabled products and services offers a potential windfall in illegally gained profits. cognizant 20-20 insights | november 2011
  • 2. Forms of attack have evolved distinctly over the years. In the ‘80s, attacks were primarily targeted Tech Companies Hit by Security at the physical infrastructure layer where data Vulnerabilities since 2009 was stored on archival tapes. With the rise of the Internet and online communications in the ’90s, • Security failure in EDS’ RSA product networks became the target asset. At this time, cost customers an estimated $100 the concepts of security and compliance were an million. after-thought at best. Since • Hackers stole personal information The naïve view that 2000,and services, along with tions as Web-based applica- of 77 million members of the Sony “it won’t happen email, gained widespread Playstation Network in multiple waves, costing Sony $20 million in lost to us” needs to popularity, business vulner- revenue and much more in settlements. be jettisoned, and abilities virtual concentrated in the were environment. • A major data security breach at quickly, and replaced Finally, in the current decade, Monster.com led to the theft of with a clarion call to with the rise of social media usernames, passwords, and contact and personal information, and resulted action: “How do we and online private data personal and transactions, in the company spending $80 million stop it happening are the primary target asset to repair and improve its platform. to us?” of hackers seeking to exploit • Adobe Systems investigated incidents security vulnerabilities. involving sophisticated, coordinated attacks against corporate networks. Moreover, the primary threat of single hacker attacks on corporate data has shifted to concern over organized attacks from criminal elements or even from more sophisticated foreign powers. Your organization is a target, whether you know it or not. Today, technology companies must focus Technology companies face potential external on both the security and safety of their enterprise and internal security threats. Unsecured activities as well as the security and safety of their products such as email attachments, uncertified software and services. Proactive assessment of emerging downloads, Wi-Fi computing through mobile technologies and a forward vision of adoption devices, etc. can be just as lethal as intentional are vital to building robust security features. malicious attacks like SQL injections, cross-site The naïve view that “it won’t happen to us” scripting, brute force cryptography and unau- needs to be jettisoned, and quickly, and replaced thorized access. Traditional information systems with a clarion call to action: “How do we stop it and infrastructure relying on Web applications/ happening to us?” services, encryption, etc. are extremely sus- Security Risk Matrix Enterprise Internal Enterprise Risks Internal External Examples: Email Servers, Employee Enterprise Enterprise Mobile Phones. Risks Risks External Enterprise Risks External Internal Examples: Social Networks, B2B Network. Internal Product Risks Internal External Examples: Stolen Hardware, Stolen Code. Product Product Risks Risks External Product Risks Examples: Hacked Customer Accounts, SaaS Product Security. Product Figure 1 cognizant 20-20 insights 2 1
  • 3. ceptible to various forms of security incursions. threats from an end-to-end perspective. This (Ask yourself, “why do organizations still use means creating a comprehensive threat and risk passwords to protect corporate assets” or “why landscape. Technology companies should not aren’t security policies strictly enforced?” The be overconfident that they have ensured that answer reflects how serious an organization is no security vulnerability has been introduced with protecting the assets under its control.) into their infrastructure or products, either by Adoption of new business virtualization models accident or on purpose. like SaaS, outsourcing, online transactions and mobile computing are based on on-demand and Challenges in Protecting ubiquitous provisioning of services and multi- Enterprise Assets tenancy/shared access to data and to application Security threats can extend beyond network/ services. These attributes greatly amplify vulnera- application outages or reputational defacement. bilities due to increased transactional, operational Many attacks are specifically targeted to steal and technical interconnectivities. If your security information. An enterprise is rich in valuable organization is struggling today, how effectively information assets that contribute to the strategy, can it adapt to the mounting challenges of these operations and delivery of its products and evolving technologies? services. Some information assets like customer account and personal details can have severe Furthermore, technology companies face threats legal and financial implications for the enterprise. that originate from security gaps in the very Leakage of assets such as confidential keynotes, products and services their companies create. fiscal plans, product road maps, leads and oppor- Vendors often give higher priority to product tunities, etc. can wipe out substantial revenue and features, customer experience, usability and share price in the short term; leakage of other aesthetics compared with security capabilities. assets such as intellectual property could cripple This results in hackers who exploit this security long-term viability. vulnerability. For technology vendors to fully assess vulnerabilities and potential threats, they As briefly covered in the previous section, existing must address all external and internal touchstone Security Vulnerabilities Within the Enterprise External Technology External Touchpoints Offerings & Channels Touchpoints Cloud-based Internal users Customer Portals products, services & infrastructure Sales Partner Portals Product Marketing/ Mobile services & Management/PR infrastructure Social Media Customer Support B2B Partners, Traditional Wikis, Content Distributors, products, services Management Supply Chain & infrastructure Areas of vulnerability Figure 2 cognizant 20-20 insights 3
  • 4. Challenges in Protecting Enterprise Assets Fiscal plans, Customer credit/ Cloud Computing strategic bank details, Current Infrastructure � Virtualization introduces initiatives transaction data � Web applications, many interconnectivities Web services, encryption & vulnerabilities. highly prone to security attacks. Sales leads, Intellectual opportunities, property deals, discounts Partner list, Employee payroll, Mobile Computing partner profile, Regulations personal data � Devices capable of buying patterns � Dynamic regulations dictate running malwares. compliance to data structure, � Ability to avoid intrusion storage, security policies etc. detection systems. Product catalog, Enterprise content/ price lists knowledge base Figure 3 infrastructure technologies are extremely Securing the Enterprise with vulnerable. Most enterprises are connected to a Framework-based Approach the outside world through the Internet, VPNs, Security must be approached using a holistic B2B networks, etc. and unfortunately all of these perspective — both for the enterprise itself, as channels are susceptible to unauthorized and well as for the well-being of customers. There unauthenticated access. Virtual environments are two key aspects to consider when building a epitomized by cloud and mobile computing add to solution framework. One is to approach security these security challenges. as an enterprise asset feature; the other is to As a result of these challenges, enterprises are approach it from a product feature point of view impacted in three major areas (see Figure 4). (see Figure 5). Security Attacks’ Impact Brand and Operational Financial Impact Customer Impact Model Impact • Lost time in product devel- • Customer service issues • Impact to customer facing opment due to insufficient crop up, leading to issues in portals, newer business security assessments(s). customer satisfaction. models around SaaS deployment, etc. • Direct revenue impact due to • Branding suffers due to low lost product opportunities. customer satisfaction and • Security issues directly customer retention issues. impact scalability of Web • Impact due to delays in sites and could possibly lead product development. to blacklisting, etc. Figure 4 cognizant 20-20 insights 4
  • 5. Enterprise Security Enablement Methodology Security as a Differentiators ‘key product feature’ � Security should be the central theme to both Security as a enterprise asset protection and product management. ‘key enterprise asset feature’ Methodology � Charter for enterprise & product security office. Organization Process � Clear criteria for confidentiality, authorization, authentication and non-repudiation. � Scalability and flexibility to new business models Policy Technology and emerging technologies. � Continuous vulnerability assessment & risk monitoring. Benefits � Robust enterprise brand, security and trust, growth. � Healthy and successful customer ecosystem. Figure 5 Foremost, clear policies and standards must be tingency planning and response, collaborative defined for security. These must consider the product lifecycle management, etc. must be built classification of information and the respective into the information systems environment. Fur- degree of their confidentiality. Furthermore, these thermore, these processes must be both flexible procedures should describe the set of personnel and scalable to ensure that security is delivered who may have access to the specific information even for new and disruptive and what procedures to follow when authenti- business models. To a large In order to ensure cating for access. In order to ensure executive extent, similar concepts of flex- oversight over enterprise and product security, ibility and scalability apply to executive oversight a dedicated organization with a specific security the adopted technologies as over enterprise and charter must be enabled. The organization should well. Emerging technologies product security, also be responsible for building the required must be constantly analyzed business process and technology capabilities and their current state must a dedicated to ensure security is a key requirement in every be dynamically assessed for organization with stage of operations. Most technology companies vulnerabilities. As the threat a specific security today have this group in place, but the emphasis landscape has continuously placed on the importance of this group varies. evolved, ask yourself if or how charter must be The emphasis usually changes after a security your organization’s approach enabled. attack or mishap. to security has changed in response to changing vulnerabilities. Is your orga- SMEs with appropriate domain expertise, nization ready for these new threats? program managers and analysts should own and have direct responsibility for the delivery We provide a security solution based on a proven of comprehensive security within their spheres framework that offers capabilities specific to an of influence. Specific processes, like continuous organization’s needs (see Figure 6). risk monitoring, vulnerability assessment, con- cognizant 20-20 insights 5
  • 6. A Managed Services Security Framework Risk Management & Compliance ITIL, ISO 27001 Based Service Delivery Managed Security Services Framework Enterprise Monitor Assess Manage Security Information & Vulnerability Assessment Identity & Access Workflow & Reporting Event Management Penetration Testing Management plicat lica Application Business Continuity End-Point and Third-Party Enterprise Data Disaster Recovery Access Analysis Protection Services Incident Infrastructure/Config Network Security & System st System Incident Management Health Checks End Point Content Support Compliance and Security DR Configuration SDLC Security Program Monitoring Management & Testing Network etwor Network Emerging Technologies/ Use/Misuse Case Security as a New Business Model Analysis Analysis and Testing Requirement/Feature du Products Security Operations Center Figure 6 Why Cognizant? security design, security organization and industry certified service delivery models. We can provide a customized security solution based on our Managed Security Services Remember, there is no one answer for solving framework which can assist with discover- security vulneratibilities. There is no magic bullet ing areas of vulnerabilities in your enterprise for security! Securing an organization against across products/offerings, applications, networks today’s substained threats requires a diligent, and infrastructure that if gone unnoticed may well-thought-out and comprehensive security directly affect your business. Our global security program. Without a proper security program, any operations center can supplement your security organization is liable to become another negative monitoring and employ new technologies to help statistic. By improving your organization’s security maintain a watchful eye over your key assets. We posture, substantial internal and external benefits can help design, build, or improve your enterprise can be realized (see Figure 7). A Managed Services Security Framework Benefits for Technology Enterprises Benefits for Technology Customers • Increased brand value and reduced negative • Worry-free transactions protecting customer PR due to reduced impact of thwarted sensitive data like identity, credit/bank security attacks. details, buying patterns etc. • Reduced data theft, legal implications and • Increased profitability and branding due to financial loss. robust operations and thwarted security attacks. • Increased revenue due to robust and secure products. • Reduced impact to business operations. Figure 7 cognizant 20-20 insights 6
  • 7. Looking Ahead Paying attention to and providing comprehensive security will separate leaders from laggards in the Dynamic and disruptive business models and software, high-tech and online industries. technologies will continue to emerge and it is imperative that technology enterprises acknowl- Start Today edge and embrace them. Unfortunately, the same powerful technologies are available to antisocial For more information on how to drive your elements as well and the online ecosystem business results, contact us at inquiry@cognizant. makes almost any enterprise — and specifically com or visit our website at: www.cognizant.com. technology enterprises — a vulnerable target. Footnotes 1 Digital Forensics Association, “The Leaking Vault - Six Years of Data Breaches,” August 2011. 2 http://en.wikipedia.org/wiki/Anonymous_(group) References Online Trust Alliance Customer Trust Online — Examining the role of experience with Websites Forrester Research, Inc. Web Hacking Incident Database (WHID) Reuters PR Newswire HP 2011 Cyber Security Risks Report Digital Forensics Association About the Authors Abhijeet Khadilkar is a Director with Cognizant Business Consulting, where he advises technology companies on sales enablement and business transformation. Abhijeet can be reached at Abhijeet.Khadilkar@cognizant.com. Tom Pai is a Manager with Cognizant Business Consulting and is focused on helping technology companies with customer experience, customer support strategy and enterprise technology business challenges. Tom can be reached at Tom.Pai@cognizant.com. Shabbir Ghadiali is a Manager with the Cognizant Business Consulting Practice and is focused on operations enablement of new business models, including cloud and mobile computing. He also spe- cializes in online retail, channels strategy, sales and service operations. Shabbir can be reached at Shabbir.Ghadiali@cognizant.com. Contributors The authors would like to recognize the contributions of Sriram Sundararajan, a Manager with Cognizant Business Consulting, Ananthakrishnan Sitarama, Director, Technology Vertical, and Jim Kates, who heads Cognizant’s IT Security Consulting Practice. cognizant 20-20 insights 7
  • 8. About Cognizant Cognizant (NASDAQ: CTSH) is a leading provider of information technology, consulting, and business process out- sourcing services, dedicated to helping the world’s leading companies build stronger businesses. Headquartered in Teaneck, New Jersey (U.S.), Cognizant combines a passion for client satisfaction, technology innovation, deep industry and business process expertise, and a global, collaborative workforce that embodies the future of work. With over 50 delivery centers worldwide and approximately 130,000 employees as of September 30, 2011, Cognizant is a member of the NASDAQ-100, the S&P 500, the Forbes Global 2000, and the Fortune 500 and is ranked among the top performing and fastest growing companies in the world. Visit us online at www.cognizant.com or follow us on Twitter: Cognizant. World Headquarters European Headquarters India Operations Headquarters 500 Frank W. Burr Blvd. 1 Kingdom Street #5/535, Old Mahabalipuram Road Teaneck, NJ 07666 USA Paddington Central Okkiyam Pettai, Thoraipakkam Phone: +1 201 801 0233 London W2 6BD Chennai, 600 096 India Fax: +1 201 801 0243 Phone: +44 (0) 20 7297 7600 Phone: +91 (0) 44 4209 6000 Toll Free: +1 888 937 3277 Fax: +44 (0) 20 7121 0102 Fax: +91 (0) 44 4209 6060 Email: inquiry@cognizant.com Email: infouk@cognizant.com Email: inquiryindia@cognizant.com © Copyright 2011, Cognizant. All rights reserved. No part of this document may be reproduced, stored in a retrieval system, transmitted in any form or by any means, electronic, mechanical, photocopying, recording, or otherwise, without the express written permission from Cognizant. The information contained herein is subject to change without notice. All other trademarks mentioned herein are the property of their respective owners.