Bringing Transparency Across Cybersecurity Platforms
By Stephan Neumeier, Managing Director, Kaspersky Lab, APAC
Technology companies have sprung up essentially to solve valuable problems. There are tech firms that came about seeking to address the little difficulties that drive us crazy. Then there are those which choose to tackle the big issues that affect industries and communities around us.
Without a doubt, there are hundreds of diverse tech companies all over the world that came to be and still, a hundred more start-ups are emerging for precisely a host of other complications that need to be worked out.
In the world of technology, evolution is paramount to business resilience. But more changes are yet to unfold. The internet has connected the world and cybercrime has become borderless. The other continuum is one of openness. According to Gartner, an organization must decide, as part of its evolution in digital business, on the ultimate transparency of its services to its customers.
In a nutshell, cybersecurity companies need to approach openness with all its stakeholders through tangible and practical measures as it continues to develop improved solutions in the face of every-growing cyber attacks.
As if the sophisticated cyber threats are not enough challenges, supply-chain issues and the so-called balkanization in IT have also become the major hurdles for the security of today’s ultra-connected global landscape. To overcome these challenges in the industry today, the world needs trust and transparency in cybersecurity and companies will need to increase transparency in their products and business operations to earn and maintain trust.
Without even thinking about ROI, we have made a paradigm shift by planning to build transparency centres that enables foreign governments, regulators, enterprise stakeholders to inspect our source codes in these centres. This move would require a significant amount of investment and where other technology companies have limited or stopped the sharing of the source code of their products to foreign government and regulators, Kaspersky has moved forward to open itself up to assure integrity and trustworthiness of its solutions.
The Transparency Initiative also comes at a time when compliance to data privacy legislation such as the European Union’s General Data Protection Regulation (GDPR) is expected to reflect a fundamental change to the way in which companies and their employees handle personal information within their organizations where new processes and tighter protection of information will have to be strictly in place.
While the regulation itself doesn’t provide any guidelines for the selection or implementation of cybersecurity solutions, it does clearly underline the importance of adequate data protection – along with regular assessments and adjustments of security strategy. Cybersecurity solutions do not, on their own, ensure GDPR compliance for the companies using them. Their use can, however, assist companies processing personal data by offering effective measures for reducing the risks of a data breach, preventing security incidents and delivering enhanced visibility of the monitored infrastructure.
Moving forward, I recommend that users and customers start exercising better corporate governance by demanding more materials from vendors, particularly product disclosure information, in the course of RFP processes. This will help ensure that vendors are selected based on qualitative criteria and the delivery of products and services meets the expectations of applicable regulations on data privacy.
In the same vein, companies should be able to demonstrate real accountability and complete transparency with their offerings. Solving issues with technology are powerful. But even more powerful is having that technology provide transparency and visibility for all parties involved that will substantially change the way issues are resolved and business efficiencies are increased.
In this turbulent period in the industry, it is imperative that organizations increase their cooperation with their respective stakeholders even further. Whether in cybersecurity or any other business industry, proof and trust is essential and should be the foundation of any collaboration among individuals or enterprises working together. Understand the magnitude of the issue, consider the value of investing in solutions, and be willing to commit to effect long-term change.