Lessons from NTUC Enterprise: Protecting diverse enterprise networks
MODERN organization in the digital era are not only growing in size but also in diversity — organizations often have a varied service portfolio with multiple business units.
While this is great in the business sense, to have multiple different revenue streams and various enterprises running concurrently, securing the group company’s network is quite a complex task to say the least.
According to Ian Loe, Senior Vice President, Cybersecurity at Singapore’s NTUC Enterprise Co-operative Limited, it is notably more tricky at a large conglomerate that is made up of various social enterprises with varying levels of maturity across multiple industries.
“It is hard to get uniformed security measures and also to use the same level of controls across all businesses,” Loe told Tech Wire Asia in an exclusive interview.The borderless environment calls for a zero trust approach
To support its portfolio, NTUC has adopted a host of strategies, which include the “shift left approach” to cybersecurity that puts more emphasis on the development of secure code and secure pipeline.
“With everything moving to the cloud, we are increasing our focus on the quality of the CI/CD pipeline and the code that is built with it. This also means investing in newer technologies like serverless security, next-generation code scanning, secure coding education, and improve monitoring capabilities,” said Loe.
Loe added that the creation of a Cybersecurity Centre of Excellence that is part of its digital transformation unit also helps to develop baseline policies, standards, and guidelines, to achieve a uniform security measure across the organization.
“Also, with the move to the borderless environment, we need to move towards a zero-trust architecture to enable our workforce to work anywhere, anytime, and yet maintain the right level of security controls. These are all very challenging areas to overcome,” Loe said.
The ‘zero trust’ approach to cybersecurity, which was introduced by analyst firm Forrester Research, is rooted in the principle of “never trust, always verify,” and moves away from the antiquated notion that everything on the inside of the enterprise network is safe.
In addition to that, NTUC is also looking at the extensive use of Managed Detection & Response (MDR) capabilities to help detect and respond to endpoint incidents with better efficiencies.
Augmenting these capabilities with a unified security operations center (SOC), according to Loe, allows NTUC to understand the threats better and determine how and where to invest their limited resources.
Read Full Article: