Modernizing Nonstop Environments Without Sacrificing Security

Global Nonstop customers may be facing challenging macroeconomic and geopolitical conditions. But that isn’t holding back the irresistible push for digital transformation. If anything, it’s making it even more urgent. Modernizing the IT environment is in many cases a business imperative—driven by the need to make processes more efficient, customer experiences more seamless, and decision making more data driven.

Yet security is often a roadblock when it comes to change, whether intentionally or not. Nonstop businesses running siloed key management systems may find that heightened security and compliance risks, and integration/upgrade challenges, stand in the way of progress.

Why we need key management

Key management is often overlooked. In fact, it’s a critical foundation of modern cybersecurity—keeping online customers safe, logins secure, and data out of the reach of thieves and extortionists.

It’s never been more important. In the UK last year, three-quarters of large businesses suffered a security breach, while in the US, over 3,100 separate data compromise incidents led to nearly 1.4 billion breach notifications being mailed to victims.

AI is only making it easier for threat actors to compromise organizations. UK government experts warned earlier this year that the technology would “almost certainly continue to make elements of cyber intrusion operations more effective and efficient, leading to an increase in frequency and intensity of cyber threats.”

The cost of a data breach may have fallen for the first time in five years, but it remains a significant $4.4m on average—rising potentially many times that if part of a ransomware attack. A recent ransomware breach at storied UK retailer M&S is estimated to have cost the firm £300m ($398m).

That’s not to mention the reputational damage and compliance fallout from such incidents. The regulatory net is closing ever tighter around the world’s largest organizations, with NIS2, DORA and GDPR in the EU and various state-level data protection laws in the US, following the CCPA’s lead.

Against this backdrop, Nonstop customers know they must modernize to stay competitive. That means migrating to hybrid cloud environments and developing cloud-native apps to meet customer demands for more compelling experiences, and business demands for lower operational costs and analytics-driven insight.

Dealing with the consequences

Unfortunately, many Nonstop environments are juggling various siloed key management systems. These might cover diverse use cases like tokenization of payment card information, file encryption, TLS/SSL, SSH, multi-factor authentication (MFA) and even encryption of audit logs.

This fragmentation alone is bad enough for security and compliance. It makes it difficult to know who holds which keys, and can lead to inconsistent logging, policy enforcement and reporting. But such environments also often rely on static passphrases and ad-hoc scripts. These further expose the organization to risks stemming from human error, brute-force attacks, a lack of key rotation, and no centralized oversight.

For businesses saddled with these antiquated approaches to key management, there are several negative impacts:

• Reputation and financial damage stemming from breaches
• Unnecessary operational risks and costs
• Compliance risks, including potential fines, damage to brand and liability for individual executives
• Higher interchange fees and fraud reimbursement costs (for those handling payment data)
• Long-term erosion of customer trust and competitive advantage
• Difficulty upgrading and integrating systems due to excessive friction
• Fears over complexity and risk exposure which stymie modernization efforts

The need for control

Ultimately, if businesses can’t digitally transform and modernize at their desired speed, they may find competitive advantage and talent ebbing away as margins erode. That’s why they need a unified key management service to centralize storage, enforce policy, provide real-time auditing, and automate key lifecycle management.