CISOs face network security challenges of new business ecosystem

As innovations in business models and technology structures elevate the level of information sharing for enterprises, they are also blurring the boundaries of traditional security precautions in the business ecosystem of China's "New Normal". The boundaries between enterprises—and even industries—are blurring as supply and value chains continue to expand and Internet, cloud computing, and big data continue to penetrate. These trends put the spotlight on the need for greater shared governance of network security.

While business ecosystems incorporate both cooperation and competition, we are seeing a dramatic change in this relationship. From the perspective of security protection, enterprises now need to take a top-to-bottom approach, starting with business relationships, and continuing down level-by-level to the technical and operation levels, in order to understand and better manage the dynamics which underlie key business information. This puts the role of the Chief Information Security Officers (CISOs) under the spotlight too. In the new business ecosystem, there needs to be as much a focus on external as on internal security measures. Information collection, processing, storage, and presentation are common imperatives for all enterprises with a business ecosystem – however, the models vary for different business relationships. When CISOs look outside of their own enterprises to focus on the wider operating environment impacting their enterprise, they also need to look at that of their other stakeholders with whom their enterprise has established co-existence relationships. They need to take the initiative to grasp the flow of key business information and facilitate other stakeholders to strengthen their security protection where necessary. For example, when facing potential security risks, enterprises need to act in conjunction with their stakeholders and work together to guard against outside attacks. The aim is to share network governance between enterprises for more effective responses to security challenges.

Deloitte Enterprise Risk Services has long studied the practice of network security, and cautions that an effective network security system requires multi-level and multi-angle analysis and control with regard to governance, protection, precaution, and response. The expansion of business ecosystems makes it even more complex for enterprises to build and maintain their network security systems, which sets the bar higher for enterprises' security capability. Contact us if you need help to diagnose the security status of your enterprise in the business ecosystem, and close gaps in your security to enhance your enterprise's ability to defend against threats.