Blog

Digital transformation dominates the agenda of companies, authorities, and non-commercial organizations in the Republic of Moldova. Through international support programs, national technical assistance funds, heavy investments are made in various automation solutions, resource and operation management, self-service services with minimal human involvement.

The accelerated digitization based on these innovations does not always take into account the risks in the field of cybersecurity. Threats of this nature are becoming more numerous, and the losses are increasing. Mitigating risks begins with careful coordination at all stages of development and/or integration of new solutions.

To address these risks, we must use all the tools at our disposal – technologies, infrastructure, methodological, organizational, and legal measures, interoperability and cooperation capabilities to build trust elements for the future.

To address the challenges in the solution development stage, today companies turn to DevSecOps, an approach that involves risk mitigation activities throughout the development and delivery process. Consequently, it provides an idea of how an application progresses, who implements it, what, when, and in what environment. If in a traditional security testing approach, a dedicated team is aligned to take care of application security, conducting manual checks in the middle to end of the development cycle. The DevSecOps approach is jointly managed by security and development teams. Here, an application is continuously tested throughout the development cycle, taking into account all components of the future operating system, application, database, interoperability services, backup infrastructure, and production environment.

Security risk mitigation in the DevSecOps approach is not just about automation, fast feedback loops, consistent release cycles, etc. Beyond these, DevSecOps provides several additional benefits in the product development process, namely:

· makes the software delivery cycle observable, and allows the team to track the existence of each process within the cycle;

· creates a trust relationship between stakeholders and the IT team, ensuring that what started as a requirement, initially, is continuously updated as a solution;

· helps maintain compliance and assists development teams in ensuring that the software solution adheres to essential compliance best practices;

· helps address vulnerabilities arising from time-to-market pressure, poor documentation, lack of team collaboration, wrong technical decisions, misunderstanding of objectives, etc;

· ensures the safe use of source code by automatically scanning security elements at various stages of development, reducing the chance of adding compromised components to the code, and saving the team from issues in the later stage;

· provides benefits of the "Cloud" environment by automatically testing vulnerabilities already in this environment. It allows continuous code analysis, monitors compliance, investigates threats, manages changes, and much more;

Another aspect relates to the institutional preparation of the solution owner. What the organization or company should do against the background of cyber threats in the process of launching the digital product into use. We can confidently outline the following essential steps that companies should take before embarking on digital transformation projects:

· companies must ensure that critical/sensitive data is stored in an infrastructure not directly connected to the internet, placed in a trusted digital environment, protected by a protective shield, and permanently monitored for undocumented actions and events;

· have the necessary policies and procedures to establish a systemic and professional culture and behavior in cybersecurity;

· organize periodic training of employees to develop the necessary skills and reduce the risks of accessing links or files from unsolicited emails to prevent infection with ransomware;

· companies are advised to form and maintain copies of important data and take measures to reduce the restoration time in case of necessity;

· have competent IT security teams that will periodically conduct infrastructure resilience tests and detect vulnerabilities in a timely manner;

· it is necessary for companies, in addition to training programs, to conduct exercises to assess how vulnerable their systems and employees are to phishing threats, or how quickly services or attacked resources can be restored;

· companies should implement high-performance and viable security solutions equipped with all tools for preventing and protecting services and resources, and connected to the permanent update of threat libraries detected by the professional society in the field;

Ensuring these elements requires involvement of all stakeholders from the organization. And the system development process should always take into account the risks that will arise from the realization of these projects. Expertise in this regard and, respectively, a roadmap for building or adjusting cybersecurity elements can protect you from many issues in the future. In the projects carried out, the Infoera team can offer you the following activities:

· in-depth expertise of security architecture, policies, and security practices;

· vulnerability assessments that reveal weaknesses and provide you with an action plan to address them;

· setting up steps to help you improve your configuration and strengthen your security with new elements;

· development of security technology policies that standardize network segmentation, server protection, authentication, remote access, firewall design and implementation, etc.

In conclusion, we can mention that the presence of the business in the online environment and the permanent exchange of information with other systems will require continuous monitoring and adaptation to new threats, and the fight against cybercriminals will always involve resources – not only financial, but also human. And to ensure a sense of online freedom, protect assets, and maintain trust in digital technologies, cybersecurity will need to be supported by an ecosystem of intelligent solutions and partners who together ensure the fight against threats and risk management in the online collaboration environment.