All modern companies have a technical architecture as their foundation. At the crossroads of a company’s relationships, IT plays a fundamental role for employees, customers and partners alike. Moreover, ecosystems are increasingly tending to be organised around a technical foundation, facilitating data exchanges between the various players. But how to secure these famous exchanges?
Extended enterprise: the advantages of the IT ecosystem
The advantages of adopting an IT ecosystem are numerous for companies:
- Saving time on a multitude of tasks, thanks to the presence of tools and applications at hand;
- Time saving on sending emails to suppliers: all information is stored on the ecosystem;
- Significant savings: optimised management costs thanks to automation and simplification of tasks;
- Better performance thanks to reduced turnaround times;
- etc.
The ecosystem also offers many benefits to suppliers, including simplified two-way communication through API integration. Similarly, the automation of processes offers suppliers considerable time savings.
Finally, on the partner side, the ecosystem allows for the multiplication of business opportunities.
Each player is thus able to take advantage of the ecosystem to expand its network of action and partnership.
Risks related to the ecosystem of an extended enterprise
Opening up the IS to the outside world also means potentially multiplying the risks of cyberattack. Security is not always up to the challenge and the exposure to risks caused by the rise of teleworking, multi-cloud, mobility and interconnection of equipment is increasingly questionable. A study by Tanium shows that since the beginning of the Covid-19 health crisis, corporate cyber attacks have increased by 93%. The very (too?) rapid transition to teleworking has opened up some security gaps, and cloud-based systems are not spared.
While we all remember the cyber attack that targeted Equifax in 2017, leading to the theft of 150 million people’s data, other less publicised attacks regularly occur. The Marriott Group hack in February 2020, for example, also damaged several million customers.
But what if the problem was actually the solution? To counter these security risks and cyberattacks, many experts advocate relying on the ecosystem to manage IT vulnerabilities. Faced with increasingly spectacular and sophisticated cyber attacks, companies have no choice but to take action. The objective: to identify, prioritise and remediate the various vulnerabilities in order to limit the risk of cyberattack.
API Management and other solutions to secure the IT ecosystem
The good news for large enterprises is that solutions exist to ensure the security of their ecosystem. One such solution is API Security, or API Management, which aims to protect all programming interfaces used or owned by companies. When you consider that most data leaks are due to faulty APIs, you can see the urgency of focusing on them. There are many publishers of data exchange solutions within the company and with the ecosystem: Comarch, Boomi, Blueway, Talend…
CISOs (Information Systems Security Managers) also play a fundamental role in securing the IT ecosystem of large companies. The function has evolved enormously in recent years, at the same pace as the evolution of ecosystems. Today, the CISO no longer works alone, but in partnership with the IT department, the person responsible for personal data or the commercial department. The challenge is to identify the way in which his tasks and his organisation adapt to the evolution of the ecosystem.
If the presence of an ecosystem makes the company more efficient and agile, it must be able to guarantee the security of personal data. Increasingly open ecosystems necessarily imply a greater number of attempted cyber attacks, some of which result in major data leaks (Marriott, Facebook, MyHeritage, etc.). The challenge for extended enterprises is therefore to find sustainable solutions to ensure the security of their data while preserving an open ecosystem.
