What's next for enterprise security? Look to public cloud — Read the paper Overcoming new security threats As enterprises undergo business transformation, security and compliance challenges loom large. The move to public cloud, combined with the increase in remote working, have expanded the security perimeter well beyond the traditional boundaries of on-premises data centres and networks, putting data and applications at greater risk from threat actors. A growing number of high-profile breaches has prompted greater regulatory scrutiny about how organisations are protecting data, and where that data resides. Cloud and increasingly complex hybrid environments are compelling organisations to think differently about security and compliance. Cloud-native tools help leading insurer tighten security A leading North American financial services firm needed to modernise its core system to improve the customer experience by adding self-service capabilities and the latest digital services. DXC Technology advised the company to migrate its core applications to public cloud, but it also required a new approach to security and identity management. To protect the modern enterprise, the DXC ported user profiles and IDs to cloud-native tools on AWS cloud, using an automated security migration framework. DXC now continuously manages the company’s applications and infrastructure configurations, cloud security and governance. Security controls are now automatically updated through AWS, ensuring the company can defend against the latest threats. Secure, innovative payments in public cloud A 150-year-old investment firm wanted to build a new platform to disrupt the market for consumer payments, but needed to ensure rapid innovation and delivery across governance, infrastructure, development and security. DXC supported the company by establishing new technology patterns for a high-performing, secure and resilient core architecture. DXC rapidly delivered infrastructure and middleware services for application developers in public cloud, plus a DevOps culture and pipelines to support continuous integration, delivery and deployment. A comprehensive new security control framework and security services satisfied internal security requirements and external regulators. The firm launched an industry-changing product on time, helping to open up a new market of 102 million consumers. The Cloud Right approach Using a Cloud Right™ approach, organisations can evolve their security approach to address new platforms, new technology and new capabilities that their existing approaches may not be able to properly protect. The focus on protecting locations and devices needs to shift to protecting the data itself. Data-centric security requires organisations to discover and classify data — identifying sensitive data, where it resides, how it flows through the company, and where the vulnerabilities lie. The focus on protecting locations and devices needs to shift to protecting the data itself. Security professionals should be involved early in the planning process. Enterprises need to embrace DevSecOps, with security woven into the IT landscape. Mixed teams should be established that have all the needed capabilities, including developers, security professionals and infrastructure experts. Adopting the mixed team way of working applies not only to cloud, but also to hybrid and on-premises environments.