Embed Size (px)
Citation preview
Embark on a secure digital journeyOctober 2018
White Paper
White Paper
2
Digital transformation has in turn, brought many positive changes to the businesses embracing it. The primary objective of digital transformation is to improve user engagement and satisfaction to increase business stickiness, and achieve higher recurrent engagement. It modernises business activities and processes to better serve digital users’ needs whose expectations of online services are high: services must be always available and responsive, and users must be able to share their activities to various service providers at their discretion.
Going digital means that businesses must fundamentally change the way they build and manage their information technology (IT) resources. Gone are the days when massive capital investment was needed to build monolithic platforms and applications requiring teams of dedicated specialists to manage performance and security. Today, a digital business is expected to be up and running quickly, with computing services consumed in real-time based on need, and the business built to manage service outcomes with little on platform management. The result is IT resources built to reduce cost and improve customer engagement.
Despite the benefits, many organisations have not fully embraced digital. In August 2018, DXC Technology commissioned independent analyst firm Telsyte, to undertake a cyber security research study of more than 240 IT decision makers from organisations across Australia and New Zealand (A/NZ). Results indicated that the digital strategy of one third of organisations surveyed has been impacted because of cyber security issues. Further investigation indicated that these organisations were not fully aware of the security implications of going digital, and thus did not feel confident they could mitigate the risk if they progressed along a digital journey.
This paper addresses the ten key areas that impact most digital transformation processes, the security implications, and benefits, that all organisations should be aware of.
1. Current weather: cloudy
The prevalence of cloud platforms makes digital transformation possible for all organisations. Cloud platforms make it easier for organisations to build and consume digital services at an affordable cost, and is an option where businesses don’t have to undertake intensive capital investment which could become obsolete very quickly. The pay-as-you-go model offered by most cloud service providers makes it appealing to financial-decision makers as it allows investment of savings into other business areas.
In recent years, an increasing number of organisations have embarked on a digital transformation journey to change the way their business operates. The increase in new digital technologies, the new millennial work force, and changing consumer behaviour, has compelled organisations to transform their business operations and services to respond to the market more quickly and cost-effectively.
Embark on a secure digital journey
White Paper
3
From a cost reduction point of view, consuming cloud services is not only more affordable to most organisations, but also helps save money by reducing the amount of manpower needed to manage IT infrastructure. Cloud platforms allow users to focus on service delivery, and take away the pain of managing and updating infrastructure and applications.
Such platform evolutions have led to organisations building digital services without the need to install an application, or manage a virtual workload. Serverless applications and architecture now allow organisations to build world-class digital platforms by using a browser to manage different cloud platforms. These organisations don’t need to worry about server uptime, application patching, or network architecture planning.
All this convenience accorded to users by cloud platforms leads to an interesting situation where users have less control over data management and protection. This results from cloud platforms only providing the essential functions for users to utilise the service. Users are then at the mercy of cloud service providers to provide the controls and granular visibility to understand the consequences if there are issues with the services they are consuming. Cloud platforms are not designed to be customisable, and users have to work within the existing allowed controls. For example, password policies may vary between different user organisations, but the cloud platform service provider’s policy may dictate that everyone use a single defined policy.
Another major pain point is that not all cloud service providers provide the means to store user data in the country of operation to comply with data sovereignty. This may not be an issue for large established cloud service providers, but for smaller, newer start-ups, the choice to store data in a particular country of choice may not be available.
Despite lesser controls and limited choice of countries to store user data, cloud platforms are now becoming mainstream as more and more governments and businesses find acceptable security models. This perception is not unfounded, since most well-known cloud service providers build their platforms with security embedded in the architecture and process. Cloud service providers are generally leaders in adopting best-practice security management, as their business model depends on providing a trusted platform. When cloud service providers take away the hard work of platform management, users can utilise their resources to best focus on delivering the service outcome.
2. The language of digital
Most digital services are built using several cloud service providers. For example, a retail organisation may be using one cloud service provider to host the web-retail portal, another to provide the payment system, and a file-hosting provider to store transaction events and logs. As the user doesn’t own these platforms, it is important they can orchestrate and enable the digital service workflow between each service provider. The underlying communication making that possible is an Application Programming Interface (API) which facilitates interaction between the platforms and data.
API has evolved from the server/PC era where developers had to learn and use proprietary languages to manage IT infrastructure, operating system and applications. In the cloud world, API languages used are open standards based on Javascript Object Notation (JSON), Extended Markup Language (XML) and YAML Ain’t Markup Language (YAML). These common direct data formats are used to handle data directly between cloud providers and users. They are used as RESTful
White Paper
4
(Representational State Transfer) API languages embedded within the HTTP protocol to facilitate communications between two or more entities in a cloud world. The use of such open standards is what drives cloud services to flourish, since it allows open communications and facilitates data exchange, enabling organisations to create innovative services through these open environments.
The use of APIs is important in the cloud world, since it’s the only way to manage cloud functions through the web. As a type of code, it is a key feature facilitating the performance of orchestration of services and automation of tasks in the cloud. This means a single user can write a series of API commands to instruct cloud platforms to launch multiple servers, or deploy a fully-functional web-site which would have previously taken months using the same service deployed physically. API is not only used by cloud platforms, but increasingly with on premise hardware, software and IP-enabled devices which can interact with one another using RESTful APIs.
As these RESTful APIs are utilised broadly, it is important to note that they are fundamentally readable code. Any transmission of management or user data using these RESTful APIs can be intercepted, viewed and modified. As such, it is important that all API calls are secured in transmission as well as in storage.
When two or more entities (cloud platforms and/or physical devices) need to interact with one another with no human involvement, authentication is still required. The mechanism to perform entity authentication is the use of API keys, where one entity exchanges a properly-generated API key to the other entity for verification. The API key is also encapsulated in API calls, and requires similar stringent security controls. Any transmission of API keys using RESTful APIs must be conducted via a Transport Layer Security (TLS) tunnel, and the storage of such API keys must always be encrypted. The API key contains the privilege to instruct the entity to perform certain actions within a certain level of authority, so its significance is as important as if it was authenticating with a human being with similar authority.
Since API keys contain privileges to perform certain functions, it is important to consider assigning appropriate privileges. Though it would seem ideal that each API key is assigned to perform one specific function, that would require organisations to generate multiple API keys to perform multiple functions, which would make management a nightmare. On the contrary, giving an API key too much privilege means any accidental leakage of the key could lead to a major security breach.
API management is an important consideration in a digital environment since all digital transactions depend on it. It is important to document API activity uses and review them before deployment since they are the glue to the entire digital environment.
3. Orchestrate and automate
If the cloud provides the platform for enabling digital transformation, and API is the language of digital, they both pave the way for digital behaviour and workflows through orchestration and automation. In digital terms, orchestration is the execution of workflows consisting of many tasks determined by the type of inputs provided; automation is the execution of a task without human intervention. When combined, orchestration and automation can perform a large number of repeatable tasks quickly with little room for error.
The chief outcome of orchestration and automation is task completion in the shortest time with as little intervention as possible. In any service delivery, a speedy response tends to increase user satisfaction, while creating stickiness which helps grow service use.
It is important to document API activity uses and review them before deployment since they are the glue to the entire digital environment.
White Paper
5
Before the digital era, orchestration and automation worked against ITIL™ principles, where all tasks are approved and validated before execution. While it met compliance requirements, the speed of delivery was impeded by manual approvals. In the digital era, such delays can affect competitiveness, and organisations are beginning to realise that a well-tested workflow will equally meet business requirements while not compromising security, but also achieving higher customer satisfaction and engagement. When organisations become proficient in orchestrating and automating workflows to meet business requirements, they begin to achieve agility and efficiency. This allows them to hire less people to take on more work with increasing productivity.
However, security concerns for orchestration and automation workflows are not unfounded. A poorly defined workflow that does not perform proper sanity checks will result in unexpected disruptions, and in extreme cases, security issues. For example, if a workflow to delete user records that meet specific inputs does not perform input checks thoroughly, it can be used to wreak havoc by a malicious user very quickly. For example, by setting up a malicious automated workflow to delete user records in bulk. It is important that built-in checks are put in place to detect anomalies, as well as to periodically test the orchestration and automation workflows to verify they work as intended.
From a security management perspective, orchestration and automation brings immense benefits to the organisation. Not only does it help organisations to manage human fatigue and ambiguity which can result in dealing with large numbers of repetitive workflows, but it also helps speed up response to managing events and reducing reaction time . Such skill is especially important in monitoring security events - the faster an organisation can automate the detection and response of a security incident, the better since the likelihood of reducing impact is very high in the early stage.
4. The thinking machine
The rise of the cloud platform leads to a new digital possibility, machine learning. Machine learning is a subset of artificial intelligence (AI) that provides systems with the ability to learn and improve from supplied information without being explicitly programmed to recognise patterns within information sets. Creators of machine learning capabilities design and develop algorithms and techniques, known as machine learning models, to analyse data sets that identify existing and recognise new patterns without the creators’ involvement.
Machine learning is a computing-intensive capability which requires enormous computing power to perform. The cloud platform provides organisations with cost-effective computing power to build machine learning capabilities for use in their business, and has started to gain ground in many applications across the finance, healthcare, retail and transportation industries. It is commonly used in orchestration and automation workflows where it can understand patterns and perform tasks automatically, as well as spotting anomalies in workflows to quickly involve a human operator to troubleshoot before the workflow is used for unintended use.
In the cybersecurity industry, machine learning is already being used in many security controls, from malware analysis to understanding traffic workflows as well as monitoring user authentication sessions. Machine learning is especially well-suited to detect the unknown-unknown (things we don’t know we don’t know). Anomalies are types of event that belong to the unknown-unknown, and machine learning can be used to identify anomalies very quickly based on large data-sets where it would take much longer to identify with human operators.
ITIL™ is a (registered) Trade Mark of AXELOS Limited. All rights reserved.
The faster an organisation can automate the detection and response of a security incident, the better since the likelihood of reducing impact is very high in the early stage.
White Paper
6
Most security incidents today are discovered through anomalies identified through machine learning, so organisations can respond quickly to threats. There are several scenarios that can be easily spotted using anomaly detections, from data-exfiltration activities and unusual login sessions, to surging traffic access, to many end-points happening concurrently.
Though machine learning is useful for security management, the technology itself is not foolproof. Machine learning models must first be developed using untainted data sets to baseline normal operating behaviour before it can spot anomalies. Well-resourced adversaries who anticipate that organisations may utilise machine learning to detect security attacks, could engineer events that taint the data and corrupt the machine learning models to ignore attack patterns. At the same time, if machine learning models are tampered with directly, adversaries could ignore specific attack behaviour.
No organisation should wholly trust that machine learning works as intended, and the capabilities must supplement other forms of security management to ensure a comprehensive security state. However, if machine learning capabilities are coupled well with orchestration and automation workflows, it can be used to automatically respond to security incidents quickly, and even patch systems or enforce network access control to minimise the impact with minimal human intervention.
5. All about the CRUX (Cyber-Relevant User eXperience)
If the primary objective of the digital experience is to improve user engagement and satisfaction, the key element to achieve this objective is the right design and implementation of user experience (UX). Good UX leads to better business outcomes which include improved user engagement, higher productivity, brand loyalty and business growth. The elements crucial to a good UX are consistency, design, accessibility, relevant content, and most importantly, trust in the digital platform.
UX and security goes hand in hand, and starts when the user first uses the digital platform at login. It is important from a UX perspective that a digital platform induces trust, which can quickly be destroyed with the wrong UX design.
Most digital platforms will sign up users by asking a series of identification questions. In almost all cases, the digital platform asks for an email address and/or mobile number to uniquely identify the user. However, if the digital platform uses this information as the login ID, it raises the possibility of adversaries using it to perform brute-force attacks. A secure digital platform allows users to choose a unique username unrelated to their email address or mobile number, so adversaries find it harder to perform targeted attacks on users without knowing personal details.
A secure digital platform will also provide feedback to users’ password choice, and encourage a more robust choice. To help reduce the likelihood that an account is hijacked if the password is stolen, the platform can mandate using multi-factor authentication like a hardware authentication device or a one-time password issued by a mobile application. When the digital platform supports such use, it induces trust and leads to a better UX.
Good UX can be marred in many areas. Firstly, most UX developers are not security professionals, and they tend to select unproven or outdated security controls which may lead to insecure UX. For example, sending one-time passwords using SMS is an insecure practice, but many organisations still use it because they believe it is the most convenient method of enforcing multi-factor authentication for users. However, this convenience is now a user security risk. Another example is using voice recognition which is susceptible to speech synthesis and replay attacks.
No organisation should wholly trust that machine learning works as intended, and the capabilities must supplement other forms of security management.
White Paper
7
A secure UX must make it simple for users to manage access, without it being too onerous or technical. Good UX works well with a security process built into the digital workflow. This benefits the organisation when their users’ data is properly secured.
6. The I in IoT
A digital platform providing good UX not only derives input from the keyboard and terminal, but also from human devices like mobile phones, cameras, thermostats, wearables, voice-input speakers or digital switches. Similarly, the digital platform may not just provide feedback of information via a screen, but also deliver it via a real-world experience – for example, controlling lights, air-conditioning systems, home appliances or even vehicles. These devices are collectively known as the Internet of Things (IoT) which can be accessed and managed via wireless networking.
Some organisations are using IoT prevalently in their business for activities such as crowd tracking in a retail mall, controlling the office ambience, or automating stock tracking. In the industrial sector, certain organisations are replacing legacy SCADA devices with Industry IoT (IIoT) devices since they harness sensor data, machine to machine communications, and automation capabilities that can deliver better and more efficient industrial outcomes through real-time communications.
Most IoT and IIoT devices are managed through a hub, a digital platform which onboards all such devices for centralised management and access. In most cases, this platform is hosted in the cloud, allowing management and monitoring of devices from anywhere. The hub can be used to orchestrate and automate workflows between devices so they perform specific workflows based on sensor information and events obtained, and delivering workflow outcomes to other devices which provide the physical experience to human users.
IoT provides convenience and significant benefits to human users, but managing them can be challenging from a security perspective. Most IoT devices do not have good security controls, since they are built with low cost basic functionality in mind. The addition of security controls adds to production costs, and creates complexity in the devices, leading to potential insecurity when the devices are deployed in the real-world.
Most IoT devices are sold with default login credentials that are seldom changed when deployed. In some instances, these basic login credentials are hard-coded and can’t be changed which is leading to large numbers of IoT devices being hijacked by adversaries.
As IoT devices are built with constrained and limited hardware capabilities, most manufacturers do not include security defences in the firmware. Since these devices have limited memory storage, it is difficult or impossible to install end-point protection controls. When an organisation deploys numerous IoT devices in an environment, it is important to protect the devices with management via external, supplementary security controls such as micro-segmentation or network-based behaviour analysis monitoring.
This limited device storage capacity also poses another security challenge when they are compromised. Most of the precious storage is used to store device data with little or none used to store audit trail. When these devices are hijacked, there are few clues as to how they are being compromised, and what the adversary has done with them.
White Paper
8
The “I” in IoT can stand for “insecurity” if these devices are not properly deployed and managed. On September 2018, the state of California enacted the world’s first IoT cybersecurity legislation to address this issue. As awareness increases, it is inevitable that manufacturers of IoT devices need to step up their game, to help foster a more secure IoT environment.
7. Data, data everywhere
The rise in IoT device use is leading to new technical challenges resulting from the volume of events and log information generated. Most organisations are struggling with the exponential growth in storage needs and management of data generated by IoT data; and the events generated from cloud activities, API access, and user activities. Such is the outcome from using these digital technologies.
These enormous data sets can be useful from a business perspective. It’s where big data comes in, where the information generated may be analysed computationally to reveal patterns, trends, and associations relating to human behaviour, interactions and transactions. The output of these analyses can help organisations better understand user usage behaviour, perform business optimisation, conduct cost-benefit evaluation, or identify new opportunities.
However, storing this data in a secure manner is not straightforward. Since not all data is encrypted at its source, but may contain user information stored in the cloud, it is important to encrypt it as soon as possible. Since the data can also contain important business intellectual information, it is also essential that access controls are strictly enforced to restrict the type of personnel accessing it. Such restriction also applies to access of big data tools and the analytics platform accessing the data.
When accessing data for big data analysis, it is important to consider sanitising specific fields from a privacy point of view. Any information that identifies a particular user must be pseudonymised to ensure the business analyst conducting the analysis cannot attribute the result to a specific user, while remaining valid to fulfil the business requirement and derive the desired analysis results.
While big data may introduce security challenges to organisations, it has great applicability and relevance in security monitoring. Since security controls generate a large number of events related to users, applications and network activities, big data analytics provides the foundation information for machine learning models to identify anomalies crucial for detecting security incidents. When CISOs are provided with such security analytics insights, it helps maximise security spending and ensure appropriate investments to achieve optimal outcomes. Large amounts of data may drown an organisation, but if managed properly, it can provide great situation awareness to the business processes including security management.
8. Is that a human or machine?
The digital age has brought forth a new way of managing identities that were never thought of before. In the past, IT processes were designed with the approach that a human user would perform the authentication or tasks. In the digital age, that line is blurring. Machine learning, IoT devices, and serverless applications coupled with orchestration and automation, is leading to digital workflows with little or no human involvement in the outcome.
These days, digital experience is provided more and more by entities such as IoT devices, software code or artificial learning bots. Orchestration and automation removes the need for human elements. By stringing a series of entities together
When accessing data for big data analysis, it is important to consider sanitising specific fields from a privacy point of view.
White Paper
9
to perform tasks previously performed by humans, it is virtually impossible to distinguish if an outcome was automated or not.
In recent years, ChatOps took over many customer service portals in the telecommunication, utility and retail sectors. When a human user accesses these portals, they are presented with a chat window to interact with an entity at the other end. This entity may be another human or a chatbot (a software code that emulates a human operator).
The rise of Alexa, Cortana and Siri in mobile devices as well as smart speakers has fundamentally challenged how human users interact with digital platforms. Since interactions with digital devices lead to outcomes desired by human users, there is a general acceptance that such digital devices are functionally similar and as secure as interacting with a human operator.
This new digital behaviour changes how authentication and authorisation work. Instead of humans validating humans, it could be entities validating one another. A cloud platform could authenticate an IoT device before the IoT device can store or access data on the cloud platform; a serverless application could authenticate with an IoT device before it can manage the IoT device, or a chatbot could authenticate itself with a serverless application to perform certain tasks.
While all these entities are validating with each other through API key exchanges, it is more difficult for these entities to validate with a human user and vice versa. How does a human user know the chatbots can be trusted, or that the entities are extracting information from the user legitimately and not accessing the information via a remote controlled malicious adversary? Is it wise that a chatbot or a smart device request a human user to disclose private information such as passwords or personal information for authentication, and how do these entities prove themselves to the human user?
In today’s context, implicit trust must be established between the human user and the entities so the digital workflow is securely performed. As such, organisations providing the digital service to users must understand the blurred line of interactions between human users and digital entities. It is important from a UX perspective, that users trust that the information shared between humans and any entities is properly managed end-to-end from the moment of the first human interaction through to the secure data storage stage.
In the future, it is inevitable that having entities capturing sensitive information will be the preferred method in a customer service environment. Human operators no longer need to extract personal information such as birth date, credit card number or address from their customers since the digital entities will capture this information and hide it from human operators. This approach can improve security posture by reducing the likelihood of identity theft, and helps the organisations to achieve compliance to privacy legislations.
9. The infinity loop
One of the key reasons why businesses are adopting digital transformation is because they want to maintain pace with innovation and technology to achieve better business outcomes on their road to modern application delivery. Much has changed in the internal culture - organisations have moved on from ITIL to DevOps where innovations and improvements are rapidly released.
One of key driving forces of the DevOps process is implementation of the Continuous Improvement/Continuous Development (CI/CD) pipeline. The culture of DevOps
It is important from a UX perspective, that users trust that the information shared between humans and any entities is properly managed end-to-end.
White Paper
10
which is fashioned after the agile methodology, encourages CI/CD and incorporates the use of processes and tools to continuously improve while implementing features and changes responsively.
Security management benefits from DevOps, since the concept of DevOps focuses on making improvements to a business process continuously. Security, like other business operations, is a continuous affair so will benefit from the CI/CD pipeline.
There is no need for buzzwords such as SecDevOps or DevSecOps. The Agile Manifesto Principle 9 states “Continuous attention to technical excellence and good design enhances agility.” Good security principles and behaviour are part of technical excellence, so a true DevOps culture will have security as part of its delivery behaviour and outcome. Most major cloud platforms today were built and managed with teams conversant in the DevOps culture, which can be demonstrated by the fact that cloud platforms are secure by design. The digital transformation has transformed enterprise security expectations , where once security was an add-on to a delivery process, digital platforms and workflows today are expected to have it built in.
It is important to note the danger of faux DevOps, where certain developers ignore proper security engineering principles and testing behaviour in the name of speed when developing and implementing new features and changes. Though we still have a long way before DevOps fully embraces security behaviour, it is expected that the digital age will accelerate that process. When an organisation’s culture truly encourages the behaviour of quickly changing and fixing issues, it will also support the security management process, and ultimately DevOps will help organisations become much more secure in the long run.
10. Hide the data, release the data
The year 2018 will be remembered as the turning point for privacy in the digital world as Australia’s Notifiable Data Breach (NDB) scheme and Europe’s General Data Protection Regulation (GDPR) came into effect. These legislations now mandate that organisations make full disclosure to users within a certain period if their personal data is breached.
In Europe, the legislation takes one step further. Their citizens have the right to request that the service provider completely removes their information from their environment. This poses a challenge to several organisations that are accustomed to collecting and assuming ownership of user information. Most of these organisations don’t have the facility to allow users to remove their information, since it spans data stored on premise, in the cloud environment, and even on backup tapes stored off-site.
The GDPR legislation has also created operational challenges to certain organisations which are accustomed to sending marketing materials to users. Under the GDPR legislation, user data belongs to the user, and companies cannot send marketing material unless they have explicit consent from the user. This poses a challenge to organisations trying to disseminate marketing information to users, forcing them to rethink their user engagement strategy.
The emergence of these privacy laws is timely in a digital world. As users share their information freely online when using digital services, organisations have a responsibility to protect the information in a proactive manner. This responsibility not only covers how the information is stored, but also how it is collected, shared and removed.
White Paper
11
When a service provider signs up a new user, it is important that they collect the bare essential information required to provide the service(s). Most privacy breaches become a concern when the service provider collects more information than necessary, with the hope of performing analytics to better understand their customer base. For example, collecting mobile numbers for a booking service may be important to send out tracking information, however collecting home and work numbers may become overly intrusive if it isn’t necessary to render the service.
When user information is collected, it must be encrypted for storage. If there are any business analytics performed on the information, the personal information (such as name, birth date or address) must be pseudonymised before further processing.
Lastly, the service provider must offer an opt-out mechanism to allow users to stop using the service, and have their information completely removed from the system. If the service provider is required to preserve the user’s record for archival purposes, it is important that only essential fields are retained, with personal fields removed to minimise any privacy breach impacts.
We should note that the GDPR legislation is not just about hiding or suppressing user data. It also allows for users to request their transaction information is shared from one service provider to another. In the near future, Australia will amend the Consumer Data Right (CDR) legislation to allow users of banking, telecommunication and energy service providers to port their transaction information between service providers. Despite the privacy concerns in the digital world, if the mechanism to share transaction data is robustly implemented, it can bring immense benefits to the nation and the economy. Not only does it encourage healthy competition between service providers, but such data-driven innovation can generate new economic growth and create high value jobs that were previously unavailable when data was stored in silos across organisations.
The reality of managing user information in the current digital world means organisations have to learn how to protect and confidentially share it. Any organisation that demonstrates strong proficiency in both tasks will establish trust among their users, which will create competitive advantage. Privacy legislation should not be seen as an obstacle to any digital transformation efforts, but organisations should embrace the changes to transform their business to achieve new economic competitiveness.
The reality of managing user information in the current digital world means organisations have to learn how to protect and confidentially share it.
White PaperWhite Paper
Conclusion
Digital transformation can be a daunting process, with organisations having to grapple with various new tools to transform themselves from old ways of doing business to the new digital world.
Organisations that embrace digital transformation will gain a competitive edge and engage with customers more effectively. Technologies like Cloud, IoT, Big Data and API management demand new methods of security, with better outcomes expected in user experience, machine learning, automation and orchestration.
DevOps is increasingly important as companies become more responsive to service demands. At the same time it is essential to be mindful of data breach legislations while building digital strategies.
The key outcome of any digital transformation is improved user engagement. Secure digital services and platforms will foster trust between organisations and their users, bringing them closer together. Every challenge can be transformed into an opportunity, and great benefits are on offer for organisations that embark on a truly secure digital journey.
About the author
TM Ching is Australia and New Zealand’s Chief Technologist for Security, responsible for DXC’s cybersecurity strategy, vision and execution across the region. He works closely with clients and internal teams to identify future technological evolutions and disruptions, and develops roadmaps for both clients and DXC Security to achieve service readiness to meet those technological changes.
www.dxc.technology
About DXC Technology
DXC Technology (DXC: NYSE) is the world’s leading independent, end-to-end IT services company, serving nearly 6,000 private and public-sector clients from a diverse array of industries across 70 countries. The company’s technology independence, global talent and extensive partner network deliver transformative digital offerings and solutions that help clients harness the power of innovation to thrive on change. DXC Technology is recognized among the best corporate citizens globally. For more information, visit www.dxc.technology.
© 2018 DXC Technology Company. All rights reserved. MD_9162a-19. October 2018
