Digital Transformation and Security: Protecting Endpoints and DXPs

By Derek Handova

As companies extend the breadth of their digital transformations and security comes more into play, the more they must ensure the endpoint security of their customer information. And with the potential for traditional CMSs to pose problems, MSSPs and their customers need something more. Digital experience platforms (DXPs) could be the answer with their greater implementation flexibility for endpoint security and more.

Solutions that MSSPs can integrate into DXPs for protecting endpoint security include updated single sign-on (SSO); help for security information and event management (SIEM); redesigned controls for access and administration; and compliance with leading cryptographic standards like FIPS 140-2 (Federal Information Processing Standard). With more and more digital experience marketing operations getting outsourced, MSSPs must have a native understanding of digital transformation and security for protecting endpoints and DXPs.

And while DXPs function on the premise that the more information they have about users enables them to deliver more of an enhanced digital experience, for MSSPs to safely address their customers’ digital transformation and security concerns, they must validate, filter and sanitize incoming data.

HotLink’s Lynn LeBlanc

“We all know the phrase ‘garbage in, garbage out,’” said Lynn LeBlanc, CEO for HotLink, a hybrid IT provider. “DXPs can be important tools to manage and optimize the customer experience across digital touchpoints. However, the effectiveness of all these platforms depends on accurate data flowing from production environments.”

Fortunately, next-generation cybersecurity analysis tools appear on the horizon that will automatically analyze offline backup data sets to identify a broad spectrum of compromises in near real time.

“By leveraging machine learning, digital transformation and security fingerprinting, the treasure trove of backup and replication data can be continuously analyzed to detect advanced threats, latent malware and other security threats that degrade the quality of data being evaluated by DXPs,” LeBlanc said. “With bad actors becoming more clever, MSSPs are in position to differentiate their service by addressing current gaps in cybersecurity together with the downstream impact on DXPs.”

Endpoints, SSO, and Digital Transformation and Security

Upgraded SSO can streamline MSSP management user authentication, protecting sensitive information and offering improved governance across IT-managed systems for improved digital transformation and security. But how does SSO protect endpoints and DXPs while enabling digital transformation and security?

Digital Envoy’s Bill Calpin

“DXPs are intended to provide a single point of access, via a single platform, to a variety of services like content and e-commerce — think portal,” said Bill Calpin, CEO of Digital Envoy, parent company of Digital Resolve, an online fraud protection provider. “By design they complement SSO for more easily managing access to sensitive data while giving users simplified logins with one click, and only one set of credentials ― as long as SSO is reinforced with multiple authentication options. SSO provides for seamless, unified end-user access — internal and external.”

With SSO, administrators can provide global governance for access of internal and external users from just one location, granting and terminating access to all applications – including those involved in digital transformation and security – for any user with ease, according to Austin Geraci, VP of engineering at WorldTech IT, an F5 Networks MSSP.

“In addition, integrating a multifactor authentication solution with SSO further increases security while maintaining the seamless user experience of a single password instead of storing these passwords at SaaS providers,” Geraci said. “Users storing sensitive passwords at SaaS providers – sensitive passwords they likely use for other corporate applications – can open up vulnerabilities. Measures like SSO can improve security across many applications in the enterprise at once.”

SIEM, Private Cloud, and Digital Transformation and Security

Another way for MSSPs to improve digital transformation and security at the same time encompasses configuring DXPs to share logs securely with their SIEM systems. This provides more endpoint visibility to improve …

… incident detection and response.

Cingo’s Scott Madsen

“Many cloud platforms provide an API that allows MSSPs to pull metrics and SIEM info that can then be presented to customers in an organized and easy-to-understand format,” said Scott Madsen, CEO of Cingo Solutions, a provider of advanced cybersecurity solutions for vulnerable industries. “In addition, moving locally hosted services and applications to a private cloud – when done properly – provides increased physical site security, granular access control, and often better backup and disaster recovery options.”

But all the security systems in the world can’t protect MSSPs from the mistake of an undertrained employee.

“Training your workforce to recognize and avoid certain risks has proven to be priceless,” Madsen said.

FIPS 140-2, Digital Transformation and Security

If an MSSP contemplates providing digital transformation and security solutions via DXPs while protecting endpoints, they may want to support FIPS 140-2, the U.S. government Federal Information Processing Standard that defines cryptographic module security requirements. Among other defensive measures, FIPS 140-2 calls for 128- to 256-bit AES encryption. The most popular and widely adopted encryption standard, AES (Advanced Encryption Standard) is the federal gold standard for unclassified but sensitive data networks. Demand among government and private customers for this baseline endpoint security standard just might bring DXPs into the mainstream.

Based on Google search engine results, among DXP providers Acquia seems one of the few 2019 Gartner Magic Quadrant for Digital Experience Platforms vendors – if not the only one – to offer FIPS 140-2 compliant solutions.

With FIPS 140-2 cryptographic libraries, the Acquia Experience Platform DXP can protect data in motion from endpoint to endpoint as well as data at rest, according to a blog by Meagan White, director of marketing programs at Acquia. Recently, Acquia also updated its algorithms to assure its DXP cloud platform maintains continuous support for FIPS-compliant digital transformation and security.

Credential Screening, Digital Transformation and Security

According to the Verizon 2019 Data Breach Investigations Report, 43 percent of all breaches occurred at small- and medium-size businesses (SMBs). And because many SMBs rely on MSSPs to help protect them, their digital transformation and security, they must carefully screen credentials of users.

“Criminals simply shift their focus and adapt their tactics to locate and steal the data they find to be of most value,” the Verizon team wrote. “Consequently, there’s been a corresponding increase in hacking cloud-based email servers via the use of stolen credentials.”

Therefore, compromised credential screening for online accounts can help MSSPs protect business customer targets who have online user accounts. Security experts say account takeover and fraud are significant threats that organizations with online accounts must tackle every day, for which credential screening can work quietly behind the scenes.

Enzoic’s Michael Greene

“Without creating additional friction for the end user, the API is integrated into the login, password reset or new account form so when a user logs in, the API checks a backend database of billions of credentials in milliseconds,” said Michael Greene, CEO of Enzoic, cybersecurity and fraud prevention specialists. “It will flag which credentials are compromised, and the MSSP or customer can determine next steps — forced password reset, step-up authentication, sensitive information hidden [and so on].”

For customers with Active Directory environments, password screening can help MSSPs protect employee or internal accounts from account takeover, according to Greene.

“MSSPs or their customers can configure it so when an account is found using a bad password, they can flag the account, prompt a password reset, then reset it the next time the user logs in,” Greene said.