Keeping up with digital change requires a new approach to security
We are living in an era of hyperconnectivity between systems, applications, devices and data. Technologies such as IoT, mobile computing, cloud-based services and multi-cloud infrastructures are not simply being added to the network; they are being interconnected in ways that are redefining not only business, but also the fabric of society itself. Digital transformation has disrupted how we are entertained, communicate and conduct business. In turn, this is changing how your consumers and employees expect to interact with your corporate data and infrastructure. Economic trends show that such evolution is providing undeniable value to users.
As a result, information technology has become an artificially intelligent and pervasive source of economic value creation. In other words, information technology no longer simply supports the business. In many important ways, it is the business, and its success is being measured in microseconds.
In a recent Gartner EMEA survey, 47% of CEOs are being challenged by their board of directors to make progress in digital business, and 56% said that their digital improvements have already improved profits. According to Gartner, “While IT delivery is still a responsibility of the CIO, achieving revenue growth and developing digital transformation were identified most often as top business priorities for organizations in 2018.”
To meet these demands, today’s businesses have had to deploy a broad, dynamic and highly elastic network of networks. This is compounded by the volume and variety of interconnections between devices and resources, both inside and outside of the network, making them both dense and complex. In security terms, this means that organizations are actively generating a vast and growing digital attack surface that is constantly in flux.
Traditional security has become a barrier to success
The challenge that many organizations face is trying to map their legacy security infrastructure to their new, dynamic network infrastructure. Issues like speed and scalability, along with limited visibility and control, mean that security is viewed as more of a barrier to success than an enabler. The fact that siloed security products cannot communicate with other security devices makes things like collecting and correlating threat intelligence, detecting and responding to advanced threats hiding in your extended attack surface, and orchestrating policies and protocols across the distributed networked difficult, if not impossible.
And cybercriminals have risen to the challenge. Multi-vector attacks are designed to bypass traditional security tools that can’t keep up. New malware and infiltration technologies exploit the seams between different networked systems. Advanced evasion techniques monitor and learn traffic patterns in order to mimic legitimate traffic. And increasingly, they are doing this to target vulnerable network resources, such as unpatched network or IoT devices, because IT teams are stretched too thin to track and inventory the devices on their network or even maintain basic security hygiene protocols, such as patch and replace.
Security transformation must be integrated and automated
As the speed and scale of cyberthreats expand, security must be transformed as well. This starts by it being seamlessly integrated into all areas of digital technology, including applications, connected devices and multi-cloud networks. This allows it to protect the business data being spread across these distributed environments. It must also be able to translate user intent into automated business response by using broad visibility and integrated threat intelligence, and then automatically responding to events detected anywhere across a global network.
This can only be achieved by replacing legacy security systems with technologies that can use open standards and a common operating system. These allow different security technologies to integrate and operate as a single, consistent system. Such a holistic approach enables unified visibility and controls that can dynamically span and adapt to elastic networks.
Because humans cannot keep up with the complexity of today’s networks and data, for example, a common security framework centralizes and automates deployment and configuration. This ensures that repetitive tasks are accurately duplicated so security devices can safely scale as resource demands scale. This also means less resources being spent on deployment and less human error, especially now, as configurations and management are required to cross beyond traditional product boundaries to enable things like seamless security visibility and orchestration.
Security transformation requires an interconnected and open fabric
The network’s potential attack surface is in constant flux. This is because the evolution of computing and networking continues to drive changes across critical business infrastructures. And also because network devices with unique vulnerabilities or specialized security requirements are constantly being added or removed to virtualized or cloud-based infrastructures. As a result, organizations require a security system that enables them see and adapt to those changes.
Think open, integrated and automated.
Widely distributed yet tightly integrated security, combined with automated response to events, is truly the only effective way to secure today’s networks. When security operates as a single system, scoping and analysis becomes accurate, resources are applied where they are effective, and new security insights are automatically discovered and addressed, anywhere across the distributed network.
All IoT Agenda network contributors are responsible for the content and accuracy of their posts. Opinions are of the writers and do not necessarily convey the thoughts of IoT Agenda.