It would seem that IT security has reached an interesting crossroads and, despite a proliferation of investment, only a quarter of business leaders across the region are confident in their current cybersecurity, according to a VMware and Forbes Insights study. Ian Jansen van Rensburg, Senior Systems Engineer and Lead Technologist at VMware looks at how partners in the channel can help fix it.
It’s not surprising that there’s a security headache on the horizon, but this time of our own making. Just the management of all these new solutions is a huge challenge.
Here are six ways that can help partners turn their conversations with customers from spending even more on security point solutions, to adopting a new security strategy for their operations, their mobile workforces, their apps and their brand reputation.
Change the conversation from perimeter defence to how fast they can react
The existing 30-year-old model for IT security – secure the network perimeter with an ever-higher and thicker firewall, then plug any holes that appear due to new technologies (such as mobility, cloud, new devices and apps, SaaS, etc) with point solutions – just isn’t doesn’t work in today’s businesses.
In the modern world, traditional security is either ineffective, or too complex, or too expensive, or too difficult to manage, and usually all of these together. Why? Because the attack surface being exploited by malware has dramatically increased. We need a new approach.
With the sheer volume of threats out there, security breaches are inevitable – what matters today is not spending all your budget on trying to prevent them, but instead, how fast can you detect them and how quickly and effectively you can mitigate their effect. Organisations need to move beyond pure endpoint detection and response, to a more holistic approach. VMware’s recent acquisition of Carbon Black, for example, signals a shift in the industry away from pure perimeter defence to looking at the ‘bigger picture’ for enterprise IT security.
A change in philosophy is also as much about culture and collaboration as it is about technology and requires the breaking down of traditional silos of IT, security and other functions within the organisation.
Ensure customers can plan for the unknown
A key problem is that the industry is heavily focused on chasing threats, which are largely unknown in nature – this is putting more emphasis on the attacker than on the defender. But given the size and complexity of the threat landscape, this is an overwhelming task. We only know what is bad once we’ve found it – in practice, the sheer number of threats means that we don’t, indeed can’t know what bad looks like before we’ve found it. Continuing to chase after bad is destined for failure. Even worse, the industry continues to invest the bulk of security R&D, time and innovation on the sort of reactive, ‘search for bad’ solutions that we know are becoming less and less effective over time.
Being hyper-focused on reactively chasing threats means many organisations are increasingly underinvested in preventive security solutions – solutions that can shrink the attack surface and don’t solely rely on having to react to threats that are identified as ‘bad’. Knowing what ‘good’ looks like and being able to detect deviations from it – a thing every IT or security expert will fully understand – is a much more effective. No one knows your apps, data, devices, and user environment better than you – after all, you probably wrote and provisioned them in the first place.
It’s one reason organisations have to plan their IT security to accommodate the great unknown. They will not survive by reacting to a threat as it is defined today – the landscape is evolving too quickly. Any strategy that is reliant on knowing what the threat upfront is already behind the curve.
Work with businesses to adopt an inside-out approach
Modern business is reliant on collaboration and connectivity. Security has to reflect this and needs to be designed from the inside out: inside the application, inside the network and at the user and content level.
The traditional response to any security crisis is to spend more money on even more tactical point solutions. But with more than a third of organisations admitting to having 26 or more security solutions installed already (with some actually having more than 200), the response is becoming a problem in itself – one of management, skills and integration. To add insult to injury, they are becoming less and less effective – breaches continue to threaten even the largest and well-known companies and it needs a new approach.
Use software to make the network and infrastructure intrinsically secure
But how do you make the network and infrastructure intrinsically secure? Given the complexities involved, the only answer is through software.
A software abstraction of the network and other infrastructure enables technologies such as micro-segmentation. This allows the virtual network to be segmented down to an extremely small and granular level, in fact down to the level of individual apps and processes. Since each micro-segment is by default isolated from other segments, this is functionally equivalent to surrounding each app with its own zero-trust firewall, allowing you define through policy what connectivity the app can have. This mitigates the effect of breaches since malware can only propagate as far as the next micro-segment before encountering the next firewall.
Since this is all implemented in software, the security policies associated with micro-segmentation can be automated, allowing the management of a degree of complexity that would simply not be possible. Security through software can effectively be self-managed, removing the bottle neck of having expensive, inflexible hardware or error-prone human interaction.
Utilise the network as the vehicle to deliver the ‘new security’
Most organisations are in the midst of becoming fully digital. While this transformation promises to deliver new experiences for customers, employees and partners, it also gives rise to major headaches for IT and security teams because existing security paradigms are not designed to cope with such a diverse and complex environment.
Security needs a vehicle – the network is that vehicle.
Because modern applications are increasingly modular, existing as linked microservices, or running from multiple containers, or distributed between clouds, the single common denominator is that the modular elements of each app are all connected together by the network.
It’s the common fabric that links everything together, so as it touches everything in the infrastructure, it’s also the perfect vehicle to deliver security to everything in the infrastructure with technologies such as micro-segmentation, service-defined internal firewalls and application-level whitelisting. Because of this, and the need to transform both security and the network as part of Digital Transformation, networking and security are rapidly converging together.
With infrastructure abstracted as software, you can build in security across the entire software stack using these principles – so when customers are deploying their applications across any cloud, any device – there is a common element that delivers these capabilities – the network.
From the cloud to the edge and beyond
Five years ago, the idea of edge computing seemed impossible – everything was about the data centre. But much like the threat landscape itself, the capabilities of what computing can deliver is changing on an almost daily basis.
This has resulted in the power of the network taking over – allowing edge computing and IoT to open up new opportunities for every data driven industry. The quantity of useful actionable data being generated near to where the sensors are – in cars, trains, planes, manufacturing machinery, washing machines, etc – is so large that it simply isn’t possible any longer to transfer all this data back into the cloud for real-time processing. Edge computing is about processing this data close its point of collection to allow its use in real-time.
While we are only at the beginning of this revolution and don’t really know what’s beyond what we can see in the near future, two things are clear – we know the foundational software that’s being used to enable edge needs to be intrinsically secure, in and of itself, and using the network as the vehicle to achieve this.
If we look at security in this way – a fundamental, integrated part of the infrastructure itself, rather than trying to add it on to the perimeter – then we are enabling and future-proofing foundational technologies such as edge.
We now live in a world of way greater complexity, even compared to only five years ago, with more interactions, connected devices, sensors, dispersed workers and new models such as the cloud, all of which have created an exponentially larger attack surface for cyberthreats to exploit. While this has raised questions of enterprises’ abilities to protect themselves in this more sophisticated digital age, it also provides an opportunity for partners to re-engineer the conversation with their customers.
Implementing a new intrinsic security, fit for the requirements of modern business today and into the future, is a unique opportunity for our partners in the market.