We are living in extraordinary times. Digitisation is now a “must do” for organisations wishing to remain competitive. For many of our customers the internet IS their network, and the cloud IS their datacentre. The evolution of work has accelerated due to the COVID pandemic, forcing customers to adopt hybrid working models. Customer experience can be massively enhanced using digital technologies, as can operational efficiency. We are “connecting the unconnected” at a fierce pace, with some estimates suggesting that over 1 million new “things” connect to the internet every hour!! As we connect more things to our networks we generate more data, which if collected, analysed and acted upon properly represents an opportunity for our customers to gain business advantage.
Sadly, of course, whilst digitisation represents a fantastic opportunity for businesses, it also represents an opportunity for cyber criminals. Barely a week goes by without yet another high-profile cyber-attack hitting the mainstream media. In just these past few weeks we have had cyber-attacks which resulted in the closing down of the Colonial Pipeline in the eastern United States, affected operations at JBS - the world’s largest meat processing company, and a seriously impacted Irish NHS. Clearly, cyber-crime is reaching epidemic proportions, and it is incumbent upon the IT industry to provide the maximum protection possible to our customers.
Given our customers are massively reliant on digitisation to remain competitive, coupled with hyper mobile users accessing applications which are often hosted in multiple, public facing locations, and an ever increasing “attack surface” driven by the mass connection of the previously unconnected, is it any wonder that security is now very firmly a boardroom agenda item?
As previously stated, many of our customers are relying on the internet as part of their network, and cloud providers as part of their datacentre. In this environment, it has become increasingly difficult to identify a perimeter to which we can apply our security controls. These challenges have given rise to the idea of “zero trust” security, where we continually challenge users, devices, and applications to verify that they are who or what they say they are. In effect, identity becomes our perimeter. If we are going to use identity in this way, then it follows that we need to be able to police identity robustly. Simple username and password models are no longer adequate. Credentials are the primary means by which a bad actor hacks into an organization, with 61 percent of breaches attributed to leveraged credentials. 81% of the total number of breaches leveraged stolen or weak passwords.. We can address these issues via Multi Factor Authentication (MFA). MFA allows us to use two or more “factors” to identity a user, device or application. One of these factors may still be a password, although “passwordless” MFA is now starting to grow in popularity. This will then be supplemented by a second factor like biometrics, such as a fingerprint, retina scan or facial recognition. MFA makes it much harder for the cyber criminals to steal our identity and use it to breach our environments.
So, given the complex and challenging world in which we find ourselves, how should we address these concerns? Put simply, security is not an option. We must consider security to be a mandatory component of every project we undertake. You wouldn’t buy a new car, and then pop round the corner to have the seatbelts, airbags and locks fitted, and yet for a long time, this “bolt on” approach has been the norm for IT security. Part of the reason for this, as already stated, is that security is no longer an option, but on top of this, it makes little sense to deploy multiple security solutions that operate independently from one another, sharing little or no information. To use my previous example, if you are unlucky enough to be involved in an accident in your new car, the seatbelts will pre-tension, the relevant airbags will fire, and the doors will unlock. This is because these systems are fully integrated into the vehicle and interacting with one another to protect the occupants to the highest degree possible. Back in the world of IT, there is an increasing trend towards vendor consolidation. Having fewer security vendors in your environment and choosing vendors who are willing to cooperate with one another is an increasing trend. In fact, a 2020 Cisco Cyber security report stated that in 2018 54% of customers had fewer than 20 security vendors in their environment, by 2020 this had increased to 86%. Make no mistake - vendor consolidation is real, and it is our customers who are driving it.
We are seeing several trends in the industry which present great opportunities, but at the same time represent significant security challenges.
Firstly, the premise that “The internet is my network”. Given the rapid rise of technologies like SD-WAN, coupled with a dramatic increase in remote and mobile working, we are seeing more and more customers using the internet as a primary bearer. Whilst we can protect our “in-flight” data using encryption, we must also consider that having multiple sites, and / or users directly connected to the internet presents an opportunity for cyber-criminals to use these internet connections to gain access to our corporate environments. We can mitigate a lot of these threats through solutions such as “SASE” (Secure Access Services Edge), to provide a set of proxy security services between us and the internet.
Secondly, “The cloud is my datacenter”. Every single customer out there is using cloud services to one degree or another and this trend is accelerating massively. Whether it be IaaS services or full SaaS platforms, our users are making use of data and applications that are no longer solely housed in private datacentres. Again, we need to employ security technologies such as web firewall, MFA and Cloud Access Security Brokerage (CASB) to protect our users, data, and applications in these environments.
Thirdly, “identity is my perimeter”. Given the above factors, of highly mobile users, the internet as a primary bearer and cloud-based services hosted in multiple locations, it is virtually impossible to define a conventional perimeter. Employing a zero-trust model with robust multi-factor authentication allows us to use identity as our perimeter. If we can very reliably establish the identity of a user, device, or application, then it is far less likely that a cyber-criminal can gain access to our environments by pretending to be someone or something that they are not.
In closing, I think it is important to understand that there is no such thing as 100% effective security. All we can do is to take measures to make our environments as difficult to penetrate as possible. However, despite our best efforts, there will always be breaches. Given this, I would recommend that whilst it is important to concentrate on prevention, we must also have a plan for both containment and remediation. Containment is critical during a security incident, to mitigate its effects as far as possible. Time to detection is also a significant factor in this stage and remediation is equally important to get us back up and running as quickly as possible after an attack has taken place.
As you can see, security needs to be considered in every aspect of your infrastructure and regularly reviewed as threats and technology evolve. It's difficult for an organisation to keep abreast of these developments while running day to day operations, let alone plan for the day they get hacked. One of our consultants would be pleased to discuss with you how industry best practices can make your organisation a hard target, to keep ahead of the bad guys and help you plan for that bad day, week, month when the worst happens.