You are one-click away from a cyber-attack!
James Comey once said (or was it Dmitri Alperovitch the founder of Crowdstrike in 2011) “There are only two types of companies—those that know they’ve been compromised, and those that don’t know.”
Cybersecurity has long been a top priority for IT organizations for as long as networks have existed. Long gone are the days (and I remember them well) where you would put a public IP on the internet. The client-server era brought to us more access and even more need for security. The digital transformation revolution in today’s increasingly complex, mobile, IoT, multi-cloud environments, has made it even more important than ever to maintain security and compliance across the infrastructure. The stakes are high and cybercrime “could cost companies $5.2 trillion over next five years”.
So how can you be sure your environment is prepared for today’s threats and vulnerabilities?
Let’s take a look at my top 10 cybersecurity concerns for 2019.
1) Integrate endpoint security (MDM, EMM, and UEM) with identity management (IDaaS). In a world of multiplying, diverse endpoints, Identity as a Service (IDaaS) is now essential. Password management is archaic—if your master password is hacked, everyone gets access to all your passwords and all your accounts. I often joke that we are moving to a “Minority Report” world where biometric security is etched into everything. Facial recognition and fingerprint logins will increasingly be the true source of identity management with endpoints enforcing compliance.
2) Start taking IoT security serious. IoT is making everyone’s lives easier, but we’re already hearing reports of Nest video cameras being hacked, and security concerns on voice-activated assistants. As all the devices in our personal and work environments become more connected, securing them is ever-more critical. Anything connected to the internet can potentially be hacked and these appliances, thermostats, smart switches, and other systems connect to the cloud, were not designed with security in mind.
3) Insert threat analytics services everywhere. The digital infrastructure is becoming increasingly complex, spanning endpoints, the IoT, the network that the information travels over, and infrastructure services—on premises and in the cloud. Security the interaction between user and data is becoming increasingly complex. The data passing through any of these layers is becoming even more vulnerable to hacking. Ensuring data security and integrity from the moment a device or user interacts with data in use, at rest and in transit at every layer of the digital infrastructure cannot be underestimated.
4) Deploy a multi-layered cybersecurity approach. As the infrastructure becomes more complex, it’s becoming clear that you need a comprehensive, multilayered approach to cover everything. One size definitely does not fit all, and the days of believing that a firewall or other point product could provide sufficient protection are gone. Your security strategy and solutions must encompass all your endpoints, IoT devices, the networks they traverse, your applications, and your services and data repositories—both on premises and in the cloud. My thoughts are that you need to modernize, scale and automate security. I will discuss this topic more later but, in a nutshell, the digital transformation strategy and your security strategy must align. In my opinion your IT infrastructure needs to have 3 core features:
- Modernized: Identity management, endpoints, IoT, networking, apps, data, virtualization, infrastructure, you name it can’t be archaic. User access, networks, data needs to be built around biometrics, mobility and the cloud.
- Scalable: One size doesn’t fit all, and your security strategy must scale in or out depending on your needs.
- Automated: whether its encryption, remediation or even backup and recovery every process needs to be automated. What good is an alert or error message if you can’t react to it in real-time.
5) Get security insights and analytics from your cloud services including SaaS apps. The flexibility and cost benefits of the cloud are appealing, but as more organizations move to the cloud, they’re also losing control and insight into what’s happening with their data. Cloud Access Security Brokers (CASBs) and cloud analytics will become even more important for maintaining compliance, especially in highly regulated industries. Most SaaS apps don’t even offer any insights at all, and that’s going to be critical to address to ensure governance and compliance.
6) Integrate technologies throughout digital infrastructure for better security insights. Delivering software services to users is a multilayered process. It includes everything from identity management services, enterprise mobility management, IoT services to network virtualization, application virtualization, desktop and server virtualization, data management, you name it. Protecting one component is not enough in today’s threat landscape. You need integrated, context-rich security at each layer. If a user is compromised connecting to an application, that application should be able to alert the network to react to that threat. Security requires introspection all the components from the moment a user logs in how they interact with data. The infrastructure will need more content and intelligence throughout that interaction.
7) Network security must be integrated with everything with an IP address. How do implement security at every level of a user’s interaction? When you consider the entire digital infrastructure, there is one common component: networking. The network is the only thing that touches every piece of your infrastructure. That’s why software defined networking must be integrated throughout the entire infrastructure. John Maddison at Fortinet in a CSO Online article said “Integration is Key” and “Endpoints Are NOT “Other.” They are part of your network.”. According to IDC, “As the disruption of industries ramps up and devices become more connected than ever before, the ability to ensure trust and privacy across all interactions will become key to remaining competitive in the digital era.”
8) Encrypt data at all levels (for data at rest, in motion and in use). The data security triad: encrypting data at rest, in transit, and in use, across the entire infrastructure. It’s no longer sufficient to encrypt only data at rest. You need to encrypt data from the moment a user logs on, and wherever they are manipulating data. Key management (KMIP) integration will become a standard as we become more software-defined. Enough said.
9) Stay ahead of evolving compliance requirements and certifications.Compliance requirements continue to escalate, as organizations grapple with new regulations and standards like FIPS, GDPR, Derived Credentials, and Common Criteria, the NIST cybersecurity framework, and many other. One key area of cybersecurity that should not be overlooked is data recovery. More than 85% of companies have experienced a cyber breach in the past three years, according to a recent report by global management consulting firm A.T. Kearny. It’s likely you’re going to get hacked, so consider your strategy for how you will recover data that has been compromised, deleted, or corrupted.
10) Consolidate your security strategy for your digital infrastructure. Digital transformation has introduced powerful new capabilities into the network, but it has also added tremendous complexity. How do you simplify that cybersecurity strategy? The basic model is not all that different from home security. For home security you may have a complicated mix of cameras, locks, garage door openers, cameras, and sensors, but mobility and the cloud lets you bring them all together to see and control everything on a single dashboard. A environment built on the key tenants of mobile and cloud can provide the foundation you need to do the same on your business infrastructure.
One thing for sure is that cybersecurity will change…and we will need to adapt. The concerns of this year will be different next year. And in the end your IT environment will need to be modern to utilize the strengths of mobile and cloud, able scale to meet the demands of an ever-shifting digital landscape, and automatically respond to cyber-attacks or security lapse.
Stay secure my friends.