bacothelock -

IT security is broken: Six ways partners can help fix it

Many organisations have numerous non-integrated security point products installed across their enterprise, the management of which is a huge challenge. Here, we discuss how partners can help their customers to adopt a more holistic approach to security

It would seem that IT security has reached an interesting crossroads. Despite a proliferation of investment, only a quarter of business leaders across Europe, the Middle East and Africa (EMEA) are confident in their current cyber security, and less than a fifth are confident in the readiness of their people and talent to address security concerns, according to a recent VMware and Forbes Insights study.

How can partners in the channel help them fix this?

When you consider that across Europe, almost a third of organisations have in excess of 26 individual non-integrated security point products installed across their enterprise – each with their own user interface, management policies and skillset requirements – it’s not surprising that there’s a security headache on the horizon, this time of our own making.

Managing all these solutions is a huge challenge. Here, we outline six ways partners can turn their conversations with customers from spending even more on security point solutions, to adopting a new security strategy for their operations, their mobile workforces, their apps and their brand reputation.

1. Change the conversation from perimeter defence to how fast they can react

The existing 30-year-old model for IT security – secure the network perimeter with an ever-higher and thicker firewall, then plug any holes that appear due to new technologies (such as mobility, cloud, new devices and apps, software as a service, and so on) with point solutions – just doesn’t work in today’s businesses.

In the modern world, traditional security is either ineffective, or too complex, or too expensive, or too difficult to manage – and usually all of these together. Why? Because the attack surface being exploited by malware has dramatically increased. We need a new approach.

With the sheer volume of threats out there, security breaches are inevitable: what matters today is not spending all your budget on trying to prevent them, but how fast you can detect them and how quickly and effectively you can mitigate their effect.

Organisations need to move beyond pure endpoint detection and response, to a more holistic approach. VMware’s recent acquisition of Carbon Black, for example, signals a shift in the industry away from pure perimeter defence to looking at the “bigger picture” for enterprise IT security.

A change in philosophy is also as much about culture and collaboration as it is about technology and requires the breaking down of traditional silos of IT, security and other functions within the organisation.

2. Ensure customers can plan for the unknown

A key problem is that the industry is heavily focused on chasing threats, which are largely unknown in nature. This is putting more emphasis on the attacker than on the defender. But given the size and complexity of the threat landscape, this is an overwhelming task. We only know what is bad once we’ve found it – in practice, the sheer number of threats means that we don’t, indeed can’t, know what bad looks like before we’ve found it. Continuing to chase after bad is destined for failure.

“Security breaches are inevitable: what matters today is not spending all your budget on trying to prevent them, but how fast you can detect them and how quickly and effectively you can mitigate their effect”
Ian Jenkins, VMware

Even worse, the industry continues to invest the bulk of security research and development, time and innovation on the sort of reactive, “search for bad” solutions that we know are becoming less effective over time.

Being hyper-focused on reactively chasing threats means many organisations are increasingly underinvested in preventive security solutions – those that can shrink the attack surface and don’t solely rely on having to react to threats that are identified as bad.

Knowing what “good” looks like and being able to detect deviations from it – a thing every IT or security expert will fully understand – is much more effective. No one knows your apps, data, devices and user environment better than you – after all, you probably wrote and provisioned them in the first place.

It’s one reason organisations have to plan their IT security to accommodate the great unknown. They will not survive by reacting to a threat as it is defined today – the landscape is evolving too quickly. Any strategy that is reliant on knowing what the threat is upfront is already behind the curve.

3. Work with businesses to adopt an inside-out approach

Modern business is reliant on collaboration and connectivity. Security has to reflect this and needs to be designed from the inside out: inside the application, inside the network and at the user and content level.

Across EMEA, the traditional response to any security crisis is to spend more money on even more tactical point solutions. But with more than a third of organisations admitting to having 26 or more security solutions installed already (with some actually having more than 200), the response is becoming a problem in itself – one of management, skills and integration. To add insult to injury, they are becoming less effective – breaches continue to threaten even the largest and well-known companies.

It needs a new approach. Think of it this way: you’re the mayor of a city where houses are constantly under threat of burning down – do you continue to hire more and more firefighters or do you look at a way to make houses less flammable? Yes, in the short term more firefighters are essential, but for the long term, a different, preventative approach has to be adopted.

That’s really what we mean when we talk about intrinsic security – finding ways to design security into the applications and network from the start.

4. Use software to make the network and infrastructure intrinsically secure

But how do you make the network and infrastructure intrinsically secure? Given the complexities involved, the only answer is through software.

A software abstraction of the network and other infrastructure enables technologies such as micro-segmentation. This allows the virtual network to be segmented down to an extremely small and granular level, in fact down to the level of individual apps and processes. Since each micro-segment is by default isolated from other segments, this is functionally equivalent to surrounding each app with its own zero-trust firewall, allowing you to define through policy what connectivity the app can have. This mitigates the effect of breaches since malware can only propagate as far as the next micro-segment before encountering the next firewall.

Since this is all implemented in software, the security policies associated with micro-segmentation can be automated, allowing the management of a degree of complexity that would simply not be possible otherwise. Security through software can effectively be self-managed, removing the bottleneck of having expensive, inflexible hardware or error-prone human interaction.

Simply put, you no longer have to attempt the impossible and try to recognise an ever-worsening avalanche of new malware – instead, you can concentrate on the business, knowing security is fully baked in from the start.

5. Utilise the network as the vehicle to deliver the ‘new security’

Most organisations are in the midst of becoming fully digital. While this transformation promises to deliver new experiences for customers, employees and partners, it also gives rise to major headaches for IT and security teams because existing security paradigms are not designed to cope with such a diverse and complex environment.

“If we look at security as a fundamental, integrated part of the infrastructure, rather than trying to add it on to the perimeter, then we are enabling and future-proofing foundational technologies”
Ian Jenkins, VMware

Security needs a vehicle – the network is that vehicle. Why the network? John Gage of Sun Microsystems famously said a few years ago that, “the network is the computer”. Well, today it would probably be more accurate to say, “the network is the application”. 

Because modern applications are increasingly modular, existing as linked microservices, or running from multiple containers, or distributed between clouds, the single common denominator is that the modular elements of each app are all connected together by the network. It’s the common fabric that links everything together, so as it touches everything in the infrastructure, it’s also the perfect vehicle to deliver security to everything in the infrastructure with technologies such as micro-segmentation, service-defined internal firewalls and application-level whitelisting.

Because of this, and the need to transform both security and the network as part of digital transformation, networking and security are rapidly converging.

With infrastructure abstracted as software, you can build in security across the entire software stack using these principles, so when customers are deploying their applications across any cloud, any device, there is a common element that delivers these capabilities – the network.

6. From the cloud to the edge and beyond

Five years ago, the idea of edge computing seemed impossible – everything was about the datacentre. But much like the threat landscape itself, the capabilities of what computing can deliver is changing on an almost daily basis.

This has resulted in the power of the network taking over – allowing edge computing and the internet of things (IoT) to open up new opportunities for every data-driven industry.

The quantity of useful actionable data being generated near to where the sensors are – in cars, trains, planes, manufacturing machinery, washing machines, and so on – is so large that it simply isn’t possible any longer to transfer all this data back into the cloud for real-time processing. Edge computing is about processing this data close to its point of collection to allow its use in real time.

While we are only at the beginning of this revolution and don’t really know what’s beyond what we can see in the near future, two things are clear: we know the foundational software that’s being used to enable edge needs to be intrinsically secure, in and of itself, and using the network as the vehicle to achieve this.

If we look at security in this way – a fundamental, integrated part of the infrastructure itself, rather than trying to add it on to the perimeter – then we are enabling and future-proofing foundational technologies such as edge.

We now live in a world of way greater complexity, even compared with only five years ago, with more interactions, connected devices, sensors, dispersed workers and new models such as the cloud, all of which have created an exponentially larger attack surface for cyber threats to exploit. 

While this has raised questions of enterprises’ abilities to protect themselves in this more sophisticated digital age, it also provides an opportunity for partners to re-engineer the conversation with their customers.

Implementing a new intrinsic security, fit for the requirements of modern business today and into the future, is a unique opportunity for our partners in the market. 

Read more about edge computing


Read more on Firewall Solutions and Services