The demand for digital innovation (DI), driven by shifting markets, evolving consumer expectations and digital competition, has done far more than just transform networks. It has completely changed the organisation, including how lines of business are structured, how teams and individuals collaborate, where and how employees work, how success is measured and how leaders execute against business objectives.
One of the most profound changes has been the increased reliance on applications to support every aspect of the business. This has led to a number of critical structural changes, such as the adoption of cloud-based infrastructures, the adoption of SaaS applications and services and the need to provide fast, flexible and secure connections to these resources to any user on any device in any location. The COVID pandemic accelerated the adoption of innovative work-from-home solutions to accommodate the need for social distancing while maintaining business operations. Others, such as implementing network upgrades or expanding network edges, are designed to improve a company’s efficiency and customer experience.
However, this need to compete in today’s digital world also means that many of these business-critical initiatives can only be realised by deploying new systems and solutions. But deploying new devices as part of a DI initiative also increases the complexity of network environments and creates new security and operational complexities that open up an organisation to new cyber risks.
Part of the problem occurs when a security team attempts to address new risks, especially in a new edge environment, by deploying point security products inside the growing digital attack surface. However, the additional complexity associated with monitoring and managing these point solutions, exacerbated by new data protection regulations, actually fragments visibility and reduces control, leaving security teams less prepared to protect the organisation against new cyber threats, especially those that utilise a multi-vector approach.
When DI initiatives add new devices and work locations to the distributed network, they not only expand the organisation’s attack surface but they can also introduce new holes in the security framework. These new systems and solutions typically include Internet-of-Things (IoT) devices, mobile devices, distributed cloud computing, new branch locations and home offices.
Each one of these introduces new threats that have to be monitored and responded to by security teams. IoT devices often use insecure protocols that can’t be patched and default passwords that are targeted by malware. Mobile devices commonly hop between being on- and off-network, potentially dragging malware with them behind the corporate firewall. And home offices often include older, unpatched devices that can be easily exploited and used as conduits back into the corporate network. When these solutions are protected with different, isolated point security products, it can be impossible to deploy, manage and ensure consistent policy enforcement or to correlate threat events across the network.
Cloud computing, for many organisations, is especially challenging, as nearly three-quarters of cybersecurity professionals have trouble understanding the foundational cloud shared responsibility model. Next-gen branch networks expand security requirements as each new location has devices that must be secured. And for organisations increasingly relying upon latency-sensitive Software-as-a-Service (SaaS) applications, relying on traditional connections to apply corporate security solutions also means routing all traffic through the headquarters network, impacting user experience and the bandwidth required to scan these applications for malware simply exacerbates the problem.
Similarly, telework introduces new challenges, such as relying solely on VPN connections to provide security. VPNs do not inspect traffic. A compromised home network simply means that a VPN provides a secure tunnel through which bad actors can inject malware into the corporate network. Monitoring and securing these new devices and environments often requires specialised security tools, increasing the workload overhead on security teams.
At the same time that networks are being transformed, the cybercrime industry continues to grow. Overburdened security teams, stretched thin across the expanding attack surface and suffering from the cybersecurity skills gap, are often unable to keep up. Deploying “best-of-breed” standalone cybersecurity solutions to address each potential attack vector as it is discovered simply makes the problem worse. Recent research shows that IT teams now have an average of 45 security solutions deployed across their networks. Rather than enhancing security, this level of vendor and solution sprawl actually diminishes their ability to not only detect, but also defend against active attacks.
Complicating this problem further is the lack of integration between these tools. This means security teams must manually collect, aggregate and analyse data from multiple platforms to gain the context required to detect and remediate threats on their networks. Leveraging expert security analysts might save time by collecting only a subset of significant data. But such experts are hard to find when a cybersecurity skills gap of over 3 million unfilled positions has left organisations understaffed and existing teams overworked. The addition of new devices and solutions that require manual security processes absorb essential time from security teams. And this is made worse because these manual correlation processes do not scale with the frequency and complexity of cyberattacks.
To address these challenges, CISOs must create security strategies and deploy solutions capable of providing scalable, integrated security that provides broad visibility and enables automated threat detection and response across their organisation’s security architecture.
This starts by deploying an expansive security platform designed to function seamlessly within and across different environments. This platform should serve as a central point of control for seeing, managing and orchestrating a suite of fully integrated solutions deployed at every edge. And it should support common standards and APIs to connect existing solutions into a single security framework.
By converging networking and security, CISOs can ensure that dynamic changes to the network are automatically protected without impacting performance or productivity, ensuring the best user experience for employees and customers alike. A zero-trust access strategy helps ensure secure access to protected resources, identify unmanaged devices and monitor for unusual behaviours across a highly distributed workforce. An adaptive cloud security protects applications and infrastructure in and across cloud environments, as well as extends security to users both on and off the network. When all of these systems are working together and sharing a common threat intelligence framework, real automation can be put into place to detect events, conduct an investigation and coordinate a system-wide response without requiring human intervention. Which means your security team can focus on strategic solutions for DI initiatives.
Digital innovation and rapidly adopted realities like remote work have led to a complex and expansive digital attack surface that threat actors are taking full advantage of. By integrating security into every facet of the network, CISOs can ensure that their team dynamically adapts to challenges and remains agile in the face of adversity. Breaking down the traditional walls between network and security and creating a more integrated and automated fabric ecosystem should be top of mind for CISOs who need to be prepared for any eventuality in order to thrive in the new digital marketplace.
By Renee Tarun, Deputy CISO and Vice President Information Security at Fortinet