Changing priorities in a new IT security landscape

The COVID pandemic has forced many enterprises into a rethink of their IT security strategy. The security landscape has changed as new working patterns open up new holes in corporate defences. We’ve seen, for example, the accelerated digitalization of business processes, increased reliance on mobility and a major ramping up of migration to cloud computing, all of which have security implications. Add to that an ever-present shortage of IT security expertise and a regulatory regime that continues to increase pressure on CISOs and we appear to have a major headache on our hands over the next few years.

 

So what are the priorities? Let’s examine some of the things that enterprise security managers will need to have on their minds:

 

  • Better automation – If it’s hard to recruit the security professionals you need then you only really have one choice: to rely more on automation and AI. Security process automation works on pre-defined rules and templates, allowing security provisions to be faster and more responsive as well as more scalable and accurate. If CISOs get this right then they end up not only with better protection but also with the human element of their defences deployed not on boring repetitive work but in tasks that call on their experience and judgement.
  • Protection at enterprise level – The last thing enterprises need in this era of high-profile ransomware attacks is a series of point solutions deployed across the organisation in siloes. Security needs to be a board-level responsibility designed to safeguard digital business initiatives across the organisation. If all these siloes can be united into a centralized organizational and governance model then you end up not only with better security but something that is actually a business enabler as well.
  • Security that is all about the customer experience – The modern digital enterprise has a variety of channels and touchpoints through which they interface with their customers. These range from social media to e-commerce, and at every stage these touchpoints have the power to influence how the organisation is seen by customers. Security must help customers to feel safe and secure in their transactions while not creating friction. Security should be seen as one of the key battlegrounds for gaining competitive edge in the digital economy of the future.
  • It’s all about the network – Enterprise connectivity needs to be in the vanguard of protection against attack, not a weak link in the chain. In the age of cloud that means network security that was created in the cloud and designed on cloud-first principles. That might be secure access service edge (SASE) technology that allows organizations to protect remote and mobile workers and cloud applications by routing traffic through a cloud-based security stack. It certainly won’t be based on the kind of legacy standards that enterprises have been relying on for decades. Their day is done.
  • Trust nothing – A weak link in the corporate shield can take many forms. Not all of them are obvious. If you are allowing people to plug in their own devices to your network, or if you are running thousands of IoT devices on your network, then any one of those nodes could be a vector for attack. An insignificant security camera in a minor retail branch could be a gaping hole if correctly exploited by a criminal. That means Zero Trust network access technology. Zero Trust enables enterprises to, for example, control remote access to specific applications, making those applications invisible from the Internet.

 

These issues are many others that relate to security will be discussed in the following event:

The distributed superfortress: securing tomorrow’s IT infrastructure

The distributed superfortress: securing tomorrow’s IT infrastructure

 

The event will be chaired by Jeff Wilson, Chief Analyst, Cybersecurity Technology with Omdia. It will also feature the following expert panellists:

Gail Coury, Senior Vice President and Chief Information Security Officer, F5 Networks

Darren Anstee, CTO for Security, NetScout

Craig Connors, VP and CTO for Service Provider and Edge, VMware

TK Keanini, Chief Technology Officer (CTO), Cisco Security

 

By Guy Matthews, Editor of NetReporter

Call for Papers

  • About You

  • About Your Paper Submission