The power of data fabric

Marc Lueck at Zscaler argues for the role of data fabric for security in achieving national infrastructure security  compliance

 

As autumn rapidly advances, so too does the deadline for the upcoming Network and Information Security 2 (NIS 2) Directive, which came into force in October 2024. Aimed at ensuring a common high level of cyber-security resilience across key sectors such as energy, transportation, and digital infrastructure, the Directive’s expanded scope includes stringent cyber-security requirements, mandates for cyber-incident reporting, and potential (personal) fines.

 

However, a common misconception is that NIS2 only applies to European businesses. What’s important to remember is that the directive also has an impact on any multinational organisation that is doing business within the EU. Essentially, NIS2 compliance might be necessary for companies that support European organisations, even if they aren’t based in a country that is part of the EU themselves. 

 

Alongside this, the UK is simultaneously making changes that are very similar to NIS2. For instance, the UK is extending NIS2 regulations to include supply chain and critical service providers, which is very similar to the EU law. The legislation in the UK is an updated version of Network and Information Systems regulations from 2018 that’s still relevant and is a requirement to meet for companies that continue to do business with European organisations.

 

So, while they might not be similar in terms of name, the two pieces of legislation are certainly similar in nature, as they both strive to ensure that good security practices are maturing. 

 

Organisational compliance

When we spoke to IT leaders about their NIS2 approaches earlier this year, 80% told us that they feel confident their organisations will be compliant by the deadline. But only 53% believed their teams fully understood the scope of the regulation obligations – casting doubt on such confidence. 

 

What they did collectively understand was that the latest directives represent a significant departure from their current security strategies and that tools and services are going to be critical to its successful implementation – both in terms of achieving and proving it. 

 

Compliance efforts inevitably require complex and cumbersome data measurement and collection practices – largely done manually – which require enormous amounts of time and lead to inconsistent outcomes. As more organisations look to tools to reduce this manual lift, however, they also risk the very compliance efforts they are undertaking. The issue? How do you achieve compliance when the tools you need to prove it are feeding the confusion thanks to the overwhelming amount of data they too generate?

 

Sprawling security data 

Regulations aside, today’s organisations are already suffering from serious security data sprawl – with information scattered across a host of different tools. The multitude reasons for this include the proliferation of distributed and siloed data repositories on premises and in the cloud, the use of multiple formats and sources for structured and unstructured data, the rising tide of data privacy regulations that make protecting data painstaking and time-consuming, and outdated approaches to data management.

 

With every cyber-security tool focused on its particular domain, organisations lack a single source of truth about both the entities involved across their systems (i.e. users, assets) and their overall risk (or in this case level of compliance) as a result. What they need instead is a consolidated source of information, architected to correlate millions of data points, and then provide not only a single risk/compliance profile view, but also the necessary context to prioritise a response and determine the best course of remediation. 

 

Enter data fabric 

The answer to delivering against this challenge lies in adopting a data fabric for security architecture – a design concept that enables organisations to unify, deduplicate, normalise, and contextualise data from a wealth of potential connectors (owned and third-party), and then transform it into a comprehensible and actionable format. 

 

As required, a data fabric provides a single, aggregated, deduplicated, and harmonised data set that security leaders can use to prioritise risk, deliver ready reports and dashboards, and automate remediation workflows. 

 

Where traditional data lakes often fall short in their data delivery – acting solely as repositories for unstructured data with little to no actionable insights – a data fabric not only provides a single source of truth but also empowers security teams to ask targeted questions and receive accurate answers. This means no more tedious attempts to manually stitch business logic and data elements together in spreadsheets. Consequently, Gartner estimates that the use of data fabric could cut data management efforts by up to 70% and speed time to value.

 

Stitching together a successful data fabric

So far, so compelling. But you can’t just stitch together random architectures when it comes to successful data fabric. Unlocking the benefits of a true data fabric requires a targeted three-phased approach.

 

Phase 1: Building the data foundation – A robust data ingestion capability and strong entity resolution engine are two of the most critical starting components of a successful data fabric – enabling organisations to collate data from any system and then accurately identify and correlate all the assets (including duplicates), vulnerabilities, and risks across multiple sources. 

 

Phase 2: Analysing data – Once the data fabric has resolved all the entities, it can then correlate insights across the various data points that indicate where action might be required to ensure compliance or protection. For example, if a scanner reports on vulnerabilities across a set of endpoints, but the endpoint detection and response platform is missing some of those endpoints, the data fabric will identify those gaps in coverage. 

 

Phase 3: Operationalising data – The ultimate goal, of course, is to be able to act on all the analytical findings the fabric creates. Operationalising these findings includes activities such as creating reports and dashboards to allow for more informed and rapid decision-making, measuring custom key performance indicators to understand real-time risks, triggering missing data hygiene steps such as updating an organisation’s configuration management database, and automating remediation workflows via ticketing systems.

 

Building on data fabric and beyond

While current data fabrics provide the foundational capabilities of data handling – ingestion, analysis, and actions – as vendors like Zscaler weave in more and more applications, the possibilities are endless. Imagine having a single pane of glass where you can see the impact of every security decision in real time, across all your tools and data sources. This comprehensive visibility is crucial for effective risk management, strategic decision-making and proving ongoing compliance with regulations like NIS 2 and its future iterations.

 

In the realm of cyber-security, the ability to quantify and dynamically manage risk effectively is paramount. We believe that by leveraging the power of a data fabric, organisations can achieve greater security, efficiency, and resilience in the face of ever-changing cyber-threats.

 

---

 

Marc Lueck is CISO-in-Residence at Zscaler 

 

Main image courtesy of iStockPhoto.com and zhengzaishuru