For enterprises, 2020 can best be described as the ‘year of change.’ A recent survey by IBM revealed that most global businesses (6 in 10) accelerated their digital transformation plans due to the Covid-19 pandemic. Numerous organisations needed to rapidly adopt cloud-based services to streamline operations and meet the needs of a distributed workforce. Yet, many did not consider the implications of the technology and the transition to it. By implementing completely new technologies almost overnight, many security teams found themselves unable to fully secure their massive, fragmented networks and maintain a holistic view of attack surfaces.
There is no doubt that digital acceleration will help companies push innovation, optimise operations and achieve competitive advantages. However, if CISOs and their security teams don’t take a step back and spend time getting their networks in check, there could be unforeseen security issues further down the line. With the attack surface continually expanding and the sophistication of cyber-attacks growing, this will only add to the problem.
Understanding risk levels
The sudden proliferation of widely distributed workforces and an increase in cloud-native solutions and devices connected to corporate networks have increased risks across enterprises globally. There are challenges inherent to home networks, which are not as secure as those situated within traditional corporate environments. Previously, employees were the only concern in terms of internal threats. Now, anyone sharing the home network could theoretically be able to create new risks to corporate assets. According to Skybox Security research, a third of C-level executives believe a significant portion of their workforces will not return to the office in the next few years. Hence, the security risks introduced by remote workers will prevail. That is why it is essential for organisations have a thorough knowledge of their attack surface and possible exposure to vulnerabilities.
Businesses must strike a balance between mitigating that risk without negatively impacting business functions. By uniting security policies and analytics, security stakeholders can smartly use data from their complex layers of security, networking and cloud technologies to secure across the modern enterprise. This will empower them to gain complete context of their networks and systemic risk. Simultaneously, it will help them to establish more holistic security strategies for future digital transformation initiatives.
Keeping pace with change
Whether it is keeping pace with digital acceleration or managing a hybrid remote workforce, the ‘new normal’ will require more agility and change than ever before. But security policy alterations cannot be rushed. They should be adequately analysed and properly deployed without introducing new risks.
To get there, security and network teams should utilize context-aware change management that ensures new security policies are adequately analysed and properly deployed without introducing new risks. At the same time, CISOs must confirm all regulatory and compliance-related benchmarks are still being met. Good visibility provides the foundation needed to innovate without introducing the organisation to undue risk.
Make faster, more informed decisions
As businesses grow, the number of staff and internal applications will increase in complexity. According to Gartner, by 2021, 75% of midsize and large organisations will have adopted multi-cloud or hybrid strategies. This will make networks even more convoluted, so getting a handle on network topology should be a priority before it gets out of control. Therefore, strategies should be put in place to improve communication between people, technologies and processes.
With a more unified view of the network and its inherent security policies, businesses can better navigate across organisational silos and disparate technology systems. With improved visibility, security teams can quickly map out and close vulnerabilities while validating rapid configuration changes. These are often stumbling blocks when it comes to digital transformation efforts. In doing so, CISOs and their respective security teams can keep pace with an ever-dynamic network perimeter. They will also be armed with necessary insights to make more informed decisions and drive critical digital transformation efforts. Worrying if they have taken all potential risks and vulnerabilities into account will be a thing of the past.
In an ecosystem where constant change is now the norm, businesses should immediately take stock of their security networks. If any mistakes inadvertently slipped through due to frantic attempts to ensure business continuity during the pandemic, now is the time to uncover them. They will only become more entrenched otherwise. If CISOs can get their security posture in check, a solid foundation for future growth and stability can be realised.
Author: Gidi Cohen, CEO and co-founder, Skybox Security