James Alliband at VMware Carbon Black explains why, in a world of rapid change, IT operations and cyber teams must work together to build security into cloud, devices and and applications.
In the current climate, maintaining business continuity has been a key priority for organisations worldwide. Likewise, re-evaluating security approaches has been crucial for survival, as COVID-19 forced businesses to make fundamental operational changes overnight to deploy a digitally dispersed workforce and migrate to private and public clouds. However, this rapid transformation has created multiple security challenges.
From accelerating threat prevention, detection, and response mechanisms, to unifying endpoint and workload security to simplify the environment, organisations globally have had to shift the balance from a reactive security posture to a position of strength. The demand for secure access to applications and data soared as we rapidly moved to a digitally distributed way of working and, as a result, 98% of C-suite professionals surveyed in the UK said the volume of attacks they faced had increased.
Defending a broader attack surface
As a result, cyber defences were placed under unimaginable strain. Security teams were tasked with handling hardware and software issues, managing remote devices, and allowing access to critical company resources, all while defending a much broader attack surface. With more employees working outside the traditional corporate environment, points of vulnerability became greater, providing an attractive space for bad actors to disrupt and extort enterprises. Attackers found new methods to penetrate defences and stay undetected. Some 88% of cybersecurity professionals reported increased phishing attacks relating to COVID-19, while new variants of ransomware were also released to stop companies in their tracks, as well as an influx of Denial of Service (DDoS) attacks.
Outside of navigating increased threats, organisations faced multiple new challenges, including managing security in a remote working environment and ensuring employee accessibility. To enable employees to remain productive, organisations had to provide continuous, secure access to applications across remote endpoints, all while tackling security awareness for employees working from home.
So, how have IT and security leaders across the world been dealing with these challenges? And how can organisations unify IT and security teams to alleviate this pressure going forward?
Many security teams have benefitted from moving back to the basics, simplifying and strengthening their security strategies.
Simplifying security strategies and going back to basics
To provide the flexibility and agility required in the modern environment, organisations had to build new elements into their security strategies, to fully leverage their infrastructure and control points while seamlessly securing data centres, clouds, and endpoints. Now, in this heightened threat environment, attackers have become too sophisticated in their methods to be averted by traditional endpoint security. Therefore, the more modern security technologies deployed, like Endpoint Detection and Response, which are internet or cloud native, were the ones that worked seamlessly as organisations pivoted to support a distributed workforce.
However, moving from in-office to remote working has required new security standpoints, and as a result, has forced businesses to move back to the fundamentals of security. Starting with internal accessibility, security teams had to start from ground zero and look strategically at their connections. For example, many organisations experienced a complete change in typical traffic volumes, with employees operating at different hours to suit their work-from-home lifestyles, which meant security teams had to rapidly alter their trigger points from a monitoring perspective.
Nonetheless, despite shifting security strategies, products cannot solve these problems in isolation. To alleviate the immense pressure of rapid adaptations, IT and security teams need to unite and work closer together. More than ever, businesses require an approach that makes security intrinsic and enables IT operations and security teams to integrate both strategically and tactically.
One obstacle which invariably challenges security teams is knowing who they should report to and how they can effectively collaborate with different teams, particularly IT. The challenge internally can be difficult, however some level of cross-pollination of employees across different teams can work well. For example, someone in security can work in an adjacent function of the business that they have expertise in. Building bridges with other departments and being able to talk to each other is always beneficial.
Towards cloud transformation and application modernisation
COVID-19 has radically changed the pace of innovation across many industries, with decisions like moving to cloud accelerating, after previous months and years of deliberation on infrastructure upgrades. However, such sudden transitions are not without complexity, with security teams having to adjust to the vast amounts of data now available.
Here it is important for organisations to start with this data and identify its meaning; getting more context is critical for enriched visibility into the network environment. Capturing more data allows more context, so teams should work on putting this in place where it is accessible. Then layer over the top the ability to drive down into the core data elements.
In an era of cloud applications and mobile users, organisations should prioritise their controls and rethink how they get that all-important visibility. While there is no magic wand to dissolve legacy technology, uniting teams will help to protect the business from threats – likewise prioritisation will help. By prioritising certain areas, security teams will be better positioned to overcome obstacles and navigate the current environment.
Here are four top tips that our CTO Scott Lundgren recently shared at our CISO roundtable:
- Accelerate the work you’re doing around security tooling to enable both the security team and the engineering team with a single set of tools, tailored for each department. This can make everyone work together more simply.
- Recognise the importance of basic cyber hygiene. Understand what is installed and what's not, where devices are and where they're not. It's easier said than done, yet it is the foundation of any security strategy.
- Get the required visibility into your systems. If you don't have the right visibility, then you can't even begin to have efficiency because you're completely blind and chasing threats that don't exist.
- Understand the consequences of your decisions. We often talk about specific technologies and specific product capabilities and, while they're important, if they don't tie the whole system together, it doesn't work. Also understanding what the big decision points are and the multiple consequences is important for the future of security.
In light of the new working environment, it is impossible for any organisation to say that they are truly secure. Here at VMware Carbon Black we spend a lot of time trying to convince others that 100% security is not the goal, nor is it attainable. However, by putting the right foundations in place – including gaining visibility into the environment and shifting security to cloud - organisations can create a platform for success.
It is time to unify endpoint and workload security to simplify the environment and build security intrinsically across applications, clouds, and devices. This will bring together IT operations and security teams to tackle new threats and eliminate blind spots to deliver better visibility and proactively address vulnerabilities before they become breaches or attacks, shifting from a reactive security posture to a position of strength.
Main image courtesy of iStockPhoto.com