We have learned the value of self-assessment to identify cybersecurity risk. Once those assessments are completed, security teams must take action on the agreed-upon findings. Most likely, one of those findings will require the team to think about how to increase the effectiveness of one or more of the controls implemented in on-premise or cloud computing environments. With this in mind, we will examine how to establish a more effective security position.
In 2020, Gartner forecasted, “By 2021, 50% of enterprises will unknowingly and mistakenly have some Infrastructure as a Service (IaaS storage) services, network segments, applications or APIs directly exposed to the public internet, up from 25% at year-end 2018. Through 2023, at least 99% of cloud security failures will be the customer’s fault.”[1] This is a daunting prediction that reminds us that despite increased spending on larger security teams, more security tools, and increased automation, enterprises continue to struggle to get their security right.
To understand the basis of the struggle, let’s first explore how we got here…
We created a paradigm that we codified in policy and architecture that was invented when computers, data storage and people were largely on-premise. Our servers lived in our data centers so blocking threat actors from the data center was critical to success. Some called this era the "crunchy exterior shell architecture" phase. Our people operated from corporate headquarters and branch LANs, so we hardened access between sites as well as access points to the network at sites. This became the defense in-depth architecture phase - which left us with an explosion of firewalls. It took some time before tools allowed us to centrally manage policy to both see and manage changes without logging into to every firewall and router individually. This became the "centrally managed phase".
So, we focused on keeping the software current to capture new attack signatures and centralizing policy updates to reduce the risk Gartner1 warned us about. As IaSS became more common, we leveraged APIs, open-source code, and automation packages to reduce time spent in maintenance windows. This allowed us to manage the burgeoning number of hardware firewalls with relatively small teams. But when errors occurred in an update, things could go wrong in a hurry.
Accelerating use of SaaS continues to make configuring security systems correctly more challenging. Employees working from home over VPNs are accessing sensitive data, business SaaS services, and public websites from the same machines in the normal course of their work functions. Consumerization of IT leads to new SaaS services being added by individual employees frequently and with no notice. Automated workflows are increasing use of embedded web links in routine email.
The continuation of the journey to the cloud brings additional security configuration challenges. Applications running from the cloud are calling APIs hosted by third-party, public websites as well as those hosted by on-premise systems. The pace of feature development is accelerating, putting additional pressure on security teams to keep security configurations correct.
How do we move forward to a more effective security posture? It turns out there is a winning strategy. The cloud-based security systems augmenting and centralizing policy control help us move toward a more effective security position. The benefits far outweigh the effort of transition and will become table stakes as enterprises rationalize their aging premise-based systems, continue their journey to the cloud and cloud-native applications, and extend further into third-party supply chains and SaaS services.
Cloud-based security systems allow us to plug the holes created by having premise-only systems or two independent systems that lack the ability to process threat activities across domains. Security teams benefit by having one set of tools managing policy and reporting across all regions.
The distributed nature of cloud-based security systems also assists enterprises in their efforts to comply with the regional privacy rules, preventing user data transport outside of various boundaries by eliminating the need to backhaul user and application data.
Cloud-based security systems also have better performance, which leads to high end-user satisfaction. In addition, cloud-based security systems reduce total cost of ownership. Rationalizing multiple vendors, eliminating duplicate system, and providing more efficient work patterns for security personnel will contribute to a lower overall cost.
As staff continues to migrate off campus and applications move out of the data center, establishing a more effective security posture will be essential to success. Efficient security design that addresses these continuing business trends is essential to cost-effective, continued growth. Cloud-based security systems will deliver these benefits and position IT teams to rapidly deliver new services.
Citations
[1]“5 Things You Must Absolutely Get Right for Secure IaaS and PaaS” (ID: G00461794), Gartner, Tom Croll, Refreshed: 18 November 2021, Published: 7 May 2020