Blog

A More Effective Security Position

Augmenting and centralizing policy control is crucial in the evolution of an effective security position. The benefits far outweigh the effort of transition and will become table stakes as enterprises rationalize their aging premise-based systems.
October 4, 2022

A More Effective Security Position

We have learned the value of self-assessment to identify cybersecurity risk. Once those assessments are completed, security teams must take action on the agreed-upon findings. Most likely, one of those findings will require the team to think about how to increase the effectiveness of one or more of the controls implemented in on-premise or cloud computing environments. With this in mind, we will examine how to establish a more effective security position.

In 2020, Gartner forecasted, “By 2021, 50% of enterprises will unknowingly and mistakenly have some Infrastructure as a Service (IaaS storage) services, network segments, applications or APIs directly exposed to the public internet, up from 25% at year-end 2018. Through 2023, at least 99% of cloud security failures will be the customer’s fault.”[1] This is a daunting prediction that reminds us that despite increased spending on larger security teams, more security tools, and increased automation, enterprises continue to struggle to get their security right.

To understand the basis of the struggle, let’s first explore how we got here…

We created a paradigm that we codified in policy and architecture that was invented when computers, data storage and people were largely on-premise. Our servers lived in our data centers so blocking threat actors from the data center was critical to success. Some called this era the "crunchy exterior shell architecture" phase. Our people operated from corporate headquarters and branch LANs, so we hardened access between sites as well as access points to the network at sites. This became the defense in-depth architecture phase - which left us with an explosion of firewalls. It took some time before tools allowed us to centrally manage policy to both see and manage changes without logging into to every firewall and router individually. This became the "centrally managed phase".

So, we focused on keeping the software current to capture new attack signatures and centralizing policy updates to reduce the risk Gartner1 warned us about. As IaSS became more common, we leveraged APIs, open-source code, and automation packages to reduce time spent in maintenance windows. This allowed us to manage the burgeoning number of hardware firewalls with relatively small teams. But when errors occurred in an update, things could go wrong in a hurry.

Accelerating use of SaaS continues to make configuring security systems correctly more challenging. Employees working from home over VPNs are accessing sensitive data, business SaaS services, and public websites from the same machines in the normal course of their work functions. Consumerization of IT leads to new SaaS services being added by individual employees frequently and with no notice. Automated workflows are increasing use of embedded web links in routine email.

The continuation of the journey to the cloud brings additional security configuration challenges. Applications running from the cloud are calling APIs hosted by third-party, public websites as well as those hosted by on-premise systems. The pace of feature development is accelerating, putting additional pressure on security teams to keep security configurations correct.

How do we move forward to a more effective security posture? It turns out there is a winning strategy. The cloud-based security systems augmenting and centralizing policy control help us move toward a more effective security position. The benefits far outweigh the effort of transition and will become table stakes as enterprises rationalize their aging premise-based systems, continue their journey to the cloud and cloud-native applications, and extend further into third-party supply chains and SaaS services.

Cloud-based security systems allow us to plug the holes created by having premise-only systems or two independent systems that lack the ability to process threat activities across domains. Security teams benefit by having one set of tools managing policy and reporting across all regions.

The distributed nature of cloud-based security systems also assists enterprises in their efforts to comply with the regional privacy rules, preventing user data transport outside of various boundaries by eliminating the need to backhaul user and application data.

Cloud-based security systems also have better performance, which leads to high end-user satisfaction. In addition, cloud-based security systems reduce total cost of ownership. Rationalizing multiple vendors, eliminating duplicate system, and providing more efficient work patterns for security personnel will contribute to a lower overall cost.

As staff continues to migrate off campus and applications move out of the data center, establishing a more effective security posture will be essential to success. Efficient security design that addresses these continuing business trends is essential to cost-effective, continued growth. Cloud-based security systems will deliver these benefits and position IT teams to rapidly deliver new services.

Citations

[1]“5 Things You Must Absolutely Get Right for Secure IaaS and PaaS” (ID: G00461794), Gartner, Tom Croll, Refreshed: 18 November 2021, Published: 7 May 2020

Related RESOURCES

Blog

What’s Next For Networking?

The combo of faster & more efficient connectivity with new networking technologies & insights, productivity, network performance, & efficiency will all improve, providing additional cost ...
Blog

Global Tier 1 IP Networks: Everything You Need To Know

Tier 1 IP networks are the first choice for global enterprises for dedicated, reliable & secure internet access. Learn why GTT is the ideal Tier ...
Blog

The Future of IT in Manufacturing: Managed SD-WAN Solutions

GTT offers cutting-edge Managed SD-WAN for manufacturing companies. Discover how you can take a step toward the future of Manufacturing IT and networking.
Blog Featured Image
Blog

Maximize Business Performance With Enterprise Managed SD-WAN

Learn how GTT's Managed Enterprise SD-WAN Services provide internet connectivity with unparalleled reliability. Talk to our Managed SD-WAN experts now!
sd-wan
Blog

Reliable Connectivity: The Power of Global Managed SD-WAN

GTT's Managed Global SD-WAN empowers enterprises with reliable, resilient network connectivity without compromising security. Talk to GTT's experts today.
Blog

Firewall as a Service (FWaaS) Providers: What To Look For

Discover how top Firewall as a Service providers offer comprehensive services to enhance network security and protect organizations from cyber threats.
Blog

Dedicated Internet: Why Your Business Benefits

Dedicated Internet Access (DIA) is critical for modern enterprises that rely on connectivity for success. Talk to GTT for 99.99% availability DIA services.
Blog

How Your Business Benefits from a Dedicated IP VPN

Dedicated IP VPN is critical to protect your business users and provide them with fast and secure connectivity. Talk to GTT for a dedicated IP ...
GTT Managed SD-WAN Services - A visual representation of an SD-WAN process flow on a laptop
Blog

Firewall as a Service (FWaaS): Definition, Benefits, & More

Firewall as a Service is a cloud-based, scalable network security solution. Learn how GTT's FwaaS can solve the evolving needs of your company's network.

OUR GARTNER RATING

Gartner Peer Insights Reviews
 
 
As of 11 October, 2024

Talk to an Expert

Interested in learning more about GTT products & services? Please complete this short form to schedule a call with one of our sales consultants.

Thank you for your information. One of our sales consultants will be in touch with you.

Scroll to Top