Thinking network-first to protect against security threats
By Sven Bruelisauer
The challenge of securing data has seen a dramatic shift in complexity in recent years due to an increasing number of threats frequently appearing. However, this complexity will always be an addressable and scalable issue with the right solution in place. Additionally, the rapid advent of new and evolving technologies is presenting opportunities where organizations can fall behind or worse – face a cybersecurity breach if the right strategy and toolset to manage their network is not in place.
The pressure on IT to oversee security processes is extreme. They are facing changing business dynamics that add to the problem, including increased sharing of information with third-party vendors, employees conducting shadow IT and organizations outsourcing data protection to managed security service providers. Organizations are facing an ever-rising tide of risks that can cause noncompliance and ultimately have major impact to their business and bottom line.
Taking a closer look at how to address the multitude of challenges posed to organizations’ networks, there are four considerations to adhere to, ranging from having a firm grasp of where data resides to having the proper strategy in place to maintain optimal cybersecurity posture.
Understand risks and where data lies
The dilemma is that senior leaders and IT may not be complete experts on where data lies, and the challenges presented from every line of business (LOB). You also cannot expect LOB leaders to understand and prioritize your security concerns, especially when they often perceive security as just another burden limiting efficiency, choice and progress toward business goals.
The answer is to ask. To work effectively with LOB leaders, you need to ask non-technical questions to determine the known versus unknown risks. The results can be surprising but will ultimately inform an audit that will ensure the right strategy is in place. This exercise will also uncover valuable information assets that, if stolen or hacked, can result in unwanted costs and failure to meet regulatory requirements.
Organizations need to prepare since endpoints will only increase as the business grows.
Next, a formal audit can be conducted to identify where data lies and goes, what needs protecting and who has access. Newer technological advancements need discussion, whether it is machine or artificial intelligence to deliver overall increased cybersecurity resilience or availability. Knowing which endpoints hold sensitive data is key to remain compliant and avoid expensive and complicated remediation that can slow the business down or damage the brand.
Developing your cybersecurity strategy
A fully developed security strategy is crucial to getting buy-in from executives and the board of directors. This strategy should detail the necessary steps to identify, remediate and manage risk to improve information security. Depending on the nature of your organization, key objectives may include:
- Meeting customer requirements regarding security
- Education and training for the entire organization on the importance of maintaining compliance, supported by top-level management
- Continually improving security postures as technology evolves
- Making decisions based on facts, not assumptions or hearsay.
These objectives must be supported by the following key principles:
- Holistic management of endpoints via a single pane of glass network opposed to resigning to or continuing to manage individual endpoints
- Treat security risks based on impact rather than on catalog-based controls
- Quantify the security level rather than use a qualitative description of security
- Apply common security standards (e.g. ISO 27001, NIST) instead of taking a customized route.
This approach must also allow for constant adaptation, especially in response to new threat vectors and risks – including trojans such as Emotet and Trickbot for example. Hackers will only get more sophisticated and organizations need to stay one-step ahead.
Build and implement your cybersecurity maturity framework
It is essential to quantify your organization’s cybersecurity maturity using a cybersecurity maturity framework. You can choose from several existing frameworks or build your own, just be sure to apply regulatory security standards rather than taking a completely customized approach. This ensures compliance meets industry qualifications and lessens the risk involved.
These maturity models include processes, policies, devices and other actions across the network. A best practice to incorporate should include using an event-based risk calculation approach that groups threats into cybersecurity domains. These domains in turn are further broken down, based on public standards. For example, the “employee” cybersecurity domain control may consider if background checks are required or conducted before hiring.
However, given these suggested standards to adhere to, organizations need to recognize the residual risk that remains due to factors that may outweigh the threat of a breach. These can include budget limitations – and it is imperative senior leaders understand the tradeoff. Choosing a security maturity model ranging from NIST, COBIT, ISO 27001 and more may vary according to an organization’s needs, but using one ensures an organization is following a standardized scoring framework.
One effective method to provide an overview of the framework is by using a spider or radar diagram, which can show an organization’s overall cybersecurity maturity based on a calculated score, usually from 1-5. This numeric value provides relevant stakeholders a way to assess and compare maturity levels – detailing everything from whether security postures are unorganized or baseline up to if processes are established and consistently improved upon.
Treat your risks before they are risks: The path to success
Ultimately, these challenges point to the need for organizations to analyze their network and focus on thinking, “network first.” The value proposition for introducing SD-WAN technologies is clear to respond to the adaptation a network consistently experiences.
For example, SD-WAN can utilize service chaining to connect the business, resulting in real-time insights for analysis and a clear path to management. Network zoning is paramount too. Confining and compartmentalizing vulnerabilities negates compromise to other business-critical processes. Security can also be further refined by combining technology with skilled workers. Always-on engineers, whether sourced internally or externally, will be the front line in managing technology and mitigating risks.
There may always be distractions and new technological concepts to grasp – there are already rumblings of “Next Gen AI,” “Augmented Cognitive Security” and Cyber Neurons,” but proven concepts should be emphasized and prioritized. For organizations to succeed in digital transformation and stay ahead of what is next, SD-WAN needs consideration to redefine the entire business model. Using a security maturity framework is the first step, but true defense should boil down to having the right people, tools and tactics in place to balance risk reduction capabilities with optimized execution.
It also depends on the right attitude and outlook. It may be obvious to realize what should have been in place after a breach occurs, but it is hard to anticipate what may happen in advance. The right strategy should be in place to mitigate threats before they occur.