The VAR Guy Blog

Security Transformation: Why It’s Tough Yet Necessary

To stay not just one but several steps ahead of cybercriminals, IT and business teams must work together to orchestrate security in a way that mitigates risk to every extent possible.

Smart companies realize that digital transformation is the key to future success. However, it’s important to realize that the more digital the business, the more critical cybersecurity becomes. In fact, true digital transformation must include security transformation.

As numerous recent and very high-profile breaches have shown, the security problem is growing. According to the 2017 Verizon Data Breach Investigations Report, “the triple threat of hacking, malware and social has been on top and trending upward for the last few years, and it does not appear to be going away any time soon.” Threats can be internal, external or both, as evidenced by recent newsworthy events. Yet, . no matter the source, type, volume or velocity of threats, companies and their customers are in harm’s way if security is status quo.

And while we all understand that  security transformation is necessary, it is certainly not easy. IT pros are challenged to secure interactions among users, applications and data in an increasingly dynamic environment that spans multiple cloud platforms and on-premise systems, as well as an increasingly mobile workforce and customer base.

To stay not just one but several steps ahead of cybercriminals, IT and business teams must work together to orchestrate security in a way that mitigates risk to every extent possible. Put more simply, there can be no “Sorry, we didn’t apply that patch”—not if you want to spare your company and your customers from harm.

Of course, security is about a lot more than patching systems(if only it was so simple!)

Addressing today’s threat landscape requires:

  • A ubiquitous software layer across infrastructure and endpoints (no matter where or what the systems happen to be)
  • Visibility into the context of interactions between users and apps
  • The thoughtful integration of security services for intelligent protection, especially to enforce policy

Data Center: Big Back, Big Target

One of the most vulnerable targets for attack is the data center. Yes, it’s more challenging to penetrate a server in the data center than it is to get an end user to take a phishing bait. However, once attackers have successfully breached a data center system, they may be able to move undetected for days, months or even years.

Here, virtualization and micro segmentation can help mitigate the threat. The former provides abstraction across compute, storage and network systems, creating an independent layer for securing infrastructure. The latter enables fine-grained security controls that can limit the scope of a cyberattack and prevent the lateral spread of threats.

End Users: Combined Backs Make for Big Targets

Remember when we said that a data center breach was more difficult but more rewarding than an attack on an end user system? It’s true, but endpoint breaches wreak their own kind of often-irrevocable damage, especially at a time when companies are seeing the value in fully empowering employees on mobile and responding to growing customer demand for mobile capabilities with continuous output of new apps and services.

When it comes to mobile security, companies must consider:

  • Management systems that reduce complexity—for example, by providing secure access to any app running on premises or in the cloud from a single dashboard
  • Biometric and two-factory authentication

Compliance Conundrum

Compliance is also an important consideration, especially in highly regulated industries such as finance and healthcare. In addition to all the measures mentioned above (at least), companies must be in a position to implement (and easily demonstrate implementation of) regulatory controls.

A flexible compliance platform that enables integration and layering of strategic tools will enable companies to streamline the compliance process now and in anticipation of any changes to come. An independently validated program will further enable companies to securely run highly regulated workloads.

Security is hard, but security transformation is harder. With that said, companies that can transform their security products and practices so they align with today’s dynamic digital environment--and that are poised to anticipate and accommodate the changes that are sure to come in the future--will set themselves (and their customers) up for success today and tomorrow.

 

 

 

 

 

 

 

Discuss this Blog Entry 0

Post new comment
or register to use your The VAR Guy ID



Sponsored Introduction Continue on to (or wait seconds) ×