In my discussions with security practitioners and CISOs, and while listening to speakers at security conferences, I keep hearing about certain security challenges. The security vendors claim to offer products that can solve most of these challenges – and toss some three and four-letter acronyms to bedazzle us. Yes, they have been doing that for years! But will their solutions actually reduce security woes this time? You see, a lot has changed in the past two years.
By Brian Pereira, Digital Creed
Image by katemangostar on Freepik
Security was manageable before the pandemic; the problems started as employees took their office laptops home and began accessing enterprise applications and databases. What followed was accelerated digital transformation and cloud adoption. More enterprise applications moved to the cloud, from the on-premise data center.
The perimeter was suddenly gone and organizations could no longer protect employee devices, applications and workloads from behind the safe confines of a firewall. The data center-led security architecture that we used for years became decentralized.
Suddenly, we needed new and unprecedented ways to secure our IT infrastructure. Hence the emergence of new security frameworks and technologies such as XDR, SASE, SSE, CASB, SD-WAN, FWaaS, CSAM, VMDR, Zero Trust, ZTNA etc.
Alphabet soup all over again, thanks to Gartner, Forrester and the security researchers!
Common Security Challenges
So what are the challenges that haunt CISOs and security practitioners today?
One is visibility into users and what applications and resources they are accessing. With users now working from anywhere, it is quite a challenge to keep track of who is accessing what, as these applications are now on the cloud. How do you implement security access policies for this?
Two, do existing security solutions deployed in the organization talk to each other and share threat intelligence? In most cases, they don’t, and that is alarming. For a long time, CIOs preferred best-of-breed products from different vendors. And as they purchased more over the years, they found it difficult to manage so many products. There were multiple dashboards and logs.
This introduces the third challenge: the struggle of managing too many security solutions (the average number of tools used by an organization is 79). Hence the need for consolidation and integration. Vendors are addressing this by building their tech stacks either by acquiring companies and tech they do not own or by trying to develop their own solutions. What matters is how well all the components in the stack are integrated.
Four, latency when customers and employees access applications. So, the need to address the quality of the experience.
Five, is endpoint security and the threat from users who carelessly click on links in phishing emails or malicious email attachments.
Six, the need to cut costs, which means managing with reduced security budgets. To save costs, some may prefer to postpone the purchase of new products and cling to older products, supported by updates from vendors (as long as these are available).
And seven is legacy and technical debt. To protect investments, no one wants to rip and replace legacy products or architecture. So, the legacy has to be integrated with a new solution that’s being deployed. And there needs to be a roadmap and timeline for phasing out the old and transitioning to the new solution. Vendors need to be cognizant of this when pitching new solutions.
Apart from these, there are other challenges such as uniform policy enforcement and uniform threat visibility – without opening vulnerabilities that expose the organization to risk.
What Led to These Challenges?
As I mentioned earlier, increased cloud adoption in enterprises saw (non-core) applications moving out of the on-premise data center and into the cloud – and provisioned as subscription services. That’s the software-as-a-service (SaaS) model.
So with users working from anywhere, as is the case these days, it means their endpoint devices (laptops, smartphones, tablets, home routers) connect to the cloud using a broadband service.
The security of home routers and home networks is questionable, upping the risk from humans/employees. And these endpoints are also entry points into the enterprise network, so there is a risk to address there too.
Not long ago, remote users or branch offices connected to the enterprise data center at the head office, using a WAN technology and a protocol like MPLS (multi protocol label switching). It was a hub and spoke architecture. Even if the applications were on the cloud or in another branch office, the traffic from clients had to be “backhauled” to the data center for security reasons and then routed to the cloud to access applications.
Even though MPLS routes traffic through the shortest path to its destination, there is still a latency issue. As more applications moved to the cloud, there was a need to bypass the central data center (skip the backhauling), and access SaaS applications directly on the cloud. But the security issue had to be addressed.
The other way to access applications in a data center via the Internet, was to use a VPN with an encrypted pathway between the remote client and the server.
In my next post, I will discuss some security frameworks and technologies that could solve these challenges.
Yes, we’ll tuck into some alphabet soup. That’s next week!