SecurityBrief Australia - Technology news for CISOs & cybersecurity decision-makers
Australia
Guides
#
cloud security
#
cybersecurity
#
endpoint protection
#
firewalls
#
ransomware
Search
#
Firewalls
#
Data Protection
#
Ransomware

Video: 10 Minute IT Jams - Bitglass director on the relationship between security and digital transformation

Wed, 16th Jun 2021
FYI, this story is more than a year old
Author image
By Nick Forrester, Senior News Editor

Cyber security can help digital transformation, but only if used in the right way.

That's the view of Jonathan Anderson, Senior Director of Marketing at Bit Class, who says that while security is vital, if implemented poorly, it often ends up slowing business down – or even backfiring completely.

Speaking to Two Minute IG Jams for his third appearance, Anderson gave a frank assessment of the difficult balancing act security teams face. "Digital transformation is such a big mega trend that's been going on for quite a few years; I think last year over a trillion dollars was spent on digital transformation globally," he said.

Yet the momentum can often be stymied. "Security can very much slow digital transformation, and security teams can be the department of no," Anderson noted. "What you end up having in some cases if you make the processes so difficult and slow for the user, they just go around some of those security tools, and you can actually create issues of shadow IT that you didn't have before."

To Anderson, the most successful approach is implementing security transparently: "It's very important when you think about digital transformation to implement security that is transparent to the user."

He pointed to consumer technology as a guide – citing iPhones and cloud-based apps that "just work," without demanding a cumbersome interface or, as he put it, "a clunky VPN." Good security, he argued, becomes a "layer across between your users and your data that sits between your users and your cloud services and secures that data – who can access it, how they access it, what applications are using, what devices they're using."

But with new ways of working and ever-growing data volumes, how should organisations go about protecting themselves – and their digital ambitions?

Anderson believes organisations must first secure two key pillars: cloud services and mobility. "Mobility is to access data anywhere we want, and you combine unlimited data with unlimited access, and you can really turn things that weren't digital into digital transformation," he explained.

However, he warned that public cloud, by its very nature, puts critical data in other people's data centres and across multiple services. "As long as those service providers have the right security, there's nothing to worry about, but we've seen with recent attacks that that's not always the case."

He added: "Cloud service providers, much like renting a car, can secure it as much as they can, but they're not responsible for how you use that cloud service."

To address these shifting risks, Anderson advocates for a new approach called 'secure access service edge' (SASE). By pulling together traditional tools such as firewalls and VPNs with newer cloud-based security controls, SASE "unifies them into a single cloud service that's unified across your organisation, gives you a single place to view your data and how people are using it, and marries those disparate security technologies." Unification is key, he argued, because fragmentation gives attackers loopholes to exploit.

For security teams, Anderson had three main pieces of advice. First, invest in robust cloud security – but with flexibility. "Cloud access security brokers are the de facto standard, like the firewall for the cloud. It's important … to choose a CASB technology that is multi-mode, that allows you to scale with your cloud applications," he said, warning that agent-based solutions may be a poor fit for scenarios such as Bring Your Own Device (BYOD). "There's a place to use agents, but not everywhere."

Second, he recommended modernising web gateway technology. "Now we've got a technology, for example, that allows you to do secure gateway, you know, content filtering, deep inspection of that web traffic on the actual device without having to backhaul to an appliance or cloud-based appliance," Anderson explained. This offers both easier implementation and a better fit for today's "digital transformation world."

And third: do not overlook legacy, on-premises data. "Make sure that you are securing your internal applications, data that is not yet moved to the cloud," Anderson said. He advocated zero-trust network access architecture, ideally in an agentless model, noting: "You shouldn't feel rushed to move your applications to the cloud either … you can secure that with the proper ZTNA technology." Combining this with SASE, he argued, would greatly speed up transformation.

With high-profile ransomware and supply chain attacks frequently in the news, are digital transformation strategies under threat? Or is going digital itself making businesses less secure?

"It's a really, really good question, because these types of attacks are getting more complicated," Anderson said, referencing the SolarWinds incident as an example of the increasing sophistication and patience of cyber criminals. "They're showing their complexity that they will go to to compromise an organisation's data. If you look back at what we've seen about this attack, it was compromised credentials that were the issue at the heart of it."

So, whilst simple steps such as robust credential management and multi-factor authentication remain vital, Anderson stressed that a more fundamental rethink is needed. "What SASE does is force you to rethink the architecture model," he said. "If your data is in other people's data centres, you need a way to make sure that's secure."

Reliable, well-integrated security, he stressed, is now as fundamental for cloud services as uptime and resilience. "If you've got a cloud security service that's protecting you, and it goes down for an hour or half a day or whatever, that leaves you totally exposed," he said. "Having that resiliency built into your cloud service, having a really full feature set, having integrations into an ecosystem that is your other security and IT infrastructure … is really important as well."

Ultimately, as organisations move to the cloud and data is touched in more places, attackers' opportunities multiply. "As long as people keep paying some of these ransomwares, I think they'll keep going at it and they keep making more money," Anderson concluded.

Follow us on:
Follow us on LinkedIn Follow us on X
Share on:
Share on LinkedIn Share on X
Related stories
Barracuda boosts threat detection with multimodal AI upgrade
Facebook ads scam uses celebrity faces to spread malware
BlueVoyant launches tailored Microsoft Security optimisation service
Care & tech jobs surge as traditional roles decline in Australia
Mid-market APAC firms boost cybersecurity but lag in AI use
Top stories
New report reveals major security flaws in multimodal AI models
AI trends in video surveillance focus on ethics, hybrid models
Broadcom forces VMware clients to roll back crucial updates
Fortinet launches FortiGate 700G with AI & quantum protection
DXC launches solution with SAP & Microsoft to boost AI use