Tech infrastructure diversity holds key to better security
The spate of high profile ransomware incidents this year has halted operations across business and critical infrastructures alike.
A highly successful ‘revenue generation' tactic for cyber-criminals, attacks that caused so many problems for the likes of Colonial Pipeline and JBS, demonstrate the huge risks and have contributed to a greater sense of urgency in dealing with the problem across public and private sectors.
Adding to the challenges caused by sophisticated cyber-criminals is their constantly changing tactics to stay one step ahead of potential victims.
For example, there is growing concern about the risks inherent in relying on a single vendor for security infrastructure, as attackers step up their efforts to exploit single vendor vulnerabilities. In doing so, the danger is that successful attacks provide access to entire networks and their wider supply chains.
The now-infamous SolarWinds attack illustrated what can happen when an organisation relies on one vendor across its infrastructure, tools and security estate.
In this situation, SolarWinds' use of an exclusive Microsoft architecture offered an uninterrupted connected surface where attackers could move from a single compromised laptop to an Azure Active Directory and then Office 365. In situations like these, once hackers gain access to email, they can pretend to be anybody in the organisation and use that insider knowledge to widen access and control.
In the case of Microsoft and other major vendors, bundling applications and security may seem like a sensible option for delivering benefits such as increased integration or economies of scale, but there are circumstances where it might actually put users at greater risk.
Extending the single vendor strategy is one way dominant global vendors such as Microsoft are being targeted by attackers, who constantly build and refine their infiltration strategies.
Clearly, this approach is gaining traction because of the potential it offers to compromise any single vendor security infrastructure relied on by their potential victims.
Instead, when companies segment their security infrastructure with multiple vendors, they put themselves in a much stronger position to contain the impact of a security breach because when one area is compromised, the rest of the network isn't immediately exposed.
A good starting point is to split the application stack from the security stack. For example, implementing third-party security products can establish a barrier to disrupt the progress of an attack and prevent cyber-criminals from operating without restrictions.
In separating applications from security, the security strategy should be integrated and consistent because usually, the weakest link will be compromised first. As a result, organisations cannot arm themselves to address today's sophisticated threat environment without consistent security across their various cloud and network security solutions.
That's why organisations are adopting a secure access service edge (SASE) framework to streamline security. This approach replaces existing fragmented solutions with a unified platform that delivers comprehensive security across the infrastructure.
As a result, users benefit from greater flexibility, cost savings, better performance and increased threat prevention.
In practical terms, SASE components and functions typically include:
- A Cloud Access Security Broker (CASB) that offers end-to-end protection for data in any cloud service and any device.
- Zero Trust Network Access (ZTNA) that provides comprehensive and secure remote access to on-premises resources.
- An On-Device Secure Web Gateway (SWG) that decrypts and inspects traffic directly on users' devices for content filtering and threat protection.
These considerations have taken on even greater significance given the growth of the remote workforce — a trend that has accelerated so much since the beginning of 2020.
With data and users now residing outside corporate networks, many existing security strategies are no longer fit for purpose — they were designed to protect more centralised IT environments where control can be managed more precisely.
While organisations continue to rely on a single vendor to protect both applications and data, the time from an initial security incident to broader impact is likely to be alarmingly brief. But by developing technologically diverse, resilient IT infrastructure, organisations become much more capable of minimising the reach and impact of a cybersecurity incident.