Tech infrastructure diversity holds key to better security
Article by Bitglass founder and CEO Nat Kausik.
This year, a spate of high profile ransomware incidents has halted operations across business and critical infrastructures alike.
A highly successful ‘revenue generation’ tactic for cybercriminals, these attacks that caused so many problems for many high-profile companies demonstrate the enormous risks involved. They have contributed to a greater sense of urgency in dealing with the problem across public and private sectors.
Adding to the challenges caused by sophisticated cybercriminals is their constantly changing tactics to stay one step ahead of potential victims.
For example, there is growing concern about the risks inherent in relying on a single vendor for security infrastructure, as attackers step up their efforts to exploit single vendor vulnerabilities. In doing so, the danger is that successful attacks provide access to entire networks and their wider supply chains.
For example, one infamous attack illustrated what can happen when an organisation relies on one vendor across its infrastructure, tools and security estate.
In this situation, an exclusive program architecture offered an uninterrupted connected surface where attackers could move from a single compromised laptop to a variety of cloud services used by the business.
In situations like these, once hackers gain access to email, they can pretend to be anybody in the organisation and use that insider knowledge to widen access and control.
In the case of major vendors, bundling applications and security may seem like a sensible option for delivering benefits such as increased integration or economies of scale, but there are circumstances where it might put users at greater risk.
Extending the challenge of a single vendor strategy is a way in which dominant global vendors are being targeted constantly by attackers, who devote significant time and resources to building and refining their infiltration strategies.
Clearly, this approach is gaining traction because of the potential it offers to compromise any single vendor security infrastructure relied on by their potential victims.
Instead, when companies segment their security infrastructure with multiple vendors, they put themselves in a much stronger position to contain the impact of a security breach because when one area is compromised, the rest of the network isn’t immediately exposed.
A good starting point is to split the application stack from the security stack. For example, implementing third-party security products can establish a barrier to disrupt the progress of an attack and prevent cybercriminals from operating without restrictions.
In separating applications from security, the security strategy should be integrated and consistent because usually, the weakest link will be compromised first.
As a result, organisations cannot arm themselves to address today’s sophisticated threat environment without consistent security across their various cloud and network security solutions.
That’s why organisations are adopting a Secure Access Service Edge (SASE) framework to streamline security. This approach replaces existing fragmented solutions that have to be managed and updated separately, with a unified platform that delivers comprehensive security across every infrastructure segment.
As a result, users benefit from greater flexibility, cost savings, better performance and increased threat prevention.
In practical terms, SASE components and functions typically include:
A Cloud Access Security Broker (CASB)
These offer end-to-end protection for data in any cloud service and any device.
Zero Trust Network Access (ZTNA)
This provides comprehensive and secure remote access to on-premises resources.
An On-Device Secure Web Gateway (SWG)
These can decrypt and inspect traffic directly on users’ devices for content filtering and threat protection.
Already important, these considerations have taken on even greater significance given the growth of the distributed, remote workforce, a trend that has accelerated so much since the beginning of 2020.
With data and users now residing for some, or all, of the time outside corporate networks, many existing security strategies are no longer fit for purpose because they were designed to protect more centralised IT environments where control can be managed more precisely.
While organisations continue to rely on a single vendor to protect both applications and data, the time from an initial security incident to broader impact is likely to be alarmingly brief. But by developing technologically diverse, resilient IT infrastructure, organisations become much more capable of minimising the reach and impact of a cyber security incident.