Digital Tools Bolster Cybersecurity
The tools needed to mount an effective defense are appearing as essential design elements in today’s IT infrastructure.
by Thane Erickson
Technology has revolutionized every aspect of commerce, government and society. But that also raises a question in the mind of every CIO and CISO: How can an enterprise best protect its customers, core business, supporting applications and data?
The good news is that the tools and technologies needed to mount an effective defense are already appearing in today’s IT infrastructure as essential design elements. Virtualization and automation — features that make it easy and fast to spin up new resources and tear them down just as quickly — lend themselves to reducing attack surfaces that hackers can penetrate by partitioning resources and data to a greater degree than can legacy architectures. The enterprise is also getting better at spotting potential threats in real time, thanks to big data-driven algorithms that monitor traffic in and out of the enterprise.
Today’s digital shifts offer many tools and approaches that can be used to build new levels of security, as these examples illustrate.
Legacy IT service management systems, which typically exist as a thin patchwork layer of control on top of a sprawling IT stack, have always been reactive and required coordination between security teams and IT managers. In contrast, integrated digital service management (IDSM) solutions are tightly integrated with existing security tools by default, providing a closed-loop workflow for security incidents.
Further integration is offered by security tool logs and data to perform critical analytics. These help spot out-of-band attacks, such as multiple password-reset attempts from the same machine. By comparing data from the configuration management database, self-service portal access logging, and security information and event management (SIEM) logs, questionable activities can be more easily identified and blocked, and the root causes of incidents can be identified and eliminated.
Perhaps the most fundamental and effective step is to develop a comprehensive strategy. Cybersecurity is an ongoing activity, not a one-off project. CIOs must make security the foundation of everything they do. These are some of the steps we routinely recommend to develop that new approach:
- Assess security capabilities and identify opportunities. Determine where the organization currently stands and the level of resources required to support meaningful transformation.
- Evolve the security program vision. Establish an end-to-end enterprise security program and integrate it with existing enterprise architecture processes to reduce complexity levels and produce outcomes valued by the business.
- Become agile. Embrace the cloud and emerging technologies to boost IT agility and reach customers faster, capitalize on efficiency and cost benefits, and do so within risk tolerances.
- Accelerate toward security intelligence. Adapt to handle new threats to the enterprise by developing threat-centered operations based on a deep understanding of adversaries, their goals and techniques.
- Develop end-to-end delivery and sourcing. Plan a delivery and operational strategy for each of your security services to make a clear-eyed assessment of internal competencies for designing, building and deploying elements of a cybersecurity program.
In some ways, IT security has become a victim of IT success. As platforms have proliferated, it has become costlier to manage and secure them. An agile hybrid cloud platform provides a compelling option to address a number of cybersecurity challenges. Rapidly enabling inexpensive computing resources that span private and public cloud infrastructures ensures that policy-aligned resources can be consumed at the point of use and eliminated when they’re no longer needed.
In addition, applications can now be (and should be) built on a more secure foundation. Secure DevOps must be an integral element of the build-and-release cycles for all new applications. This shift improves collaboration among various groups, lowering blockades and hurdles that have in the past impaired the ability of businesses to leverage modern application platforms.
Networks are a common vector for attacks; however, they are now becoming smart enough to take on a far more proactive security role. Modern software-defined networks, combined with continuous control-based monitoring and analytics, will help companies adopt a modern, agile approach to network security, moving beyond automatic identification and alerting toward dynamic remediation.
A network composed of virtual components means that security can be built into business application logic, simplifying network security policy enforcement and auditing, and improving threat detection and response. Complex policies and remediation tasks can be implemented programmatically, taking into consideration application functions, user classes, service categories, locations of traffic streams’ endpoints, time of day or week, cost of links, and external events. These capabilities not only strengthen existing security functions but can also improve the organization’s overall security posture and many of its operational aspects.
One thing is for sure: The traditional castle-and-moat approach of perimeter defense is no longer enough. Inherently uncontrollable elements are being introduced into the enterprise daily as innovation pervades the organization from the outside in.
The Internet, consumer devices, cloud services and other resources outside the enterprise contain many security unknowns. Despite the risk, their inclusion is vital to enterprise agility and success. Simply stated, this leaves companies with no option but to develop a more robust, holistic view of cybersecurity.
DAVID WOODHEAD is a partner in CSC’s consulting organization.
THANE ERICKSON is director of the global cybersecurity portfolio at CSC.