American business magnate, Warren Buffet once said, “it takes twenty years to build a reputation and five minutes to ruin it. If you think about that you’ll do things differently.” Hot on the heels of the fallout from the TalkTalk hack, for many organisations and their Chief Information Security Officers (CISOs) in particular, that stark reality rings true. Doing things differently in relation to data security strategy is no longer a project for the wish-list, but a boardroom priority.
CISOs are rapidly becoming the point person for customer advocacy, brand protection and providing new ways to effectively secure employees and company data. This is all while reducing costs and simplifying business processes to drive competitive advantage.
[easy-tweet tweet=”It takes twenty years to build a reputation and five minutes to ruin it – even in #cloud” user=”comparethecloud” usehashtags=”no”]
Yet, in the precarious position of balancing advances in mobility, cloud computing and the Internet of Things, succeeding in this newly developed role means a shift in approach. Gone are the days in which the concept of fortress building is acceptable for keeping the ‘bad guys’ out and maintaining control. Organisations are now tasked with securing employees working from remote locations, across insecure networks and applications.
Keeping up with the IT crowd
For many this shift begins with assessing the advances in technology and how they can be applied to security. As IT embraces virtualisation, consolidation and consumption of cloud technologies, platform and software services, security and risk professionals have been left behind. While automation and integration may be standard practice across IT processes, this is not always the case for security protection.
[easy-tweet tweet=”As #IT embraces #virtualisation, and consolidation of #cloud, security and risk professionals have been left behind” via=”no” usehashtags=”no”]
To advance from fortress building to securing the borderless enterprise, CISOs are now looking for a new breed of security solution. This incorporates data security and encryption functionality with cloud based security and policy driven data protection that can be delivered across all connectivity channels. Tools that can provide cloud-scale visibility and crowd-shared threat intelligence are also becoming hotly pursued.
And this change is being demanded with immediate effect. Research carried out in a commissioned study conducted by Forrester Consulting on behalf of Zscaler indicates that 82 per cent of firms require functionality that provides strong integration with data security or encryption technology now, or within the next year.
Look Back at Blogs from 2015
Embracing a unified approach
With this transition towards enhanced security capabilities something must also change in the way this functionality is delivered. Teams are currently operating under the burden of multiple hardware appliances and point solutions, commonly delivered across a range of vendor portfolios with little flexibility and integration. As a consequence, the natural next step is to look at how organisations can consolidate their existing security functions into one central framework.
Results from Forrester support this suggestion. An overwhelming majority (98 per cent) of IT security professionals believe that an integrated security platform would be more effective in delivering a broad range of cyber security capabilities versus point solutions delivered by multiple vendors. In fact, 76 per cent of respondents claimed that the approach would be very effective in comparison.
Additional insight highlights that professionals see these platforms as removing the barrier to delivering advanced techniques like advanced analytics and machine learning, which depend upon delivery of consistent big data across all technologies. Of course, when managing a variety of tools, extracting the consistent data to fuel insights becomes incredibly difficult.
Making cloud security pay
Combining integrated security platforms with cloud deployment options will deliver improved security and higher scalability
In the same way that lines of business and security professionals both have to consider the cost implications of a change in strategy, they must work in tandem to support the overall business goals. To enable business agility and competitive advantage not only depends upon productivity, or in this case security, but reducing overheads and making intelligent investments that won’t compromise business stability.
Combining integrated security platforms with cloud deployment options will deliver improved security and higher scalability. It also means lower overheads and a shift of resources into performing critical tasks. As a result, CISOs should be looking at how they can make significant strides from a cost perspective. This prioritisation is mirrored in findings among 130 security professionals involved in the Forrester study for whom reducing costs is a major goal, and the top rated driver for adopting cloud security technologies.
That said, costs weren’t the only means of making cloud deployments pay. Nearly half (49 per cent) of participants claimed that they would adopt cloud security as a service to gain better security than can be achieved with on premise deployments. In fact, 48 per cent said that one of the top priorities for implementing cloud tools would be to secure areas that on premise tools cannot, such as remote locations, mobile devices and Internet of Things solutions. This capability is becoming critically important as CISOs look beyond the fortress walls towards a water tight strategy for the future.
[easy-tweet tweet=”One of the top priorities for implementing #cloud tools would be to secure areas that on premise tools cannot” via=”no” usehashtags=”no”]
Tips from the top
Naturally, the commonplace methods of securing the enterprise must be adapted as organisations face the restrictions of evolving threats and distributed workforces. Executives need to first assess their existing tools and the functionality they deliver to make decisions about how they can apply more advanced techniques.
Next, they must determine the most effective way to deliver these capabilities. Building a security ecosystem that prioritises integration and orchestration across all security technologies in the company’s portfolio is key. This will enable teams to actively seek tools where vendors have developed integration between their products already, or by assessing managed security offerings where service providers can deliver pre-integrated platforms.
By making steps to effectively address the need to promote cloud-based security as an enabler for competitive advantage, CISOs are expected to protect the everywhere enterprise in a cost effective and flexible way. Only then will they be to fulfil their role in maintaining the delicate balance between customer trust and brand reputation.
Dr. Manoj Apte, Network Security Executive, Zscaler
Dr. Manoj Apte is a network security executive with over 15 years of experience developing high performance networking and security systems.
Prior to Zscaler, Manoj held engineering and product line management positions at Juniper Networks, where he created and launched Juniper's 10G IPS (Intrusion Prevention System) appliance. Prior to Juniper, he worked on real-time embedded platforms at various companies.
Manoj holds more than a dozen patents and has contributed to the Cloud Security Alliance since its initial charter. He earned a PhD in Real-Time Embedded Systems from Mississippi State University and holds a B.Tech. in Aerospace Technology from IIT Bombay.