The IT security industry has not managed to make businesses feel more secure. Organizations have been increasing their investments in security software and hardware for many years. Yet a recent study found that only a quarter of business leaders across EMEA are confident in their current security.
The increasingly complex, mobile, connected digital world forms a continuous challenge for enterprises to adequately protect themselves against digital threats.
So, should we just go on increasing our investments? 83% of respondents to the VMware/Forbes Insights survey are planning this for at least the next three years! Hardly: while security spending has been consistently going up, the economic impact of cybercrime has, according to the EU, risen fivefold from 2013 to 2017. Simply spending money on the same security won’t fix the problem. Don’t get me wrong, investment is needed. But we should invest wisely and rethink in the way we approach security.
Three steps to fix cyber security
More specifically, three things need to happen.
Firstly, we need to stop focusing as much on threat detection.
According to our own analysis, 80% of enterprise IT’s investment in security goes on reactive measures. 54% of respondents to the VMware/Forbes Insights study say they plan to spend even more on detecting and identifying attacks.
Yet if you’re constantly chasing the next threat that means you’re already behind. Threats are evolving rapidly. And detection tools will only defend your organization against copycats, not against those attackers that do something different. Moreover, there needs to be a shift away from merely trying to prevent breaches at all costs. The inevitably of breaches is a reality. So, what matters is how quickly we can detect them and take effective mitigating action. In short, definitely invest in detection, but also invest more in prevention.
Secondly, the real focus should be on applications.
Knowing more about the known good application behaviour becomes critical. With this in mind you can focus on understanding the 50 things that should be happening. R rather than trying to protect against the 50.000 that shouldn’t. Think about it this way. When you get out of bed in the morning, and you feel unwell, you don’t make a mental list in your head of the thousands of different viruses that could be the cause. Instead, you focus on the sore throat or painful eye that hurts. Because you know your body, you immediately identify what’s unusual. The same approach can be taken to security. When you are understanding how applications actually work, you can focus on enabling their effective operation rather than on restricting them due to risk aversion.
When you get out of bed in the morning, and you feel unwell, you don’t make a list in your head of the thousands of different viruses. Instead, you focus on the sore throat or painful eye that hurts.
Finally, all of this is just not possible without truly intrinsic security.
It means that you get rid of the 50 to 100 different security products, that need to be managed, updated and patched individually while making sure they’re aligned and connected to relevant apps, which in turn also need constant management and updates. It’s intricate, cross-connected and overly complex. What if we could instead focus on one overarching software layer? Common across apps and data, wherever they reside: private data centers, clouds, edge, containers, desktops, and mobile devices? By protecting the network, the common element that touches everything, you’re securing every element connected by the network, whether they are within the company walls or in some form of cloud. Deploying virtual cloud networks gives enterprises a universal fabric – secure that and everything it touches is secure. It’s more efficient, easier to manage. It’s also automated, freeing up your people to focus on more valued-adding innovation tasks.
A multi-layered approach
With these three focuses combined you get a multi-layered approach to security. Firstly, providing proactive prevention alongside threat detection. Secondly, zooming in on what’s good rather than spending exhaustive time and money on assuming the worst. And thirdly, leveraging the benefits of cloud infrastructure to protect the organisation.
Eventually, the infrastructure is genuinely inherently secure. If one layer or element gets breached, then the next element is secure, and the next, limiting the damage that can be done. It recognises that breaches are a case of when, not if, and acts accordingly. In doing so, we can all improve confidence in our security policies and procedures, cut down on unnecessary spending, and reduce the damage successful attacks can cause. And, importantly, this built-in security means an organization can take the business in any direction, innovate and add new IoT, AI and ML technologies, knowing that the heart of the business will remain secure.