News

Security: let’s stop being the plumber

CIOs and CISOs are feeling increasingly anxious. Cyber attacks of all kinds are constantly in the press, and the financial consequences continue to worsen. The reality is that businesses are falling victim to cybercrime on a more and more frequent basis. Investing in traditional cyber security products is all well and good. But they are becoming less and less effective. The processes from the past have clearly reached their limits. It’s time to urgently rethink our approach.

Guestblog by Sylvain Cazard, VP SDDC EMEA, VMware

A digital economy will only work if we can trust it

In a study we conducted with Forbes, 21% of managers said that they felt confident about their IT security. Considering the fact that our economy has become completely dependent on digital technology, this is a major cause for concern. While the benefits of the digital revolution are undeniable, the efficacy of our current  security measures is under serious scrutiny.

For a long time, cyber security has been based on the idea of an impenetrable fortress. A clearly defined and well-protected wall behind which we hoped our data was completely secure. This strategy was certainly effective when on-premises data centres processed all corporate data. But IT has moved on a lot since then. New application models and the apps they produce are thriving and are ubiquitous in our current economy. Wireless networks keep us connected everywhere we go, but the security of these networks cannot always be guaranteed. Data is transferred from one cloud to another, and the billions of connected devices create even more potential vulnerabilities.
The attack surface is now almost infinite. And our fortress is beginning to look more like a colander and we’re scrambling to fill the holes with more and more diverse point solutions. It’s like a plumber constantly sealing leaking pipes and fittings.

Cyber security is coming to the end of a long cycle

We are continually churning out ‘new’ security solutions without any evidence of their effectiveness. It’s fairly common for an organization to have well over 20 suppliers providing supposedly interlocking security solutions. This is very curious, since this is one case where more almost certainly doesn’t mean better.  Cyber security is becoming so complicated that just getting all the various moving parts working together is becoming an almost unmanageable problem, especially since most organizations are reporting a serious shortage of qualified security specialists.

IT infrastructures secured only around their perimeter are just no longer secure enough. The more they grow, the more scope there is for cyber attacks. Today people spend 80% of expenditure on reactive measures to such threats, whereas the focus should be on taking action that prevents such threats breaching the network in the first place. Amazingly, market research shows that security start-ups still focusing on reactive threat detection solutions, gets 72% of venture capital funding. When we would have expected them to be looking at more disruptive, preventative technologies. With 400,000 new Zero-Day threats appearing every day, IT infrastructures cannot be effectively protected if security isn’t taken into consideration from the very beginning (security by design). We urgently need to change our mindset.