DISCLAIMER: this article is older than one year and may not be up to date with recent events or newly available information.
Do you want to have the freedom and flexibility to innovate and compete whilst ensuring your most valuable assets are secure? The only thing growing faster than security spending is security losses and when it comes to planning and priorities.
During this year’s VMworld in Barcelona, we hosted a NSX security session discussing cyber security topics around managing data, ensuring compliance and preventing cyber attacks. We were joined by a panel of six experts to debate the latest security issues;
- Tom Corn, Chief SVP, Security Products, VMware
- Jeremy Van Doorn, VMware
- Matthew Bunce, Consultant and vExpert NSX
- Dharminder Debisaran, Product Marketing Manager-Cloud Security Lead EMEA, Palo Alto Networks
- Mr Alessandro Menna, Cyber Security & ICT Solutions, Leonardo
- Andy Kellett, Principal Analyst, Ovum
So, in case you missed it, we’ve pulled together the top five security strategies to help you address this new cyber security frontier.
- Focus on Applications
We kicked off the session emphasizing the importance of architecting security. The focus must shift from the data center to the application, making it harder for attackers to move laterally within a virtual network. To do this, it is crucial to work together, and that’s where our security vendors come in – to help create a security ecosystem.
There are three attack vectors against which organisations must defend themselves – network connectivity; sniffing and spoofing; and the compute stack. To protect individual applications, micro-segmentation is crucial in creating a virtual network at the application level. It assumes threats can be anywhere, and everywhere, ultimately increasing visibility of the environment. Therefore, it’s vital for IT professionals to promote the value of micro-segmentation to business leaders, especially within today’s threat landscape.
2. Supply chain relationship
Many organisations have both upstream and downstream supply chains, and the exchange of information through mobile devices and cloud computing makes businesses more vulnerable to the risk of cyber breaches. Nevertheless, supply chains are widely overlooked by businesses, despite organisations increasingly recognising the importance of information security.
Businesses can have the most robust security measures, but if a supplier’s security is not as robust, hackers can threaten your business through the supplier. Organisations must select suppliers who are reputable and reliable with strong security measures in place.
An interesting point was raised about government policy being crucial in protecting cyber attacks that may occur through these upstream supply chains. Not only can government policy ensure measures amongst suppliers will be implemented, it also fosters the level of awareness amongst business leaders. Specifically the GDPR, set to be formally introduced in two years’ time, aims at helping enterprises and public organisations strengthen and enforce the security of personal data.
3. Embrace automation
Automation is key to in creating an extra line of defence for organisations. Securing the network at the application level is vital, but humans are incapable of keeping up with the sheer volume of incoming threats. Automation helps us step away from human error and provide protection for the whole environment. Specifically, VMware NSX enables the automation of network provisioning, looking at the workload and not just the perimeter. Essentially, automation helps organisations deploy a thorough defence against cyber threats.
4. Secure the Internet of Things
As businesses seek to embrace industry 4.0 and become digitally led, protection must be a top priority for organisations. Businesses are increasingly connecting multiple devices to a network so that data can be shared. However, the growth of internet-connected devices, in a world of permanent technological revolution, also brings an explosion of vulnerabilities to businesses. Ultimately, if we can’t trust a device, then it should not be allowed on the network.
5. Encourage accountability and engagement
So, who’s to blame for a cyber attack? Towards the end of the session, the panel debated about who should take responsibility for data breaches. Overall, it was agreed organisations must build the relationship between the IT team and the board of directors, specifically when it comes to reporting to the C-suite. The IT department can provide reports, dashboards or have weekly meetings to keep the C-suite up to date. This is especially important as our research revealed one in four IT decision makers admitted to not disclosing a significant data breach to senior management.
The key is to ensure the wider workforce is educated about security threats. It should be every employees’ responsibility to look after security, so that businesses can effectively prevent cyber breaches without harming business productivity.
If you want to learn more about these topics, don’t forget you can listen to the full session here.