Three steps  to restore confidence in cybersecurity 

Posted on 26/07/2019

The IT security industry has not managed to make businesses feel more secure. Organizations have been increasing their investments in security software and hardware for many years. Yet a recent study found that only a quarter of business leaders across EMEA are confident in their current security.

The increasingly complex, mobile, connected digital world forms a continuous challenge for enterprises to adequately protect themselves against digital threats.

So, should we just go on increasing our investments? 83% of respondents to the VMware/Forbes Insights survey are planning this for at least the next three years! Hardly: while security spending has been consistently going up, the economic impact of cybercrime has, according to the EU, risen fivefold from 2013 to 2017. Simply spending money on the same security won’t fix the problem. Don’t get me wrong, investment is needed. But we should invest wisely and rethink in the way we approach security.

Three steps to fix cyber security

More specifically, three things need to happen.

Firstly, we need to stop focusing as much on threat detection.

According to our own analysis, 80% of enterprise IT’s investment in security goes on reactive measures. 54% of respondents to the VMware/Forbes Insights study say they plan to spend even more on detecting and identifying attacks.

Yet if you’re constantly chasing the next threat that means you’re already behind. Threats are evolving rapidly. And detection tools will only defend your organization against copycats, not against those attackers that do something different. Moreover, there needs to be a shift away from merely trying to prevent breaches at all costs. The inevitably of breaches is a reality. So, what matters is how quickly we can detect them and take effective mitigating action. In short, definitely invest in detection, but also invest more in prevention.

Secondly, the real focus should be on applications.

Knowing more about the known good application behaviour becomes critical. With this in mind you can focus on understanding the 50 things that should be happening. R rather than trying to protect against the 50.000 that shouldn’t. Think about it this way. When you get out of bed in the morning, and you feel unwell, you don’t make a mental list in your head of the thousands of different viruses that could be the cause. Instead, you focus on the sore throat or painful eye that hurts. Because you know your body, you immediately identify what’s unusual. The same approach can be taken to security. When you are understanding how applications actually work, you can focus on enabling their effective operation rather than on restricting them due to risk aversion.

When you get out of bed in the morning, and you feel unwell, you don’t make a list in your head of the thousands of different viruses. Instead, you focus on the sore throat or painful eye that hurts.

Finally, all of this is just not possible without truly intrinsic security.

It means that you get rid of the 50 to 100 different security products, that need to be managed, updated and patched individually while making sure they’re aligned and connected to relevant apps, which in turn also need constant management and updates. It’s intricate, cross-connected and overly complex. What if we could instead focus on one overarching software layer? Common across apps and data, wherever they reside: private data centers, clouds, edge, containers, desktops, and mobile devices? By protecting the network, the common element that touches everything, you’re securing every element connected by the network, whether they are within the company walls or in some form of cloud. Deploying virtual cloud networks gives enterprises a universal fabric – secure that and everything it touches is secure. It’s more efficient, easier to manage. It’s also automated, freeing up your people to focus on more valued-adding innovation tasks.

A multi-layered approach

With these three focuses combined you get a multi-layered approach to security. Firstly, providing proactive prevention alongside threat detection. Secondly, zooming in on what’s good rather than spending exhaustive time and money on assuming the worst. And thirdly, leveraging the benefits of cloud infrastructure to protect the organisation.

Eventually, the infrastructure is genuinely inherently secure. If one layer or element gets breached, then the next element is secure, and the next, limiting the damage that can be done. It recognises that breaches are a case of when, not if, and acts accordingly. In doing so, we can all improve confidence in our security policies and procedures, cut down on unnecessary spending, and reduce the damage successful attacks can cause. And, importantly, this built-in security means an organization can take the business in any direction, innovate and add new IoT, AI and ML technologies, knowing that the heart of the business will remain secure.


Category: Business, Network & Security

Tags: , , , , ,

Related Articles

Posted on 03/01/2019 by vmwarebelgium

Networking and security transformation

 As we move into 2019, we thought we’d share a recap of key announcements supporting our strategic IT priorities. In this blog: all about Networking and security. These core pillars define our approach to the support we give our customers. At VMware we focus on supporting their digital transformation, from infrastructure through delivery and security […]

3 minute read
Posted on 06/06/2017 by blogsadmin

Taking control of IoT from inception to production and beyond

The exciting potential of the Internet of Things is predominantly about getting value from new sources of data through analytics. But for many of our customers, there are stumbling blocks in getting to a stage where IoT can yield a return-on-investment. That’s why at VMware, we’ve decided to take away many of the obstacles that […]

2 minute read
Posted on 08/11/2016 by blogsadmin

What’s your plan for tackling the new cyber security frontier?

Do you want to have the freedom and flexibility to innovate and compete whilst ensuring your most valuable assets are secure? The only thing growing faster than security spending is security losses and when it comes to planning and priorities. During this year’s VMworld in Barcelona, we hosted a NSX security session discussing cyber security topics […]

3 minute read

Comments

No comments yet

Add a comment

Your email address will not be published.

*

This site uses cookies to improve the user experience. By using this site you agree to the privacy policy