Sylvain Cazard, VP SDDC EMEA, VMware
CIOs and security managers are feeling increasingly anxious. Cyber attacks of all kinds are constantly in the press, and the financial consequences continue to worsen, almost daily. The stark reality is that businesses are falling victim to cybercrime on a more and more frequent basis. Investing in traditional cyber security products is all well and good, but they are becoming less and less effective. The processes that worked in the past have clearly reached their limits. It’s time to urgently rethink our approach.
A digital economy will only work if we can trust it. In a recent study we conducted with Forbes, only 21% of managers interviewed said that they felt confident about the security of their IT infrastructures. Considering the fact that our economy has become completely dependent on digital technology, this is a major cause for concern. While the benefits of the digital revolution are undeniable, the efficacy of our current cyber security measures is under serious scrutiny. For a long time, cyber security has been based on the idea of an impenetrable fortress — a clearly defined and well-protected wall behind which we hoped our data was completely secure. This strategy was certainly effective when on-premises data centres processed all corporate data, but IT has moved on a lot since then. New application models and the apps they produce are thriving and are ubiquitous in our current economy. Wireless networks keep us connected everywhere we go, but the security of these networks cannot always be guaranteed. Data is transferred from one cloud to another, and the billions of connected devices create even more potential vulnerabilities. The attack surface is now almost infinite — our fortress is beginning to look more like a colander and we’re scrambling to fill the holes with more and more diverse point solutions.
In one sense, cyber security is coming to the end of a long cycle. We are continually churning out ‘new’ security solutions without any evidence of their effectiveness. It’s fairly common for an organization to have well over 20 suppliers providing supposedly interlocking security solutions. This is very curious, since this is one case where more almost certainly doesn’t mean better. Cyber security is becoming so complicated that just getting all the various moving parts working together is becoming an almost unmanageable problem, especially since most organizations are reporting a serious shortage of qualified security specialists. IT infrastructures secured only around their perimeter are just no longer secure enough. The more they grow, the more scope there is for cyber attacks. Eighty percent of expenditure is spent on reactive measures to such threats, whereas the focus should be on taking action that prevents such threats breaching the network in the first place. Amazingly, market research shows that 72% of venture capital funding being given to security start-ups still focuses on reactive threat detection solutions, when we would have expected them to be looking at more disruptive, preventative technologies. With 400,000 new Zero-Day threats appearing every day, IT infrastructures cannot be effectively protected if security isn’t taken into consideration from the very beginning (security by design). We urgently need to change our mindset.