Digitisation has meant the wholesale adoption of cloud services.
We are going to cover 5 key cyber security elements to help your business navigate the changing IT landscape. These elements are;
- Lifecycle Approach
- Integrated Systems
- Layered Architecture
- Insight and Analytics
Digitisation is solving problems, creating opportunities and rewriting the way in which your business engages with your customers. At the forefront of the cloud services revolution is storage and SaaS. These functions give you the ability to design, build and deploy a new application. This is happening right now at unprecedented speed and scale.
Cloud services bring with it great flexibility to your business along with a number of other benefits. While at the same time extending the cyber security attack surface and hence opportunities that the ‘bad guys’ have to compromise your users and data. At the same time, the sophistication of attacks is increasing as attackers take advantage of the very benefits that attracted you to the cloud.
Attackers have access to stolen credentials, host malware on legitimate cloud platforms such as AWS, Google and can generate legitimate certificates for illegitimate purposes thus appearing to be credible.
Your business needs a robust and advanced security architecture built on the back of an executive-sponsored cybersecurity policy to combat the threats. The security architecture needs to be an extension and enhancement of your existing security posture enabling seamless support of your users, data and applications anywhere they choose to work from.
Surveying the common systems that you may already be deployed for cybersecurity protection, we are likely to see the following components;
- Perimeter Firewall – protecting your inside hosts from external threats/connections by using network address translation and stateful packet inspection
- Anti-Virus Protection – endpoint protection against known virus signatures
- Anti-Malware Protection – endpoint protection against known malware types
- Email Protection – scanning of email content to protect against malware attachments, phishing and spam
As the IT systems and services landscape changes, it is necessary for your protection systems to be constantly reviewed and changes made where necessary to be relevant to the rapidly evolving landscape. The approach of IS teams to protection is evolving to the meet the emerging threats in the digitisation/cloud era whereby technology is now just a tool of the cybersecurity policy.
Your evolving approach should be about taking a holistic view that can adapt ahead of or in line with the threats. Five important elements of this evolving approach are outlined below.
- Automation – potential attacks now need to be stopped in their tracks automatically and cannot wait for attacks to be identified and mitigated by human interaction. In the digitisation, cybersecurity must have the ability to automatically learn about new threats and decide which ones to block while alerting the monitoring systems
- Lifecycle approach – security solutions must provide a methodology that addresses the 3 phases of a cyber attack, preventing attacks before they happen, detecting and blocking attacks in motion while also collecting details of security events through all phases in order to conduct detailed analysis and learn lessons from attacks
- Integrated systems – systems need to be integrated in order to share intelligence so that all components in the system of protection can update their configuration to reflect emerging threats and trends
- Layered Architecture – protection systems of necessity need to be based on a layered architecture thus following a methodology and approach designed around the business assets, priorities and policies. An architectural approach will incorporate multiple interconnected protection mechanisms and technologies to mitigate threats and stop attacks, such an approach will also provide the same levels of protection irrespective of whether a user is working remotely or on business premises
- Insight and Analytics – systems need to have a complete and comprehensive view of IS environment including who is connected, when and from where they are connected, and what they are doing. The system also needs to include incident and event monitoring to aid in an investigation of incidents and importantly provide the detailed information that may be required to report breaches of sensitive data under compliance regulations such as GDPR
A number of new technologies have emerged which underpins the evolving approach to protection such as security internet gateway and cloud access security broker. These technologies and the role will be reviewed in our next blog.