Its been a cloudy blog of a fortnight (pardon the pun but I couldn’t help it). To summarise we have been looking at the changing IT landscape and the consequent change in the threat landscape. We then looked at how organisations need to change their approach to cloud security to address this new reality.
The age of digitisation is bringing about a dramatic change to the IT landscape. Digitisation is about new efficient ways of doing things at scale. It’s about automation and new ways of engagement with customers in a way that suits them and at a time that suits them.
Digitisation is turning century old industries on its head as new players emerge that are agile, visionary and creative at a rate it’s outpacing their peers.
The new IT landscape is about DevOps “scoring an end goal” around or despite IT. Being applied to conceive and deploy apps in a fraction of the time it used to take using a conventional approach. Its about using the cloud to take advantage of Infrastructure, Platform or Software as a Service and being able to globally scale an application.
The new IT landscape is also about anytime anywhere access for users/employees. Power is being devolved to branch offices because they need better connectivity to access their new apps in the cloud. Analysts are saying that approximately 50% of users now access their applications remotely and 25% actually work remotely.
We also need to factor the explosive growth of IoT and the pervasive use of mobile devices to access the web.
Digitisation is a bright new horizon but it also brings major security headaches. Some of these include;
- A massive increase in cyber attack landscape, more devices, more apps, more points of access
- Increase in the number of alerts security teams need to process and understand
- More applications to monitor and manageLack of visibility in what users are doing and how they are using apps
- The growth of shadow IT exposing corporate information and services to attacks
- Outdated non-cloud savvy security relative to the emerging landscape
Cyber attackers have evolved in sophistication to keep apace of the changes in IT. They constantly evolve their exploits, they are offering attacks as a service, they are using cloud scale computing power as well. Cisco’s annual cyber security report identifies that the scale and sophistication of attacks have increased over the past 12 months.
Security teams need to evolve their approach to security making it cloud centric with the ability to protect users and data anywhere anytime. Remember cloud services still require organisations to take responsibility for the security of their data. Gartner has identified that 95% of data breaches will be the fault of the end user.
Some of the essential tools that security need to include in their new armoury include secure DNS services as well as CASB services. DNS will block access to malware sites before they happen, or if a machine has been infected, it will block the command and control call back. CASB has the ability to monitor user activity in the cloud, profile applications in use and prevent data leakage. Both tools can also provide invaluable visibility into the normal behaviour of users and trigger protective actions and alerts as and when behaviour varies from the norm.
14 Day Free Trial of Cisco Umbrella
Get started in 30 seconds
No credit card or phone call required
WHAT IS INCLUDED?
- Threat protection like no other — block malware, C2 callbacks, and phishing.
- Predictive intelligence — automates threat protection by uncovering attacks before they launch.
- Worldwide coverage in minutes — no hardware to install or software to maintain.
- Weekly security report — get a personalized summary of malicious requests & more, directly to your inbox.
- 1,000+ users? — You’re eligible for the Umbrella Security Report, a detailed post-trial analysis.
See how easy Umbrella is to instal