As the proportion of business transactions conducted electronically continues to rise, maintaining the trust of customers has never been more important.
E-commerce, cloud-based services and mobility have reshaped the business/customer relationship. However, while customers are keen to take advantage of the improved convenience and efficiencies on offer, they are also wary of the potential threats posed by cyber criminals.
For businesses, this means being ever vigilant. Falling victim to a security breach or cyber attack can result in heavy losses. Customers are likely to take their business elsewhere and bottom-line profits will dive.
Frustratingly for business, the increasing sophistication of attacks means traditional approaches to IT security are no longer providing sufficient levels of protection. Widely used appliance and software-based security architectures are unable to deal with the types of attacks now being experienced.
The situation is exacerbated by the sheer number of security point solutions many organisations have in place. These have often been deployed in response to specific requirements with little or no thought given to the adoption of an overall strategy. As a result, IT teams have to contend with hundreds (or even thousands) of alerts coming in and have little hope of efficiently analysing them to determine which require a response.
A recent survey conducted by Forrester Consulting, and commissioned by Zscaler, found data security is considered a critical component when it comes to an organisation's ability to compete in its chosen market. The results of the research, which involved in-depth surveys of 130 US-based IT security or strategy decision makers, clearly show that taking a steady-as-she goes approach to security is no longer good enough.
Taking an integrated approach
As part of the research, survey respondents were asked whether they felt integrated security platforms delivered more effective results than point products. Overwhelmingly, 98% indicated this was the case.
This result clearly shows security professionals recognise the era of point-security solutions is over. Instead, they are looking for integrated platforms that combine multiple functions into a single, robust framework. Such a platform should offer unified administration, policy management, reporting, analytics, and threat detection.
Interestingly, the attitudes identified by the research are at odds with the way most security vendors continue to deliver their technology with large numbers remaining focused on providing point solutions. Many have been slow to develop integrated, platform-based offerings that efficiently integrate endpoint and network security.
The research shows, however, that customers are no longer satisfied with this strategy. They understand that taking a fragmented approach can create a significant barrier when it comes to taking advantage of advanced security techniques.
The research found 63% of companies were keen to take advantage of advanced analytics as part of their security strategy. Of those surveyed, 52% identified machine learning and 64% pointed to encryption as higher-level technologies that could be used once an integrated security platform was in place.
The importance of the Cloud
As well as expressing a preference for an integrated platform approach to solving their security challenges, survey respondents also identified cloud-based resources as an integral part of their ideal mix.
The ability to use cloud-based security to secure crowd-sourced threat intelligence was identified by 59% of respondents. At the same time, having cloud-scale visibility was nominated by 73% while 55% specified a desire to be able to take advantage of advanced anomaly detection based on unsupervised machine learning.
The results clearly demonstrate most organisations believe cloud security-as-a-service offerings can deliver better security than on-premises hardware or software security offerings. The survey found 48% of IT decision makers have, as a top-three goal, the adoption of cloud security-as-as-service to secure areas that on-premise deployments cannot. These include areas such as remote locations, mobile devices, and rapidly evolving Internet-of-Things (IoT) infrastructures.
Clearly, IT professionals acknowledge that the value, flexibility and scalability of cloud solutions can deliver to them a more secure environment overall.
Strategy for a secure future
Based on the demand for an integrated platform and cloud-based approach identified by the survey, there are some key steps organisations should take when building their security strategy. They include:
- Making integration a must-have feature for all security technologies within an infrastructure. As each component is added it should be able to hook into a central management platform.
- Creating a comprehensive data security strategy designed to address all channels and devices used to access sensitive assets. This should cover everything from employee-owned devices to data stored on cloud platforms.
- Ensuring end-point protection by adopting solutions that use dynamic analysis, such as application or process sandbox analysis and user or kernel activity behaviour monitoring.
- Taking advantage of cloud-sourced threat intelligence to learn from attacks experienced by other organisations.
By following this strategy, organisations can be sure they have an effective security infrastructure in place that will significantly reduce the likelihood of successful attacks. Customer service and satisfaction can then be confidently maintained.