Today’s cybersecurity professionals find themselves engaged in asymmetric warfare – and often on the losing end. The pace of digital transformation has opened a far wider surface for these malicious actors to attack, with cyber defences playing constant catch-up to cover that ever-expanding surface before a threat succeeds. Equalising this uneven playing field requires more than just greater sophistication and speed in cybersecurity innovation. It demands an entirely new mindset to securing the enterprise – one that embeds cybersecurity into every layer of technology throughout the organisation. In other words, cybersecurity needs to undergo its own form of digital transformation, or risk being disrupted by cybercriminal “competitors” whom it simply cannot afford to lose to.
From edge to everywhere
Today’s cyber defences have evolved substantially since the earliest days of antivirus, firewalls, and endpoint protection, but relatively little has changed at a fundamental level. Cybersecurity efforts remain almost entirely focused at the point where data moves in and out of the data centre or organisation. As new threats emerge, new defence technologies are developed and deployed to the perimeter to “keep the bad guys out”, resulting in the arms race of threat-defence-counter that we see today.
These traditional defences, however, have two fundamental weaknesses that cannot be overcome by simply building a better digital mousetrap. First, many cybersecurity threats, including those caused inadvertently by user error, occur not on the perimeter but from within the organisation itself. Edge-based cybersecurity technologies lack the context, or the capacity, to assess what we call “interior traffic” – the enormous amount of data flowing between different technologies in the digitally transformed enterprise – that can help it identify potential threats with much higher levels of timeliness and accuracy.
Second, perimeter defences are relatively easy to disable. Most such defences are quickly bolted onto the digital environment as it expands in a bid to cover the threat surface – and can be just as quickly turned off by malicious actors who gain even limited access. That vulnerability comes from the deeper mindset that security runs separately to, or on top of, the technologies that it protects. But it shouldn’t.
Instead, cybersecurity needs to be an intrinsic, inseparable part of every technology deployed in the digital enterprise. Doing so allows IT to secure not only edge traffic, but interior traffic as well. Embedding security into the core fabric of infrastructure also prevents malicious actors from simply disabling security systems – a near-impossible task when such systems are the cloud or the network. Finally, this intrinsic approach also reduces many of the operational struggles associated with the cybersecurity arms race: patching, integrating, and otherwise maintaining defences to keep up with the rapid pace of digital transformation.
Intrinsically different, inherently more secure
The key to such an approach is software. For us, the focus of our cybersecurity efforts has been the virtual machine itself: embedding firewalls or other defences into the virtual layer or container allows for a much more application-centric approach to cybersecurity, one which recognises what we call the “known good” (or acceptable behaviour) of each application that it secures. As new applications are introduced, or existing ones scale up, they remain more secure with minimal additional effort, because their defences are already a part of the basic infrastructure that they run on.
Software also increasingly governs the network, and the entire datacentre itself. Building security functions into the platforms for network virtualization, or storage virtualization, not only reduces the threat surface of that aspect of infrastructure; it also allows for increasingly coherent and consistent security policies across all parts of the datacentre and the enterprise. In a hyper-distributed environment where apps, data, and infrastructure live in more locations than ever before, that common fabric plays an increasingly important role in securing the entire enterprise.
This new approach to cybersecurity is no less than a digital transformation of its own. It requires enterprises to radically rethink everything from strategy to investments, potentially even doing away with the idea of an organisational perimeter altogether. Many of the businesses we work with have begun to ask the question: “Why do I even need an edge firewall anymore?” Different organisations will have different answers, but it’s a question that deserves to be asked in a world where BYOD, public cloud, and the Internet of Things have blurred the definition of where the enterprise boundary ends.
Ultimately, however, businesses will need to at some point apply the principles of digital transformation to cybersecurity if they want to continue growing and evolving at an accelerating rate. Left too long, an outdated approach to cyber defence can only have a chilling effect on innovation and agility in every aspect of the business. Transform that approach with a renewed mindset – one that sees cybersecurity not as an addition to, but an attribute of every technology – and IT may find the asymmetry of cyber warfare turning in their favour.