2020 was a very memorable year, largely due to the global COVID-19 pandemic which continues to have rippling effects. Among the ripples are significant shifts in technology usage and a surge in remote working—a reality that comes with new security concerns for CISOs. Jonathan Nguyen-Duy, VP, Global Field CISO Team at Fortinet, recently joined TAG Cyber to answer some questions about cybersecurity in the current and future technological landscape.
Jonathan – I've seen both governments and private sector companies focus on enabling their stakeholders to interact with their organization in a secure, seamless fashion. It's become all about making sure the end user can reach the resources and complete transactions – the business or mission outcome. Remote work strategies are also increasingly based on Zero Trust principles of ubiquitous least privilege to ensure that only authorized users or entities are able to access approved resources and that all traffic is logged and monitored.
With so many workers working from remote locations on personal and company-provided devices, we've also seen a tremendous interest in endpoint security, managed detection and response (MDR) capabilities, and virtual private networks (VPNs). In terms of technology and platforms, I think Zero Trust is critical to how we approach security as employees continue to work from home and organizations rely on a hybrid workforce model. Indeed, research suggests that a hybrid remote work model will be the norm going forward. So we’ll see more users requesting access from unsecured networks in homes, campuses, retail locations, hotels and other remote locations than ever before. That means the ability to monitor behavior and secure endpoints whether on-network or off-network becomes more important than ever.
The pandemic accelerated SaaS and multi-cloud adoption as organizations looked for greater agility, productivity and accelerated time to market. We’re witnessing the emergence of the software-defined enterprise the changes its making on enterprise architecture. As the processing and storage becomes more distributed and disaggregated, we’re seeing changes in how organizations approach networking and security. Accelerated multi-cloud adoption is rendering traditional private networks less relevant as there’s less need to backhaul traffic back to corporate data centers. Indeed, remote workers, branch offices and headquarters locations are increasingly directly connecting to multiple clouds and SaaS providers.
So we’re seeing demand for secure, application aware Software-defined wide area networks (SD-WANs). Multi-cloud and SaaS adoption mean there's less reason now than ever to backhaul all traffic to the data center on router-based multiprotocol label switching (MPLS) architectures in a hub and spoke model. The model moving forward focuses on the user or the entity sitting on some local area network (LAN), reaching across a wide area network (WAN) to access resources from multiple clouds. As the platform, infrastructure and software become more distributed and disaggregated, its clear that security and networking have to be integrated and automated across the LAN, WAN and cloud edges. In addition, security should come in multiple form factors and consumption models to suit an organizations unique requirements.
Jonathan – Going into the pandemic, research suggested that approximately 80% of all the attacks that lead to breaches and disruptions could have been mitigated with simple to intermediate controls. Indeed, 99% of vulnerabilities exploited were known for at least a year, and patches were available. Complexity and lack of visibility on network edges are often the cause of problems. The pandemic accelerated digital transformation, expanding perimeters and the number of network edges. Now those edges are multiplying, and we have to worry about not only the enterprise perimeter but our wide area network and the multiple clouds that we use.
Wherever these edges come together, gaps can appear. These gaps result from lack of visibility, as well as integrated and automated security on network edges. And this is how vulnerabilities go unpatched, misconfigured devices not identified and anomalous behavior not detected. You need an integrated approach that is broad enough to cover that environment from the LAN edge, to the WAN edge, to the cloud edge. Finally, you must have artificial intelligence (AI) because there's no way humans can keep pace with the volume, variety, and velocity of the data. That's why a Fabric approach to cybersecurity is more critical than ever for customers.
Jonathan – Too many alerts, coming from too many devices and management consoles, are stretching under staffed security teams and the accelerated pace of digital transformation only makes it harder. AI-based security operations (SecOps) can help security teams analyze and investigate new threats in the shortest period of time, freeing up the human analysts to focus on more complicated and critical tasks. Building on that, we can leverage AI and an integrated security fabric to develop automated playbooks that can quickly and mitigate threats. In addition, AI-based security operations can identify vulnerabilities so that patches can be applied or compensating controls implemented.
Jonathan – One of the things that we see on the immediate horizon is edge computing, which puts the processing and storage as close as possible to where the data is being used to accelerate response times and save bandwidth – leading to better, faster business outcomes and customer experiences. Often operating at 5G speeds, edge computing also poses new security challenges. As the volume, variety and velocity of data increases, the ability of traditional platforms to keep pace is going to be seriously challenged. As the operating environment becomes more distributed and disaggregated, more than ever, we need to think about consolidation and integration. Having multiple, non-integrated platforms, from multiple vendors, using multiple management consoles simply cannot provide security at the speed and scale needed for edge computing, let alone the other requirements of today’s highly distributed enterprise.
We will also see a focus on hyperscale operations. And what I mean by that is we will see huge payloads. As we think about contactless commerce and things like healthcare, where you’ve got all types of confidentiality, compliance and regulatory restrictions to abide by but you’ve also got huge payloads that need to be supplied and delivered from multiple locations, security becomes increasingly complex. And so hyperscale operations will be a huge focus for organizations across verticals, including healthcare, retail, government and operational technology (OT). And I don’t see the death of the private cloud or the data center either, because organizations are seeing some of the limitations of the public cloud and the need for hybrid cloud environments.
All of this considered, it is critical for CISOs to seek out a security vendor that can help manage that complexity through integration and automation, while ensuring security and performance. These will be the key considerations as we see the evolution of the digital, virtual and software-defined enterprise.