The biggest security challenge facing individuals and businesses today isn’t scale. It’s hyperconnectivity. The various devices and applications being used in homes or at organizations have now become so intertwined that it’s hard to keep them separate. The cloud allows users to access data and information from any device with a Wi-Fi connection or data plan, and IT consumerization encourages those same users to download new applications and storage solutions to use and share across a wide variety of devices.
Organizations today are not only aggressively moving many of their workloads to the cloud, but many of them are doing so using a multi-cloud model. They leverage one provider for specific functionality and another for location or for cost. At the same time, critical data is being distributed and processed across a variety of additional cloud-based applications and services. Nearly all of them have some sort of a private cloud as well, with nearly half using multiple hypervisors to manage those environments.
Federal agencies are under pressure to make a timely, secure shift to the cloud with minimal disruption. For many, however, this is easier said than done. With a wide array of data that falls under a variety of privacy and protection regulations, "how?" is a complicated question.
Organizations are rapidly adopting mobility, IoT, smart devices, and multi-cloud computing to meet new networking requirements. These changes are increasing the speed and the volume of the data and traffic that networks need to process. These network resources are also being constantly added, removed, or connected to each other, keeping the network’s attack surface constantly changing. The result is we are also creating complex networks that are difficult to track and secure.
In the intensifying rush to develop and deploy network security strategies that can handle the drastic increase of today’s cyberthreats, I fear that many organizations are falling into a trap that is already having far-ranging consequences. Rather than approaching the admittedly intense challenges of security with the methodical approach and longview perspective of managers of complex data centers, they are behaving like harried consumers—reactively buying a specific, standalone solution to tamp down a challenge or crisis as it emerges. It is a tactical solution to a strategic problem—not only insufficient in the short-term, but also extremely corrosive to the long-term security and functionality of the systems that are designed to store and safeguard critical information.
While organizations are adopting new technologies and services, cybercriminals are developing sophisticated methods of attack to target new attack vectors, exploit unforeseen vulnerabilities, and gain access to user data and other network resources. With this increased threat landscape and growing sophistication of cyberattacks, visibility into existing security measures, and identifying those places where there may be gaps is especially important.
Hyperconverged systems are on the horizon, connecting new and existing environments in ways we may have never imagined. But careful planning can ensure that we make this transition smoothly and securely. It starts with insisting on open standards and integrated and interactive security systems designed to talk to each other, share information, identify and adapt to changes, and respond to events in a coordinated and collaborative fashion.
2017 was another landmark year for cybersecurity. In reviewing our quarterly Threat Landscape reports, it is clear that 2017 has been notable primarily for three things: the rapid digital transformation and expansion of the potential attack surface, the increasing sophistication of cyber attacks, and a lapse in basic cybersecurity hygiene, largely being driven by digital transformation coupled with the growing cybersecurity skills gap.
As global cyberattacks persist, cybersecurity is becoming a main focus in the C-suite. Gone are the days where it’s just a concern for IT teams. These rapid, sophisticated attacks across industries have demonstrated that cybersecurity is the responsibility of the entire organization as they seek to avoid the crippling effects associated with data breaches.