Presented by OpenText
Let me start with a clear warning — history is not a guide when it comes to security. We need to throw away traditional thinking and the comfort of the status quo. The conventional rules, handed down between generations, need to be smashed in order to secure modern enterprises in Industry 4.0.
There are three reasons traditional security models no longer apply:
First, the bad actors are already inside your firewall and systems. It is important to remember there are two types of companies: those that have been hacked, and those that will be. Security can be strengthened significantly by shifting from a perimeter-only approach, to a comprehensive approach which acknowledges this reality, and lets you locate these actors and understand their dwell times and patterns. While we used to fight to keep the bad actors out, a modern approach also needs a plan to kick them out.
Second, you are no longer fighting humans, you are fighting machines. Automation and AI are wonderful things when applied to solving problems. Security teams strapped for human talent will, and do, rely on machines to augment their forces. However, attackers are doing the same. Machine to machine combat operates at a galactic scale, with volume, speed, and agility humans can scarcely comprehend.
Third, your end users have created a “mindset of zero.” Today’s technology users are digital nomads. They are mobile and virtual. Their devices (phone, tablets, notebooks, laptops, etc.) are their endpoint, and they are personal. These users and their endpoints switch from personal, to public, to corporate networks automatically and seamlessly. They demand zero friction in their work and life, zero bias in the workplace, zero waste in the environment, zero risk in where or how they transact, and they want zero infrastructure beyond their endpoint. This is the mindset of zero.
Dear CIOs, CISOs, and DPOs: you own endpoints off your network. Right now, an employee is sitting at a Starbucks or Tim Hortons working on open networks. You own that. A developer opens up a VM on Google, Amazon, or Azure — you own that too.
This reality, with all of its wonderful benefits, demands a mindset of zero-trust. Digital identity must always be verified. You can see this zero-trust reality in the large security breaches that make it into headlines. Equifax, Yahoo!, Marriott, Sony Pictures, and First American Financial Corp are just some major names from recent headlines. Security needs to move from data center operations to become a priority of senior business leaders and the board room.
We have never moved so fast, and it is never going to move this slow again. When Quantum enters the world, and it will in ten years, we will live in a world where there are no safe passwords. That is a topic for another day, but it is a potent example of why conventional approaches will not secure modern enterprises.
Accenture and the Ponemon Institute have reinforced that cybercrime is “increasing, takes more time to resolve and is more expensive for organizations.” In fact, after surveying hundreds of leading companies, they found the average cost of cybercrime to organizations rose 12% last year to $13 million. Compared to the midyear of 2018, the number of reported breaches was up 54% and the number of exposed records was up 52% — setting up 2019 to be the “worst year on record.”
Compounding the challenge is the well-known fact that information security teams are often understaffed and under-resourced to deal with the scope and scale of cyberattacks. And the scale is immense. The global 10,000 customers we work with easily receive a million security alerts every day. They are expected to detect, assess, and recover from a breach in real time. Machines attack machines, machines need to defeat machines.
Clearly, the traditional castle-and-moat approach to cybersecurity is dead. In fact, the castle doesn’t really even exist anymore. The days of contained, on-premise networks are long gone. Today, we operate on- and off-cloud. Employees, customers, partners, and vendors access our systems from personal devices all over the world. So how do we secure a castle with no walls, moat, or even a really decent fence?
To truly make security Job #1, companies will need to change their mindset, turn to extreme automation, and provide a new approach to end-points and identity. There is a lot of work to do, and relying on traditional models will only slow us down.
Until both vendors and enterprise businesses change their approach to cybersecurity, the problem will only grow — especially as we digitize more information, connect more things, and disrupt more and more traditional business models. I’m looking forward to discussing security in a zero-trust world and why security must be Job #1 with leaders from both the public and private sectors in cybersecurity, digital investigations and legal technology at Enfuse 2019.
Come join the discussion in Las Vegas Nov. 11-14, with myself, our experts, and the former director of national intelligence, James Clapper.
Mark J. Barrenechea, is CEO and CTO at OpenText.
Sponsored articles are content produced by a company that is either paying for the post or has a business relationship with VentureBeat, and they’re always clearly marked. Content produced by our editorial team is never influenced by advertisers or sponsors in any way. For more information, contact firstname.lastname@example.org.