Organizations are rapidly adopting digital innovation (DI) initiatives to accelerate their businesses, reduce costs, improve efficiency, and provide better customer experiences. Common initiatives involve moving applications and workflows to the cloud, deploying Internet-of-Things (IoT) devices on the corporate network, and expanding the organization’s footprint to new branch locations.
Related Category: Security Operations
Type of Content: Articles
With this evolving infrastructure also come security risks. Organizations must cope with growing attack surfaces, advanced threats, increased infrastructure complexity, and an expanding regulatory landscape. To accomplish their desired DI outcomes while effectively managing risks and minimizing complexities, organizations need to adopt a cybersecurity platform that provides visibility across their environment and a means to manage both security and network operations easily.
The Fortinet Security Fabric solves these challenges with broad, integrated, and automated solutions that enable security-driven networking, zero-trust network access, dynamic cloud security, and artificial intelligence (AI)-driven security operations. Fortinet offerings are enhanced with an ecosystem of seamless integrated third-party products that minimize the gaps in enterprise security architectures while maximizing security return on investment (ROI).
Across economic sectors worldwide, DI is seen as an imperative to business growth and improved customer experience. CIOs are generally positive regarding their DI initiatives, with 61% stating that they have significant cloud, IoT, and mobile operations already in place.2
From the perspective of cloud service provider IT and cybersecurity leaders, DI translates into a variety of changes to their network environments. Users are increasingly mobile, and they are accessing the network from locations and endpoints that are not always under corporate IT control. They are also connecting directly to public clouds to use key business applications, such as Office 365. Outnumbering the human-controlled endpoints are IoT devices, which are widely distributed, often in remote and unsupervised locations. Finally, cloud service provider business footprints are diffusing into numerous and far-flung branches, most of which connect directly to cloud and cellular services, bypassing corporate data centers.
All these changes render obsolete the concept of a defensible network perimeter, requiring cloud service providers to adopt a new multilayer defence-in-depth strategy.
Almost every business has started to move some workloads and applications to the cloud—or at least plans to do so. These decisions are often driven by the desire to reduce costs and to improve operational efficiency and scalability by taking advantage of the flexibility that the cloud provides.
Cloud service providers offer a wide range of possible deployment models. Businesses can take advantage of Software-as-a-Service (SaaS) applications and services such as Salesforce or Box. Alternatively, applications designed and deployed in on-premises environments can be lifted to Infrastructure-as-a-Service (IaaS) or Platform-as-a-Service (PaaS) deployments such as Amazon Web Services (AWS), Google Cloud Platform (GCP), Microsoft Azure, Oracle Cloud Infrastructure, and IBM Cloud.
Wary of cloud service provider lock-in and aiming to deploy each application and workload in the cloud for which it is best suited, many organizations have adopted a multi-cloud infrastructure. The downside of such freedom of choice is the need to learn the idiosyncrasies of each cloud environment. In addition, they must use different tools to manage the environment and its security provisions, which obfuscates visibility and necessitates the use of multiple management consoles for policy management, reporting, and more.
Endpoints are arguably the most vulnerable nodes in the cloud service provider’s network. The larger providers have thousands of employees, each using multiple work and personal devices to access network resources. Ensuring cyber hygiene and up-to-date endpoint security on all these devices is a formidable task. Even more daunting is the proliferation of IoT devices. By the end of 2019, the number of active devices exceeded 26.66 billion, and, during 2020, experts estimate that this number will reach 31 billion.5
IoT devices are present in numerous business contexts. They provide personalized experiences to retail and hospitality customers, track inventory in manufacturing and logistics, and monitor devices on factory floors or in power plants.
Often ruggedized and power-efficient, IoT devices focus on performance, often at the expense of security features and secure communication protocols. And unlike most network-attached devices, IoT equipment is commonly deployed in remote locations, out of doors, or in unstaffed or infrequently staffed facilities (such as power stations). From these insecure locations, the equipment frequently transmits critical, sensitive data to on-premises data centers and to cloud services.
As companies expand their global footprint by opening new facilities, branch offices, and other satellite locations, they experience increasing wide-area network (WAN) bandwidth constraints. Although SaaS applications, video, and Voice over IP (VoIP) boost productivity and enable new services, they also contribute to an exponential growth in WAN traffic volume.
Highly reliable multiprotocol label switching (MPLS) has been the WAN connectivity technology of choice for many years. However, with MPLS it is difficult to optimize WAN bandwidth use and to vary quality-of-service levels as needed for different applications. As a result, branch expansion and service enhancements can quickly lead to exploding WAN costs.
Consequently, organizations are turning to software-defined WAN (SD-WAN), which makes efficient use of MPLS, internet connections, and even telecommunications links. Plus, SD-WAN dynamically routes each kind of traffic over the optimal link.
As organizations proceed enthusiastically with DI initiatives, the implications for network security are often overlooked or minimized. In fact, almost 80% of organizations are adding new digital innovations faster than they can secure them against cyber threats.9
IT leaders face four key challenges in designing secure architectures for their digitally innovating businesses:
Sensitive data can potentially reside anywhere—and it can travel over numerous connections outside enterprise control. Applications in the cloud are exposed to the internet so that every new cloud instance creates a new facet of the enterprise attack surface. IoT devices extend the attack surface to remote, unstaffed locations. In these dark parts of the attack surface, intrusions can fester unnoticed for weeks and months, wreaking havoc on the rest of the enterprise. Mobile devices and user-owned endpoints bring unpredictability to the attack surface, as users roam between corporate locations, through public spaces, and across international borders. In fact, extensive cloud migration, extensive use of mobile platforms, and extensive use of IoT devices are factors amplifying the per-record cost of a data breach by hundreds of thousands of dollars.10
This expanded, dynamic attack surface dissolves the once well-defined network perimeter and the security protections associated with it. It is much easier for attackers to infiltrate the network, and once inside, they often find few obstacles to moving freely and undetected to their targets. Therefore, security in DI enterprises must be multilayered— with controls on every network segment—based on the assumption that the perimeter will be breached sooner or later. And access to network resources must be based on least privilege and continuously verified trust.
The cyber-threat landscape is rapidly growing as bad actors attempt to circumvent and defeat traditional cybersecurity defenses. Up to 40% of new malware detected on any given day is zero day or previously unknown.15 Whether this is driven by increased use of polymorphic malware or the availability of malware toolkits, the growth of zero-day malware makes traditional, signature-based malware detection algorithms less effective. In addition, bad actors continue to utilize social engineering by exploiting static trust methods used in traditional security approaches. Studies reveal that 85% of organizations experienced phishing or social engineering attacks this past year.16
As cyber threats become more sophisticated, data incidents and breaches are more difficult to detect and remediate. Between 2018 and 2019, the time to identify and contain a data breach grew from 266 to 279 days.17 Beyond the ability to detect and prevent an attempted attack, organizations must also be capable of rapidly identifying and remediating a successful attack. Over 88% of organizations have reported experiencing at least one incident in the last year, demonstrating that all organizations are at risk of an attack and that cyber resiliency is critical.18
According to almost half of CIOs, increased complexity is the biggest challenge of an expanding attack surface.19 This increased complexity is due to the fact that many organizations rely upon an array of nonintegrated point products for security. In fact, the average enterprise uses upwards of 75 distinct security solutions.20
This lack of security integration means that these organizations are unable to take advantage of automation in their security deployment. In fact, 30% of CIOs point to the number of manual processes as a top security issue in their organization.21 Without security automation, CIOs require more skilled cybersecurity professionals to monitor and secure their network.
However, many organizations are unable to acquire the cybersecurity talent that they require. Estimates indicate that over 4 million cybersecurity positions are currently left unfilled, and the number is steadily growing.22 This lack of access to necessary talent is putting organizations at risk, with 67% of CIOs saying that the cybersecurity skills shortage inhibits their ability to keep up with the pace of change.23
Attackers understand these challenges well and use them to their advantage.
The European Union’s (EU) General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA) are two of the most well-known of the data protection regulations. However, they are far from the only ones. Every U.S. state currently has a data breach notification law, and many of them are enacting additional consumer privacy protections. Driven by political and social pressure, regulations are expected to expand in the coming years, and penalties for non-compliance are becoming larger and more common.
Organizations must also comply with industry standards, and many struggle to do so. Indeed, less than 37% of organizations pass their interim Payment Card Industry Data Security Standard (PCI DSS) compliance audit.24 As PCI DSS is superseded by the PCI Software Security Framework (PCI SSF), these organizations are likely to face even greater obstacles to remain compliant.
The need to achieve and maintain regulatory compliance has significant impacts on an organization’s ability to achieve security transformation objectives. For example, of the 71% of organizations that have moved cloud-based applications back to on-premises data centers, 21% did so to maintain regulatory compliance.25
The Fortinet Security Fabric addresses the security challenges mentioned above by providing broad visibility and control of an organization’s entire digital attack surface to minimize risk, an integrated solution that reduces the complexity of supporting multiple point products, and automated workflow to increase the speed of operation.
Figure 1: The Fortinet Security Fabric enables multiple security technologies to work seamlessly together, across all environments and supported by a single source of threat intelligence, under a single console. This eliminates security gaps in the network and hastens responses to attacks and breaches.
>> Download Article to continue reading.
FortiOS, the Fortinet network operating system, is the heart of the Fortinet Security Fabric. This operating system, or software, is at the core of the Security Fabric and ties all components together to ensure a tight integration across an organization’s entire Fabric deployment.
Ask a group of security analysts about the challenges of working in cybersecurity, and you’ll likely hear some common themes....
In order to stay competitive and reduce costs, smart enterprises are constantly on the hunt for disruptive ways to leverage technology. They’re moving towards hybrid IT environments because they recognize the benefits of faster implementations and high cost savings that come with moving from on-premises to cloud-based applications and infrastructure.
In the decades since “cloud computing” first achieved buzzword status, its benefits have been widely proven. And now that the shift to both dynamic work environments and digitized customer experiences has rapidly accelerated, migrating these applications to the cloud is more important than ever.
There’s a lot of truth to the statement that all companies are technology companies. After all, the core focus of a technology company is to deliver software, whether internally to empower the workforce or externally to serve customers. Technology companies also maintain servers to create, collect, store, and access data—which is now the norm for organizations worldwide, whether public or private, commercial or enterprise.
The drawbacks of passwords are well known – simply put, they can be hard to remember, easy to hack and a general nuisance for both end users and security personnel. However, passwords remain a staple of many organizations’ security frameworks, despite the fact that the cybersecurity industry has been calling for the death of passwords for nearly 20 years now.
Retail banking includes traditional players such as brick-and-mortar banks that operate at community, national, or even international levels. It also includes many new players, such as challenger banks that only operate online, financial technology companies (FinTechs), and nonfinancial companies seeking to disrupt the status quo and compete for market share, such as Amazon, Apple, and Facebook. Unlike traditional banks, these new players are often digital natives that bring some strategic “big-tech” advantages to serving customers in an increasingly online world.
Device trust is the process of analyzing whether a device should be trusted and therefore is authorized to do something. It’s critical that the devices accessing company data are trustworthy. Determining which devices should be trusted is a unique decision made by each organization depending on their risk tolerance and compliance requirements.
The world of Identity and Access Management (IAM) is rarely controversial. But today, there is a battle brewing in how we-as an industry-talk about customer-facing use cases for IAM. The world of Identity and Access Management (IAM) is rarely controversial. But today, there is a battle brewing in how we-as an industry-talk about customer-facing use cases for IAM. Many are starting to refer to this as Customer IAM or Consumer IAM, both abbreviated as CIAM. CIAM does have some unique requirements. But that does not mean that you must use a product that only focuses on CIAM. Okta’s approach is to offer a broad IAM cloud service with a strong foundational platform and functionality that enables CIAM use cases—we believe ultimately a better long-term choice.
Vladimir Putin’s attack on Ukraine has led to a united response from NATO powers determined to stop Russia’s leader extending his western border. Whilst sanctions may take some time to impact the Russian invasion, another threat has arisen causing concern for Western governments and agencies. Bodies such as the National Cyber Security Centre (NCSC) and the US’s Cybersecurity and Infrastructure Security Agency (CISA) have warned organisations to be extra vigilant in the face of the increased threat of Russian-led cyber-attacks.