The cybersecurity industry is bubbling with new technologies that go after the threat du jour. The threat landscape has evolved, and cyber risk from organized crime and nation states represent a clear and present danger. The impact on enterprise security is severe. Our security is only as good as our ability to coherently and consistently put up a solid defense.
Once upon a time, security was simple: you had a corporate network with a defined perimeter. Throw up some firewalls at the endpoints, and you could pretty much weather any cyberattack at the time. Then came mobility and the Cloud, and securing this modern network was no longer simple. Businesses were exposed by security holes they didn’t even know existed. Sophisticated attackers were able to blow right past legacy security appliances. The need to address the widening gap between defenders and attackers, along with the risk of facing a breach, initiated a “security arms race.”
Gartner estimates that worldwide spending on information security reached over $75 billion in 2015, continuing a pattern of increases. And at the annual RSA conference last month, there were over 500 exhibitors all vying for a piece of that pie. But therein lies the problem: how is one expected to make sense of all these various point solutions on the market and organize them? This explosion of point solutions contributes to network complexity and challenges short-handed IT teams to protect their networks in a manageable way.
Network complexity is the real vulnerability
As the network expanded into the Cloud and incorporated a growing mobile workforce, it stretched the perimeter to its breaking point. This not only exposed businesses to new kinds of threats, but made it difficult for the IT team to gain visibility across the entire network. To combat these threats, businesses began layering point solution upon point solution to secure new data access paths. What started off as a few supplemental security appliances snowballed into an appliance straightjacket, severely constraining an IT team that was already burdened by a lack of resources.
Appliance-based network security is complex. Each appliance must be maintained and have its policies managed and updated accordingly. And that’s not accounting for the inevitable issues – say a power supply fails or a software update crashes the internal operating system or a new vulnerability is discovered, requiring a replacement or multiple patches. Administrators have to deal with constant appliance turnover and new geological layers of rules, settings and scripts. Manual intervention is required before every update to ensure stability, meaning more precious time is wasted before appliances can adapt to current security threats.
Even the positioning of network appliances, which are designed to operate best within a defined network perimeter, is a challenge. These devices were traditionally placed in front of, at, or on the edge of the network perimeter. Without a clear perimeter, many more appliances and point solutions are needed to cover the network. It’s also led to an expanded attack surface, as hackers often target unpatched software vulnerabilities, outdated defenses and product misconfigurations. The more tools enterprises deploy to counter these increasing threats, the greater the opportunity for hackers to identify weak links. Security appliances are only as effective as the people who run them, and IT teams simply don’t have the appropriate resources. Nor do they have enough qualified staff in some cases.
Overcoming the IT security skills gap
The skills gap is more than just a lack of cybersecurity professionals; it’s disciplinary, too. The Cloud industry is booming, but security professionals with Cloud computing skills are even harder to come by. According to recent research from ESG, 46% of organizations say they have a “problematic shortage” of cybersecurity skills in 2016, with 33% citing cloud security specialists as their biggest deficiency.
Security teams should be responding to new and emerging threats. But with so many security appliances, they often spend more time trying to manage what they own than think about the threat landscape and how to adapt to it. IT is reaching a breaking point with the perfect storm of a deficiency of experienced security personnel converging with a highly complex networking and security environment that is overwhelmed by point solutions. Something will have to give.
To avoid a full-on point solution implosion, enterprises should look for an answer within the same forces that gave rise to network complexity: Cloud, Internet and software.
By realigning the network perimeter to accommodate the new realities of the Cloud and mobility, businesses can rationalize the way they enforce security. By “cloudifying” network security, re-establishing the network perimeter, and moving away from the appliance form factor, the workload on critical IT resources will be reduced with fewer policies and configurations to maintain. At the same time, the attack surface will shrink and there will be less moving parts to manage. While point solutions will continue to play a critical role in driving security innovation, the security industry at large should focus more on ensuring businesses can consume new capabilities in a way that is simple, streamlined and manageable – and will therefore make them more secure.