It’s that time of year when thousands of students graduate and begin the next phase in their life journey. But not before they listen to commencement speeches rife with inspirational quotes like this one attributed to William G. T. Shedd: “A ship is safe in harbor, but that’s not what ships are for.”
Leaving the comfort zone of a campus and a parental safety net to venture out on their own is scary, but that’s what these graduates must do to realize their full potential and their dreams. In the process they’ll need to evolve some of the methods that served them well in a more sheltered environment for success out in the real world.
Sound familiar? It should. This scenario is similar to what we’re all confronting as IT, business, and government leaders with respect to venturing forth in the Digital Economy.
For years we operated in the relatively safe confines of the traditional walls of the enterprise. But that’s not where the opportunity to create significant value lies today; it’s in the new world of ever-expanding connectivity and digitization. And as we engage in this Digital Economy and confront the new dynamics it brings, including well-funded and highly motivated attackers, we need to evolve our approach to IT security to better protect our enterprises and communities and unlock the great opportunity that digitization presents.
But connectivity of more devices, relaying more and higher value data, has created even more opportunities for hackers to profit from successful attacks. The Industrialization of Hacking has spawned a new era of professional, entrepreneurial, and resourceful cyber criminals. Compensated to break in to specific organizations and complete a specific mission, they are persistent in their efforts and launch multi-faceted attacks using multiple attack vectors.
While our defenses have also evolved, organizations are mired in complexity and fragmentation with too many disparate security technologies that can’t – and don’t – interoperate. Many security teams are stretched so thin that don’t have the resources to cover the security basics like patching, configuration management, or identity and access provisioning. But what if we could turn the number of security technologies we have installed into an advantage? What if we could get these technologies to share information?
Most organizations have deployed security technologies across some combination of networks, endpoints, web and email gateways, virtual systems, mobile devices, and the cloud. If these technologies could externalize and export their data, we could access what these disparate technologies are seeing in a single visibility platform. Then we would know what devices, operating systems, and applications are running on the network; how they are configured; who is using the devices and systems; what they are doing; and how data is moving across the environment.
With visibility across all extended network activity as the foundation, we can add context based on local and global threat intelligence, and apply controls using analysis and automation for a systemic response to detected threats. We can complement this platform with security solutions to address deficiencies and enable customers who don’t have security expertise in-house to gain the protection they need, everywhere. With an integrated threat defense architecture based on an intelligent network that includes a vast ecosystem of solutions, organizations would be better equipped to handle attacks today and in future.
Just as the graduating class of 2015 will evolve how they operate to realize their full potential in the real world, we must evolve our approach to security in the Digital Economy. By embedding security everywhere along the extended network at all control points and then sharing that information, we can see once and control and protect everywhere. When security becomes as pervasive as networks and devices themselves, it becomes a growth engine, freeing businesses and governments to embrace new business models and digitization with confidence.