While cybersecurity is becoming our greatest threat, complexity is acting as a massive risk amplifier. Indeed, for many IT leaders, CIOs and CISOs addressing complexity can be even more of a challenge than addressing the actual cyber threats, explains Bill Mew.
As we discussed in a recent expert debate on ‘The Digital HQ: How to Effectively Run Your Business in 2022‘, we need to address both cybersecurity and complexity at the same time; with security built in at all levels (from the hardware up) and with enhanced manageability enabling us to overcome the rising complexity.
The problem is that complexity is widespread and, if anything, it is getting worse in many key areas:
Cloud complexity:
Many organizations have long-held digital transformation ambitions, based on strategic plans to migrate their workloads to the cloud. Whereas, once it was ‘do we want to migrate to the cloud?’, it soon became ‘in what order should we migrate workloads?’ And then for many during the pandemic it became ‘how quickly can we migrate them’ as the need to enable working from home accelerated their move to the cloud. Further complicating matters is the need to support legacy systems, many of which cannot be moved to the cloud easily or at all. There is typically also an array of SaaS applications, a proliferation of shadow IT instances, and particular workloads that are tied to different cloud providers, resulting in a hybrid multi-cloud reality that CIO’s have little choice but to deal with.
Compliance complexity:
At the same time compliance teams are currently facing numerous headwinds at all levels. Increasing compliance challenges are even hitting regulated industries, such as the financial services sector, which is already used to a significant burden of compliance, from Anti-Money Laundering (AML) and Know your Customer (KYC) to data privacy and MiFID (Markets in Financial Instruments Directive). A divergence of sometimes conflicting regional data sharing regulations has created a patchwork of data islands. Data sharing across the Atlantic has been impacted by the demise of Privacy Shield and across the English Channel it has been impacted by new trade processes as a consequence of Brexit. Add to this the various data sovereignty and data residency regulations emerging in various countries, as well as on a state by state basis across the US, and firms are facing an ever more complex compliance landscape. On top of this there is now the need to comply with a fresh wave of sanction requirements that are changing frequently. Thus, it is evident that compliance has become an almost impossibly complex task. Indeed, most organizations are now believed not to be fully GDPR compliant and many could well be falling short in other areas as well.
Cybersecurity complexity:
If anything, the cloud and compliance challenges are dwarfed by the challenges that It leaders, CIOs and CISOs face in dealing with the rapidly increasing volume and sophistication of cyber attacks.
We are in an AI-powered cyber arms race, where black and white hats are battling to be the first to uncover vulnerabilities that they can either exploit or patch, but the black hats only need to be lucky occasionally while the white ones have to be lucky all the time. And if the rising volume of ransomware attacks and severity of supply chain attacks were not enough, IT leaders, CIOs and CISOs were forced to accelerate cloud migration plans during the pandemic with remote access creating additional vulnerabilities. And the worsening geopolitical situation means that in addition to opportunistic cybercriminals, they may also face well-resourced and highly-skilled state actors as well. Unfortunately, a proliferation of poorly integrated point products and security solutions mean that the management and interoperability of their cyber tools is often as much of a challenge as dealing with the cyber threats themselves.
Countering the threats while overcoming the complexity
Addressing the myriad of challenges will require a multi-layered approach with integrated and automated tools to help overcome the overall level of complexity.
- Multi-layered: there is no silver bullet or single all-encompassing solution. You need hardware-based security and remote manageability baked in from the ground up, and this starts with the processor – those supporting Intel’s vPro platform incorporates both. Instead of focusing simply on a protective perimeter, multi-layered security provides ‘defence-in-depth’ with a ‘Zero Trust’ approach. While traditional security only really protects against known threats and known attack vectors, a multi-layered approach can also:
- protect and guard against upcoming or increasing polymorphic malware
- provide protection from an attack that comes through email attachments, files, adware, links, apps, and more
- counter the potential threat from insiders and rogue administrators as well as from external actors (including those in the supply chain)
- provide DNS-level security to safeguard against threats arising at the network level.
- Integrated: rather than needing to develop skills for multiple point solutions, each with different implementation and management requirements and each with a different dashboard, CIOs need solutions that are not only reliable, but that can be managed via secure APIs from central management consoles to provide the desired ‘single pane of glass’. Again, Intel’s vPro platform and other leading security solutions provide this level of interoperability. As more vendors adopt such interoperability, APIs will enable IT and security teams to manage operations centrally from a dashboard of their choice, whichever is best for their business.
- Automated: even with centralized dashboards though, the volume of attacks is making it impossible for security teams to manage threats in real time without a level of sophisticated automation. Such automation tools need not only to be finely tuned but must also include situational intelligence. For Security Operation Center (SOC) teams, ‘false positives’ are one of the biggest pain points, with too much time and effort often spent chasing security alerts that incorrectly indicate a vulnerability where none exists.
Automation can also have many other advantages – such as dealing with the dull and difficult, but nevertheless essential, tasks like backups or patch management. This can be a real challenge when dealing with a geographically dispersed array of devices. Ideally, you’d want to automate patch and update controls remotely. Unfortunately, this kind of remote management is only really possible if you have invested in devices that incorporate Intel’s vPro platform. Having Intel Hardware Shield built-in, allows such devices to deliver one of the highest levels of hardware, software, and data protection right out of the box. Not only does it minimize the risk of malware injection by locking down memory in the BIOS when software is running, but it also helps to prevent planted malware from compromising the OS. You also get a secure boot, allowing your PCs to launch into a trusted state.
With a war for talent and cyber skills in short supply, securing scarce resources only to waste them all with unnecessary complexity is no longer viable. However, with complexity increasing on so many fronts, expecting to overcome it without actively seeking to adopt fully integrated and automated tools, is somewhat unrealistic – just as addressing the cyber threat landscape is equally unrealistic without a multi-layered cybersecurity approach. Focusing on doing both together could well be the only viable option.