Today’s security challenges cannot be secured with mere incremental thinking
—BS NAGARAJAN, Senior Director- Systems Engineering, VMware India
How has enterprise security changed in the last few years?
With the pace of business and technological disruption ever accelerating, enterprises around the globe and across many industries seem poised for total digital transformation this year. Today’s security challenges cannot be secured with mere incremental thinking. We need a new security architecture that fundamentally changes how we prevent, detect, and respond to threats.
Protecting a corporate network isn’t as simple as building a wall around it. Threats can still sneak through the network firewall or circumvent security infrastructure altogether. Once they’re inside, they can move around and attack at will since there are few, if any, controls inside the data center to prevent malicious traffic.
For a lot of security guys, nirvana is the ability to do micro-segmentation within the data center, or build a honeycomb, in effect, so that any threat that gets into the data center is actually captured within the honeycomb and cannot move very much. What we can do with network virtualization is bring that firewalling all the way down to the virtual interface.
Given the challenges what are some of best practices CISOs and CIOs can adopt?
As the threat landscape for data breaches continues to advance in both volume and sophistication, businesses must mature their security strategies to confront and hopefully outpace these new challenges. Unless changes are made to existing security protocols, it is only a matter of time before security barriers are penetrated and valuable data is lost. While there is no silver bullet to ensure complete protection from data breaches, companies can greatly reduce their risk and exercise greater control over their network by taking the following steps:
Create a model of security designed to be both strategically resonant and tactically implementable.
Adopt a Zero Trust mindset. Strategically, Zero Trust suggests making all network ports untrusted, thus ensuring data is protected across all layers and not just at perimeter access points. Tactically, Zero Trust identifies clear steps companies can take to achieve this model. Micro-segmentation is one of these critical steps, and it must be accomplished for Zero Trust to be tactically implementable.