Kathy Gibson reports – Chief information security officers (CISOs) are having to deal with a chaotic world, as data centre modernisation drives dramatic shifts.
That’s the word from Indi Siriniwasa, vice-president: sub-Saharan Africa at Trend Micro, who points out that cloud adoption is taking off, Internet of Things (IoT) is burgeoning, and artificial intelligence is emerging as the only way to make sense of all the data being generated.
The IoT growth is driving new levels of complexity – and a wealth of new vulnerabilities, he adds.
Siriniwasa says the only way to keep organisations protected into the future is for CISOs to change their approach.
“Define your risk profile,” he says. “Your approach has to be adaptive – you can’t be static anymore, there is a lifecycle that companies need to adopt.”
In fact, CISOs probably have the hardest job in technology, if not the entire company.
Steve Quane, executive vice-president: network defence at Trend Micro, points out that they have to deal with an increasingly active regulatory environment, endless shortages of skills, vendor consolidation, the rise of the security operations centre (SOC) and incident response, and the reality of shadow IT going mainstream.
In terms of regulation, Trend has found that most companies are pretty well prepared when it comes to data analysis, preparation detection and response – but not really up to speed on disclosure.
Prosecution is also a bit of a closed book at the moment, with people not really sure what will happen if they fail to comply with things like GDPR and PoPI.
The security skills shortage continues to grow, and is now in the millions, Quane adds.
The issue is compounded by complexity, with companies running multiple security consoles – in one case, a company has no less than 55.
Today’s SOC has to deal with a huge number of alerts, whereas what CISOs really need is the ability to more detect and hunt for unknown threats. Instead of reacting to each incident, they need to be able to perform a total root cause and impact analysis. Responses are currently generated for each incident, whereas it would be more useful for CISOs if there was automated and rapid threat response.
As shadow IT becomes real – and is now a mainstream way of procuring IT – CISOs are having to find ways to secure the enterprise regardless of where an application comes in from.
But this holds true at all levels of the modern IT organisation, Quane says, as hybrid IT draws applications from both on-premise and multiple cloud environments.
Security and operations have to adapt to this hybrid environment that consists of both physical and virtual servers, cloud instances, containers and serverless computing.
In the traditional infrastructure, apps change only a few times per year, whereas new apps could change several times per day.
Security operations are schedule, manual and runtime in the traditional world, but automated and runtime in the new world. Security tools can be manual and static when it comes traditional apps, but need to be API-based, cloud-friendly microservices in the new world.
Scale is different, too: traditional apps scale mostly vertically, new apps scale mostly horizontally.
“We have customers who have 100 000 workloads in AWS,” Quane says. “Everything is fast, and it needs to be automated.”
He recommends a few best practices for this scenario:
- Pick the tools of where you want to be, not where you are.
- Get ahead of the teams you serve; earn your reputation; get coding – security as code is the future.
- Automate protection for every vintage of application.