Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Next-Generation Security: A Thousand Mile Journey Begins with a Single Step

Dick Bussiere, Technical Director, Asia Pacific, Tenable Network Security | Dec. 15, 2016
We need to think beyond the traditional layered approach as technologies continue to evolve.

This vendor-written piece has been edited by Executive Networks Media to eliminate product promotion, but readers should note it will likely favour the submitter's approach.

As information security professionals, we all have the same mission: to protect customer and employee data, safeguard our company's intellectual property and preserve its brand and reputation. It is a mission that is perpetually complicated by both evolving business demands and the rapid changes occurring within the information technology domain. These changes force a rethinking of how security solutions are architected and deployed.

Historically, security has always been an afterthought. We have built out IT infrastructures, then built layered security controls around these infrastructures.  Despite the huge capital and human investments made in security infrastructures, breaches are still constantly occurring. This means that we need to think beyond the traditional layered approach as technologies continue to evolve. Let's consider recent IT trends and how these trends should be addressed from a security perspective. 

IT infrastructure migrates to the cloud

The most significant change that is presently occurring is the move to the cloud - not just the use of cloud applications or cloud services, but the outright migration of IT operations and infrastructure from corporate data centres to the cloud. This trend will affect security - drastically.

 

  •  Traditional network and infrastructure security controls will no longer be an afterthought in designing and deploying systems. They will be embedded into the cloud infrastructure.
  •  Emerging container technology is changing how software is packaged, deployed and maintained - changes and patches are accomplished by destroying the old image and deploying a new image, rather than through traditional methods.
  • The perimeter of an organisation now includes the cloud -and security infrastructures will be a hybrid of traditional endpoint and perimeter controls and new cloud oriented controls.

 

DevOps processes and container technologies are having a dramatic impact on how applications should be secured, yet many security professionals are unsure as to how to deal with the problem.

The push to the cloud is visible locally. For example, DBS Bank of Singapore became the first bank in the country to adopt cloud-based productivity technology. Many more are following - according to IDC, at least 80 percent of Asian FSIs will run on hybrid cloud architecture by 2018. Therefore, cloud security will be a hot topic in the coming year, as more FSIs prepare for cloud adoption.

But that's not the only trend impacting security.

The future is now - applications

Applications have become the critical component of digital business and the digital economy, storing your most sensitive data and intellectual property. Every day we use applications on our smart devices to book taxis, pay bills, check bank account balances, book travel, communicate with work colleagues and more. Additionally, thousands of businesses are integrating cloud-based Software as a Service (SaaS) applications into their workflows, with client side applications interacting with these services. Applications are today's reality, and ensuring that the endpoint applications and the cloud services on the other side of these applications are secure is paramount.

 

1  2  3  Next Page 

Sign up for Computerworld eNewsletters.