Article by Illumio vice president of Asia Pacific, Rob van Es.
Security professionals focus is on preventing threats and breaches, which has always been the case. But as companies and organisations shift more and more of their data and operations into cloud environments, and cyber threat adapt to these changes and become more complex, many of us feel that it’s a battle that can’t be won.
In fact, a recent report from Ovum and Juniper Networks looked at APAC countries and found that Australia ranks as one of the lowest in terms of successful cloud adoption and centralising security management. There are several reasons why this could be the case – legacy infrastructure, complexity and a siloed approach are a culprit, while daily threat alerts that have inundated organisations are simply becoming unmanageable. This has all led to complacency, which has fueled this vicious cycle to repeat itself over and over again.
So what can organisations do to break this pattern? How can they proactively deal with security threats while still being able to focus on their digital transformation? It’s no easy task but if history has taught us anything, it’s that if ‘nothing changes, nothing changes’. In other words, there needs to be a fundamental shift in how organisations think about – and approach – these challenges. And guess what? The technology exists out there that can help us all get there.
Security threats are more complex than ever
In the past, companies were consumed with protecting the front gates and the outer wall of their network, never realising their adversaries were finding ways in by going to the neighbour’s yard and jumping the back fence.
The fact is, when intruders breach your (ever-expanding and changing) perimeter, they most often enter through a low-value asset or environment. This can be your development environment, a contractor’s network, a low-value application, an IoT device (e.g. smart light bulbs, HVACs, printers, etc.) or an unpatched piece of technology.
From a small foothold, attackers can move laterally through your environment. As we’ve all seen in the increasing number of attacks, intruders can often reach high-value targets once they’re inside your data centres and cloud environments. While we’re focused on securing the perimeter, we forget to close – and lock – the inside doors between areas. This means that if intruders find a way in, they often spend months (146 days on average) moving laterally inside data centres and cloud environments, undetected, until reaching their goal.
A new – and smarter way – to think about security
But fear not, there is indeed a smarter way to secure your data and network than just the traditional ‘perimeter security’ method. By protecting the network from the inside out, you can ensure that the most critical assets are locked down - so even when a breach occurs, attackers can’t get at your most important assets. Say hello to micro-segmentation.
You’ve probably heard of it by now but micro-segmentation, by definition, is “a process that divides an entity into extremely small parts”. It’s the new ‘east-west’ frontier that looks at all of the network connections an intruder can use to move laterally through your environment – all while wreaking havoc (usually undetected) as they set their sights on the ultimate prize: complete and total access to your high-value assets.
By moving laterally through a network, intruders have expanded what we view as the traditional ‘perimeter’. In doing so, they’ve not only changed the game, they’ve changed the field we play it on. Now, any and all minor threats need to be escalated and taken very seriously as they can quickly and easily turn into a major breach.
Micro-segmentation technology was developed as the only logical response to this relatively new – and rapidly expanding – type of threat. Think of it like a submarine: when the hull is damaged, watertight doors on either side of the section are sealed, and so the flow of water is limited. This lets the submarine continue moving, instead of sinking.
Through micro-segmentation, organisations can achieve the same effect to isolate a potential threat. There are several different use cases for micro-segmentation. Fundamentally, however, the strategies all work to compartmentalise the high-value areas of your network (the ‘crown jewels’) away from the low-value areas, which is where potential intruders would target first as an entry point.
Accept it, map it, and plan it
Like most things in our profession, what is easy to describe using analogies is orders of magnitude more difficult to deliver in the reality of complex business-critical environments. It’s important to map out your network and identify exactly which areas will be the high-value targets for intruders.
With the regulatory environment around the world calling for increasing levels of disclosure and security around personal data (such as the GDPR), the consequences of a successful breach are quickly multiplying from ‘embarrassing’ to ‘business threatening’.
The reality is that we need to assume breaches will continue to happen, but convincing organisations to plan and prepare for this requires a completely new mindset. When security professionals and organisations can think like their attackers, they’ll not only be better prepared to defend themselves, they’ll also be able to support business continuity and help achieve overarching organisational goals.
And let me be clear, I’m certainly not saying that we’re giving up the lessons learned of securing the perimeter – that is, and will continue to be, critical to overall security strategies. However, just like the shift from fax to email, we need to quickly adapt to a new way of doing things. Whether we like it or not, this is our new reality.