This is a contributed article by Nat Kausik, CEO and Founder of Bitglass
The spate of high-profile ransomware incidents this year have halted operations across business and critical infrastructure alike. A highly successful ‘revenue generation’ tactic for cybercriminals, attacks that caused so many problems for the likes of Colonial Pipeline and JBS demonstrate the huge risks and have contributed to a greater sense of urgency in dealing with the problem across public and private sectors.
Adding to the challenges caused by sophisticated cybercriminals, however, is that their tactics are constantly changing in an attempt to stay one step ahead of potential victims. For example, there is growing concern about the risks inherent in relying on just one vendor for security infrastructure, as attackers step up their efforts to exploit single vendor vulnerabilities. In doing so, the danger is that successful attacks provide access to entire networks and their wider supply chains.
For example, the now infamous SolarWinds attack illustrated what can happen when an organisation relies on one vendor across its infrastructure, tools and security estate. In this situation, SolarWinds’ use of an exclusive Microsoft architecture offered an uninterrupted connected surface where attackers could move from a single compromised laptop to an Azure Active Directory and then Office 365. In situations like these, once hackers gain access to email, they can pretend to be anybody in the organisation and use that insider knowledge to widen access and control.
In the case of Microsoft and other major vendors, bundling applications and security may seem like a sensible option for delivering benefits such as increased integration or economies of scale, but there are circumstances where it might actually put users at greater risk.
Adding to the challenge of a single vendor strategy is that dominant global vendors such as Microsoft are being constantly targeted by attackers, who devote significant time and resources to building and refining their infiltration strategies. Clearly, this approach is gaining traction because of the potential it offers to compromise any single vendor security infrastructure relied on by their potential victims.
Spreading the risk
Instead, when companies segment their security infrastructure with multiple vendors, they put themselves in a much stronger position to contain the impact of a security breach because when one area is compromised, the rest of the network isn’t immediately exposed.
A good starting point is to split the application stack from the security stack. For example, implementing third-party security products can establish a barrier to disrupt the progress of an attack and prevent cybercriminals from operating without restrictions.
In separating applications from security, the security strategy itself should be integrated and consistent because the weakest link will generally be compromised first. As a result, organisations cannot arm themselves to address today’s sophisticated threat environment without consistent security across their various cloud and network security solutions. That’s why organisations are adopting a Secure Access Service Edge (SASE) framework to streamline security. This approach replaces existing fragmented solutions - that have to be managed and updated separately - with a unified platform that delivers comprehensive security across every segment of the infrastructure. As a result, users benefit from greater flexibility, cost savings, better performance and increased threat prevention.
In practical terms, SASE components and functions typically include:
- A Cloud Access Security Broker (CASB) that offers end-to-end protection for data in any cloud service and any device.
- Zero Trust Network Access (ZTNA) that provides comprehensive and secure remote access to on-premises resources.
- An On-Device Secure Web Gateway (SWG) that decrypts and inspects traffic directly on users’ devices for content filtering and threat protection.
Already important, these considerations have taken on even greater significance given the growth of the distributed, remote workforce - a trend which has accelerated so much since the beginning of last year. With data and users now residing for some or even all of the time outside corporate networks, many existing security strategies are no longer fit for purpose because they were designed to protect more centralised IT environments where control can be more precisely managed.
And while organisations continue to rely on a single vendor to protect both applications and data, the time from an initial security incident taking place to wider impact is likely to be alarmingly brief. But, by developing technologically diverse, resilient IT infrastructure, organisations become much more capable of minimising the reach and impact of a cybersecurity incident.
Nat Kausik is president and CEO of Bitglass, and a co-founder of the company. Prior to Bitglass, Kausik was CEO of Asterpix, Trubates, FineGround and Arcot Systems, and has held positions in research and academia.