Managing the unmanaged: Reconsidering your security posture

As global breaches rock the headlines and the need to compute and connect remotely persists, we all (personally and professionally) are now much more aware of potential vulnerabilities in this ever-expanding connected world.

The number of connected devices in our lives is growing at a staggering rate. Thanks to IoT, edge computing and the pandemic, we are more dependent on digital infrastructure than ever. Now, devices connected to the network can range from simple sensors in our cars and household devices — such as refrigerators or lawn irrigation controls — to complex manufacturing systems.

A report from Forrester underscores there has been a significant increase in unmanaged devices in the connected landscape. The topography of the internet infrastructure already includes cloud, hybrids, edge and 5G networks that make connectivity possible from anywhere and drive productivity anytime, expanding attack surfaces and the threat landscape to everything one could possibly imagine. And cyber attackers don’t discriminate based on the size of a business. If a company has anything worth stealing — including personally identifiable information (PII), sensitive customer data or critical financial records — cyber criminals will do anything they can to get it.

And yet, this same landscape is exciting and full of potential for businesses and humanity as a whole. In fact, Gartner predicts that 75% of enterprise-generated data will be created and processed outside of the traditional data center or cloud by 2025. The expansion of this new landscape brings up a wide variety of issues to solve for those charged with the security of enterprises and their customers and collaborators.

Coping with a challenging landscape

Enterprise security can no longer be driven by homogeneity and rigid approaches to ward off threats. Stakeholders are charged with containing threats, controlling internal/external user behaviors, and complying with regulatory and privacy frameworks. But several factors complicate their task:

• The diversity of devices, networks and IT use cases pose new sources of vulnerability.
• The perimeter of the system in scope for IT administrators is now dramatically vast. IT equipment and devices are now deployed over a large geographical area, left unattended and subjected to attacks by highly sophisticated cybercriminals.
• Public clouds, edge and IoT have created environments where IT administrators and cyber criminals now have identical access to publicly hosted workloads using standard connection methods, protocols and public APIs.
• End users demand high ease of use and single sign-ons while preserving the privacy of their information.
• The scale and scope of threats have increased dramatically and is continuously evolving. Threats can be hard to predict and can be local or global. Further, these threats can originate from seemingly innocuous and non-critical elements in the IT ecosystem.
• Continued rise of ransomware – organized crime with an intent to hold a company hostage rather than just disrupt for ideological or malicious reasons.

To cope with this challenging landscape, enterprise leaders need to adopt a different security posture that complements traditional security controls such as encryption, firewalls, content filtering, etc. with zero trust, identity management and automated response frameworks.

A more secure IT future

The responsibility for a more secure IT future lies with both vendors and IT solution and service providers. Best practices and cutting-edge security frameworks developed by cybersecurity experts need to be considered and incorporated at every step in the technology product/software lifecycle and within the infrastructure environment.

In our interactions with leaders in the IT industry and product development organizations, we are finding increasing urgency to deal with security not just in all aspects of enterprise IT, but also in development operations. Organizations are realizing that DevOps mindsets that prioritize rapid development cycles must be coupled with security considerations far in advance of production. A new security approach, “DevSecOps,” deals with security issues iteratively throughout the development cycle and makes security a collective effort of the entire development team.

At Arrow, we have identified “seven pillars of security” that can be the basis of a best practice-based approach to enterprise and IoT security. We have built up a portfolio of offerings for customers with a goal to enable IT solution and service providers to understand, execute and monetize security across a spectrum of delivery platforms regardless of existing skill or experience.

While the world of cybersecurity is vast, complex and evolving at an accelerated pace, bringing in the right expertise and approaches at the right time can make for a highly effective approach to ward off the inevitable security threats posed by our hyperconnected world.

Learn more about how Arrow can help protect critical infrastructure.