Businesses today operate in fabric-like digital continuum involving partners and customers, and so should security.
Of late, a massive surge in work-from-home (WFH) instances, triggered by current pandemic has put enterprise IT security to test. As an interim measure, there has been a scramble to buy new VPN licenses for employees working from home.
Indeed, something is better than nothing, but the complexities and challenges brought to the fore by remote-work surge show that a lot more needs to be done.
As the size of remote workforce has grown, the attack surface too has grown. Data is being exchanged via various applications and cloud platforms, which brings a multitude of new threat windows into play.
Traditional end-point security approaches have turned out to be inadequate in addressing the complexities of this new enterprise fabric. As enterprises wade through a maze of new security challenges, a key first step would be to reimagine information security with a fabric-centric view.
Why take a fabric-centric approach?
As the term suggests, a fabric-centric approach to information security can be inherently holistic and ubiquitous. It would be built on the premise that all parts of network should be entrusted with gathering threat intelligence and even be armed to act as a first line of defence.
In other words, here security is embedded throughout a business fabric and prevents trespassing across all perimeters as well as various touch points and surfaces. This contrasts with the end-point model, where it is assumed that an attack vector would not enter the network if all the entry gates were locked and guarded well.
Gone are those days. Threat actors are now sending attack vectors designed to breach any unguarded part of an information network. An attack could be injected into a wired or a wireless connection, be seeded into a cloud-native application, or even enter an analytics framework by posturing as a big-data stream.
Implementing security in fabric
To help shield your organization in a world of complexity, it is vital to embed security in the fabric of your business. This amounts to aligning your security strategy to your business; integrating solutions that protect your digital users, assets, and data; and deploying technologies that could manage your defences against growing threats.
It goes without saying that the fabric of your business includes not just your employees but also your partners, suppliers, and clients/customers. As such, security solutions will need to be enabled, though not necessarily deployed, across all such interfaces. As a simple example, if your partner or client is accessing your services through a web interface, then the session needs to be protected against any threat throughout the data continuum. The common security measures for such instances include secure socket layer (SSL) and double authentication methods such as one-time password (OTP). However, these measures could range from basic to advanced, and may need to be supplemented with hardening of server software and firewall.
Take help from experts
Enterprise security specialists like IBM have invested the time and resources in developing security solutions. A consultative approach to deploying these solutions could help you achieve the required protection levels in an accelerated manner. It can help you design, build, and manage a security program that helps your business to be responsive, resilient, and agile. The offerings enable you to protect your data wherever it resides while providing advanced identity and access management.
Advanced IBM solutions are designed to manage risks and detect threats with AI, while highly developed SIEM and SOAR solutions can help you respond to those threats in an effective and seamless manner.
Moreover, experienced advisors can help you extend resources or manage a tailored security program or response across a wide range of vendors. So get ready to drive security into the fabric of your business, and learn to thrive in the face of uncertainty!