Wednesday, March 13, 2019
In any industry, change and evolution is inevitable, and organizations must put in the work to keep pace. In a recent Fuel Webinar, Tim Woods, vice president of technology alliances at FireMon, used an example of Borders selling its online book operations to Amazon several years ago. The retailer didn't foresee the changing times, believing online retail would not take off. Borders was unable to combine their traditional, physical storefronts with online retail, and now Amazon ranks as the largest book seller in the world.
“We have to be looking for ways to reinvent ourselves. We have to remain innovative. We have to remain competitive,” Woods said. “That’s what businesses are doing today with technology like cloud computing and virtualization, and the Internet of Things.” That’s not to say that Woods doesn’t see the value in traditional infrastructure. On the contrary, it’s combining the old and the new that makes an organization so effective.
Woods noted that business and the industry, in general, is not dwindling down. The problem, he said, is “our inability … to maintain pace with the speed of business as it relates to security. We have accelerated past our ability to secure the deployment of our application resources and assets that we are deploying into the cloud adequately, consistently and reliably.” Many people are confused about what tools work and what can be used to gain better visibility. “Just because I am going to the cloud doesn’t negate my need for extended visibility across my infrastructure,” he warned. Keeping pace isn’t as simple as having the newest tools. Organizations must learn how to use and adapt to them quickly.
To Stay Compliant, Consider Automation
During the webinar, Woods shared a common saying: “You can’t manage what you can’t see. You can’t secure what you don’t know about.” Security must be at the forefront of all implementations. There are many new rules and regulations that security professionals must be aware of. Unfortunately, staffing isn’t always increasing in order to manage this accelerating curve.
Woods said if organizations are not hiring new employees, they should consider automation. Automation reduces the strain on employees and helps companies have more visibility, but it also enables them to stay compliant with various laws. “The complexity is going up,” Woods said. “Bad guys are looking for exposed data just due to configuration errors. As complexity goes up, we run into these things.”
Collaborate to Protect Against Threats
Companies are using many different types of the cloud, such as multi, hybrid, public and private. This can be hard to manage, making collaboration within the organization important. Woods said new cloud security teams, traditional IT security teams and DevOps teams are just some of the groups assuming responsibility for cloud deployments. Some of the people on these teams might be well grounded in application deployment or what the company's needs are. However, they might not be well grounded in cloud security. “What it goes back to is the speed of business accelerating past our ability to secure it,” he said.
The more Woods has talked to customers, the more he sees teams are not collaborating. From security to compliance, and much more, there is a shared responsibility of everyone involved. “If you’re not collaborating with the other lines of business, if you’re not collaborating with those other compartments, if there’s not an initiative on the table to more closely link and share that information, then there should be,” he urged. Collaboration requires employees to communicate with each other in a traditional sense, while managing new cloud-based tools.
Woods said responsibility should be spelled out or finger pointing will come into play. “If a bad actor came in a well-known threat entry point, how far could they get?" he questioned. "What routes are accessible? What vulnerabilities are exposed? I need good visibility to protect against that which requires collaboration between departments in the organization.” The last thing any organization wants is one department blaming another instead of using their time to be proactive and protect against threats. When cooperation is the expectation, companies will be able to focus on handling security rather than blaming others for problems.
In the cloud, things change quickly. It's important to have a real-time view and be able to share that with other departments, as everyone works to collaborate on the security of an organization. While keeping up with the constant changes in technology can seem daunting, it is crucial in providing effective security. Automation can make the breakneck pace more manageable. A defense is especially effective when members of security teams communicate effectively, share responsibility and move forward in tandem with one another. If companies can take an honest look at where they are and make concrete steps to improve their system, it will go a long way toward creating a more secure industry.
Want to learn more? Watch the Fuel webinar, “Continuous Security for the Hybrid Enterprise.”
More to Explore
Check out these Fuel blog posts for further reading: