Rapid Digital Transformation Requires New Cybersecurity Strategies

Data increasingly resides outside of the traditional data center, and IT is under pressure to provide ready access to business users who are often working outside of traditional office space. That’s causing substantial reprioritization of cybersecurity approaches and technology solutions.

A recent IDG and Comcast Business survey of 131 IT leaders in IDG’s TechTalk Community indicates that more than half of midsize and large enterprises recognize that traditional security postures are not a good fit for the demands of a widely connected, cloud-focused organization. The increased need for connected business solutions has prompted growing dissatisfaction with a patchwork of existing network security components that do not align well with cloud components.

Increasingly Connected and Feeling Vulnerable

Many organizations are still grappling with how the COVID-19 pandemic has impacted demands on IT. More than a third of the surveyed organizations said that the acceleration of digital adoption over the past 12 months has gone hand in hand with the increased prioritization of security. Among that group, the top factor driving that heightened priority, cited by 48%, is enabling a remote or hybrid workforce.

Not surprisingly, the familiar woes of limited IT staffing and security expertise were cited as the leading impediment to ensuring that on-premises and cloud networks are secure. Related to that, information overload and the scale of the task are issues for 43% of those surveyed.

Given the frequency with which skill sets and expertise show up in IT security surveys, that may be a prime area for re-evaluating traditional approaches, according to some industry experts. “We’re not going to solve this problem by throwing bodies at it,” says Pete Lindstrom, vice president of research for Enterprise and NextGen Security with analyst firm IDC. Instead, he says, organizations and the industry need to take advantage of automation and scalability being applied across other areas of IT.

Adapting to New Challenges

IT organizations are rising to the challenges by investing in edge security solutions that help protect users and systems beyond the reach of traditional enterprise security, such as enhanced cloud security services and software-defined wide-area network (SD-WAN) services. They are increasingly adopting the “zero-trust” approach to network architecture. This requires verification of anything touching or trying to connect to systems from inside or outside the network, rather than assuming that they are trusted entities.

Most respondents have already deployed or plan to deploy key network security solutions such as SD-WAN, which 89% indicated has become a higher priority, 71% have already adopted, and 26% plan to adopt within six months.

“Those are incredible adoption numbers,” says Martin Capurro, vice president, Managed Services, with Comcast Business. “SD-WAN lets you do smarter things with traffic routing so critical business applications are available to customers and employees. The SD-WAN function and the security function go hand in hand.”

Close on the heels of SD-WAN is data loss prevention services, which 67% of the respondents have already adopted and 31% plan to deploy within six months. Other network security services also gaining popularity are secure web gateways, endpoint detection and response and cloud access security broker (CASB), among others. Those technologies are often tabbed as components in a loosely defined framework of cloud-based network security known as secure access service edge (SASE).

Survey respondents, however, are finding that conventional risk management frameworks and a patchwork of network and security components do not naturally fit with a cloud-oriented posture.

Midsize companies seem to be having a tougher time than larger enterprises in grappling with a patchwork of existing networking and security components that do not align well with cloud components.

“SASE is a viable concept to help protect the edge, but I also think it’s a buzzword that is overused,” says Shena Seneca Tharnish, vice president of Cybersecurity Products at Comcast Business. “A lot of the technologies within the SASE framework have been around for a long time, but IT teams are starting to evaluate how they can apply these to secure a business from end to end as more applications and users are shifted outside of the traditional perimeter.”

As they adopt newer approaches embracing edge security and zero trust, organizations are also increasingly reliant on managed services providers (MSPs) to help them meet top security challenges as they expand their use of connected business solutions.

IT organizations are relying on MSPs to fill critical gaps, such as quickly spotting when a device or an application is out of compliance. Another critical visibility issue is simply knowing what is in the network and its topology.

“Zero trust is all about being aware of where the data is located and then looking not only at the network but also at the identities of the users at the end of these devices and systems and applications,” says Tharnish. “I’m hearing from companies engaged in zero-trust journeys that one of the biggest challenges is they can’t protect what they can’t see. There also are many legacy devices and systems out there that don’t have the modern capabilities to implement zero trust.”

Knowing quickly when a device or a critical service application is out of compliance is the top driver among companies currently using MSPs or planning to use them for network security issues. Survey respondents want help managing the growing patchwork of cybersecurity point solutions, understanding what is on the network, and integrating the best network and security solutions.  Click on Page 2 to continue reading…

Comments are closed.