By: Avinash Prasad, AVP, Cloud Infrastructure Services and Security, Infosys
With the prevalence of a wide range of personal and enterprise data on IT systems and the decline in paper-based data over the past 20 years, information security has come to be identified with IT security. Hence, the security of information assets and data is increasingly dependent on the security of IT systems. However, recent changes in the digital world have made this equation even more delicate.
To strike the right balance between easy access to information and impenetrable security for digital assets, enterprises need to consider two key aspects:
Technology change throws up questions and poses challenges – The rapidly increasing use of technology is extending the spread and movement of data and access. Hence the target surface is expanding fast, providing greater opportunity to attackers and cyber criminals. This makes the job of Information security professionals extremely complex. As a result, the principle of ‘Trust but verify’ has become the password to ensuring security. This can be achieved by tracking all important shifts in technology and carrying out regular intelligent and diligent risk examination. Making this practice a discipline is becoming critical for Information risk management.
For instance, social media interactions expose internet users to unsavory phenomena like ‘phishing’ aimed at harvesting data from unsuspecting victims with criminal intent. Thus, first movers (and even geeks) must tread with caution to avoid being duped.
Technology as an enabler of security – As a corollary, technology can also assist with enhancing the power of protection tools and, more importantly, detection and prevention tools that are needed for achieving the goals of high assurance for the security and integrity of any information estate. Hence business strategy and expansion need to be supported by security built on proven advanced technology and appropriate investment decisions.
The application of technology in this context can be viewed from a few perspectives.
Find the needle in the haystack (aka cyber security) – Using large volumes of data and trends to derive pinpointed actionable security intelligence is a major use case for application of technology. Such application can create measures of cyber protection that are equally agile and sensitive as the advancing adversarial methods of cyber-crime. This can include leveraging:
Artificial intelligence – for pattern spotting and hunting for threats
Visualization – for advanced tools to help a security analyst find threats and patterns, not visible to the ‘naked eye’, i.e., to conventional security tools
Integrated action mechanisms – drive enforcement by actions such as triggering of alarms and shutdown of channels, access, systems, etc.
Enterprises that are leaders in the adoption of advanced cyber security measures are utilizing such mechanisms driven by innovative new technology, some of which is yet to attain full potential.
Driving collaboration across boundaries – Technology can also support the rapid and secure exchange of information amongst security teams almost in real-time to share both threat data and mitigation plans. This can be a powerful tool in the hands of security teams because it is that time sensitive element of the ‘unknowing’ time window that is exploited by attackers. If this window can be crashed effectively through rapid collaboration, security teams will have an advantage over cyber-criminals.
Offense is the best defense – This old adage is being invoked by certain technology providers who are creating ways to attract and deceive attackers. They then bring their infrastructure or systems down rather than wait to be attacked. Technologies developed for this strategy use the concept of honey pots paired with the powers of rapid forensic data gathering to understand the methodology of attack so that it can be neutralized.
Specialized function for IT security strategy, architecture and design balanced by optimal outsourcing is the need of the hour.
While discussing the uses and implications of technology in security, it is worthwhile to note the important difference in the pace of technology adoption of attackers and defenders. Usually, enterprise security teams are much slower in utilizing cutting edge technology for a variety of reasons such as budgets, skills, migration issues, etc. On the other hand, hackers use the latest and greatest, usually through illegal means to launch faster attacks.
A key lever available to enterprise security teams to drive quicker and more effective utilization of advanced technology is to work with the boardroom, and create a culture of zero tolerance for compromises on security and low grade technology. The way to do this is with a specialized IT security architecture and design function that facilitates rapid assessment and deployment of technology for quicker and more effective defense. Further utilization of external service providers with specialized skills helps achieve the deployment and service management goals.
As I see it, the power of technology combined with a holistic view of defense strategy and speed of action can build confidence that empowers cyber security teams to defend the boundary-less enterprises of today.