Securing large amounts of data begins with a good governance model: McAfee

IT leaders and CIOs have been the frontrunners and the most-stressed employees in the digital transformation journeys dominated by the cloud. The case of COVID-19 will directly impact software supply-chain risk, which may also create ancillary software supply-chain security risk. As supply chains become more complex and more connected, supply chain security is becoming a bigger and bigger issue for enterprises.

Security fundamentals still apply. You need to ensure your business can work remotely and flexibly and that employees are confident in being able to do so. This may require you to revisit decisions on access rights, entitlements and risk posture.

Here Vamsi Ponnekanti, Head of Technical Sales, India & SAARC, McAfee, addresses major security issues. Excerpts from an interview.

DQ: How is the cybersecurity in supply chain being handled during Covid-19?

Vamsi Ponnekanti: Almost every business today is dependent on supply chains, and with increasing digitization, managing security risks in supply chains becomes essential. The past few years have seen supply chains become increasingly complex, also leading to an increase in number of partners and suppliers in the mix. Riding on this growth and integration, attackers seek to gain access to entire networks, exploit partners and suppliers to gain entry to your internal systems and sensitive information.

Moreover, the pandemic has made it evident how dependent and vulnerable supply chains are. During this time, lockdowns and supply chain disruptions have caused tremendous losses to businesses, leading them to find alternative suppliers, or moving supply chain operations to other regions. This new and quick integration makes businesses vulnerable to theft or extortion by cyber adversaries. Managing risk across an extended supply chain is challenging, especially with larger businesses that may have thousands of disparate third, fourth and fifth parties in the mix.

Maintaining security of the supply chain is like setting quality standards for the partners; classify what each supplier does, identify critical facets of their contractual obligations, and accordingly, define a baseline of security requirements for them. Frameworks such as ISO/IEC 27036 can help define a solid baseline.

This should be followed by regular assessments of security and privacy controls, either done directly by supply chain professionals or by third party partners. Organizations should set up cross-functional teams with specialists who can help assess risks specific to their business partners and processes.

DQ: What are the steps taken to improve Big Data cyber security?

Vamsi Ponnekanti: ‘Big Data’ is simply a term used to describe a very large data set, mined, and analysed to find patterns and trends. This however, presents both opportunity and risk for IT teams. Securing increasingly large amounts of data begins with a good governance model across the information life cycle. Big Data security is the process of securing data and analytics processes, both in the cloud and on-premises, from a host of internal and external factors that could compromise its integrity.

The foremost step in securing this vast amount of data is a common security process – encryption. Encrypted data is useless to external actors as they don’t have the key to decrypt it. Encrypting data means that data is protected at all times. The second is data classification, to identify valuable or sensitive data which may require the highest levels of security.

As Big Data analysis often relies on the power of distributed computing, the next step is access control, limiting access to sensitive data by implementing granular controls, including defining who has access to edit or share versus who can only read a file. Finally, controlling who has root access to this data and analytics platforms is another essential element to protecting your data. In order to reduce opportunities of an attack, businesses should rely on a tiered access system sometimes also referred to as least privilege access.

DQ: Multi-cloud and network solutions will mean data is more distributed and micro-service driven, which opens up more opportunities for security threats. How is that being handled?

Vamsi Ponnekanti: Although the technology infrastructure supporting hybrid and multi-cloud environments has made substantial advancements over the years, much work is needed to ensure they are operating with advanced security. Successful integration of a multi-cloud environment poses a real challenge, as multiple clouds mean a larger threat surface and a bigger landscape to secure. This calls for a need to visualize, synchronize, and govern security policies across cloud service providers to ensure consistency.

A uniform enforcement policy is key to maintaining consistency of data protection and threat mitigation. Conditional and contextual access to devices and data is critical for organizations to fully accomplish cloud-based collaboration. Another measure is using cloud-agnostic cloud security solutions that can easily integrate with any cloud service vendor and can scale with increased applications and workloads.

Managing security for multi-cloud environments can be complicated for IT teams, choosing a solution that can automate their tasks, reduce the risk of human error, and providing continued protection of sensitive data at rest or in transit.

It is also recommended that businesses adopt a multi-cloud management solution that offers a unified view and controls to manage data security across all their cloud deployments. Cloud service providers have their infrastructure safe, however, the responsibility of protecting of your data is always yours.

DQ: How are CIOs dealing with employees with respect to home network security?

Vamsi Ponnekanti: Last year, when the workforce had to suddenly transition to a remote way of working, it opened a pandora’s box for most CIOs, as every employees’ home networks became a potential security threat to their businesses. The new-normal forced CIOs to quickly find ways to secure tens of millions of new, vulnerable endpoints. CIOs had to transform from being Chief Information Officers to Chief Innovation Officers, as they juggled between monitoring and preventing threats, securing VPNs, managing multiple networks, and aiding remote workers.

CIOs became the primary drivers of business continuity, as they focused on providing employees with secure access to company data, which was previously only accessible through on-premise, secure infrastructure. IT leaders and CIOs have been the frontrunners and the most-stressed employees in the digital transformation journeys dominated by the cloud. Those that took a cloud-first approach and focused on accelerating data migration have been able to better navigate through the crisis.

DQ: New technology such as IoT will create a larger attack surface. How is that being managed?

Vamsi Ponnekanti: The Internet of Things (IoT) in simpler terms are interconnected devices that interact with the physical world. A major risk that businesses face is managing the security of a huge number of IoT devices that keep adding up through the digital transformation journey. As these devices provide a much larger attack surface for hackers through application, hardware, network, etc., the concerns regarding their security increase greatly.

Compared to the typical IT systems, IoT requires a different approach to security. Security can be patchy too for some IoT devices with low-cost, low-powered items. It also becomes easier for hackers to scan through devices with weaker passwords. The most basic step would be to have strong case sensitive alpha-numeric passwords for all IoT devices, making them less prone to hacking. A truly effective IoT security strategy must span three levels of technology architecture – the device, the connection, and the cloud.

Organizations must also make sure that their IoT security architecture addresses key issues such as integrity assurance, privacy, trustworthiness, and accountability. Our open and connected McAfee security ecosystem not only enables IoT manufacturers to automate their defence with fewer resources, but also helps detect, protect, and correct threats faster. Lastly, providing integrated central security management, reporting, monitoring, and analytics for critical insight and proactive device control is essential for any business to safeguard its IoT infrastructure.

DQ: What are the three technologies that will transform cyber security in 2021?

Vamsi Ponnekanti: New innovations and trends in technology will always have a direct impact on cyber security. Going into 2021, a few technologies that will make an impact on cybersecurity include:

Quantum computing – Quantum computing holds great promise in various areas, but also poses a significant threat to cybersecurity. To begin with, it requires a change in how we encrypt data. Although quantum computers don’t yet technically have the power to break most of our current forms of encryption, there is still a pressing need to stay one step ahead and devise quantum-proof solutions.

To mitigate the threats we soon will face, we need to change how data is secured and must approach quantum threats as we do other security vulnerabilities - by deploying a defence approach, one characterized by several layers of quantum-safe protection.

5G – 5G has been nearly a decade in the making, 5G networks will soon be used for everything - from entertainment to healthcare. Despite the hype around 5G, its introduction raises significant cybersecurity concerns. From a security standpoint, the introduction of this next-gen network could potentially open more avenues for potential cyberthreats.

It could increase the likelihood of denial-of-service, or DDoS, attacks due to the number of connected devices. This signifies that users, devices, software, networks, and back-end infrastructures – will all play an imperative role in improving the security of the 5G ecosystem.

Cloud – Cloud computing and its security will continue to have a transformative impact on the security industry well into 2021, as the trend of remote work is here to stay. With the initial move now complete, 2021 will be focused on scaling up cloud services and re-imagining organizational workflows.

Challenges such as visibility into infrastructure security, compliance with regulatory mandates, setting of security policies, lack of IT expertise, unsecured APIs, and insider threats fail to keep up with the pace of change in applications. This envisions a new era for security teams, including a focus on better application security tools, scaling on premise security tools to the cloud and enabling a holistic view of security. Securing the ecosystem of interconnected cloud-based solutions will become a business priority in 2021.