One of the big misconceptions about cyber security is that organisations can maximise protection by focusing their attention—and investments—predominantly on protecting the headquarters environment and physical network. It stems from a model whereby we have treated the business as our kingdom, and the headquarters as our castle. As threats would increase from the outside, you could build additional protections—moats and bridges—to control who could get into the castle, and how they could get in. Any threats could be identified and handled before they could do harm. In our analogy, the moats and bridges translate into firewalls and security policies.
But our proverbial kingdom has changed. We no longer have just centralised castles to protect. With branch offices, remote sites, remote users and mobile workers, our domain is now everywhere. According to research by AT&T, more than 50% of companies experienced security breaches from employee mobile devices over the past year. The question becomes: How can we securely protect our central castles as well as our people and locations around the world at all times, whether they are stationary or mobile?
Look to the cloud
The beauty of the centralised castle and moat methodology of protection was in its simplicity. It was a model we could easily understand and replicate across our entire environment, no matter how many branch offices we created. Mobility and remote workers have made protection far more complicated, yet we continue to yearn for simplicity.Fortunately, technology innovation provides a way to address today’s security challenges by updating our protection methodologies. By moving toward a cloud protection model and away from a model based on protecting headquarters, organisations can be more cost-effective, proactive, reactive and consistent in their approach to cyber security.
The concept of cloud-based security represents an important approach to cyber risk management in today’s world. The idea is to leverage a services-based model for security, whereby the infrastructure is provided by an expert provider and your IT and security teams control the policies and protections based on your own specific needs.
Advantages to this new approach:
* By leveraging the cloud you don’t actually have to build anything. You can use your IT resources more strategically to focus on revenue-producing projects;
* Budgetary concerns are always an issue for IT organisations and cloud allows organisations to shift from a capex model to an opex model. This model is always more predictable and typically more efficient because you only pay for the services you actually need;
* By leveraging a cloud provider the organisation has a much better chance of “future proofing” security;
* Agility, flexibility and simplicity are hallmarks of modern businesses that successfully embrace digital transformation. Cloud is a model that enables you to achieve all these: Building more castles, moats and bridges takes you in the opposite direction—backwards, not forwards.
By: Sean Duca
The writer is vice-president and regional chief security officer, Asia Pacific,
Palo Alto Networks