Skip to main content Skip to Footer

LATEST THINKING


What if there was a security breach … and nobody cared?

Imagine a scenario where an attacker breached the perimeter boundary and business continued as usual.

No televised news segment. No newspaper article. No walk down the long corridor to the boss’s office.

It’s a scenario that becomes a reality with a fundamental shift in security posture focused on data-centric security.

Chief information officers (CIOs), chief information security officers (CISOs) and business leaders face a perfect storm of exponentially increasing volumes of data, types and quantity of devices, and velocity of threats.

Historically, the energy spent on securing data has been focused on building a better “wall.” It’s an approach that no longer works in today’s perimeter-less world where some seven billion connected devices (80 billion by 2025*) have opened a liquid stream of data vulnerable to attack.  

It is time to shift our security posture to focus on a liquid approach to cybersecurity—where strong, immutable identities, hardened data and an ever-changing polymorphic attack surface enable us to move beyond cyber resilience to a constant state of business operations.

A shift to data-centric security

The shift to identity as the new perimeter requires a smart liquid security approach built on a dynamic platform that can keep pace with threats and easily adjust as the threats themselves change and adapt.

It demands a focus on data-centric approaches that harden and protect the data itself and ensure control over data, even after it has left the organizational boundary. This approach is achieved by embracing cloud technology and using the software-defined world to create constantly shifting, hard to find and self-healing attack surfaces that make it difficult for malware to gain a foothold.

We must focus the big data lens on internal and external behaviors and apply advanced analytics, artificial intelligence and machine learning to discover and act against threats in real time so that when the inevitable breach occurs, rapid detection, isolation and remediation without disruption of ongoing business operations becomes the norm.

A recent flash poll by Government Business Council found these to be the top three techniques agencies use to secure application data.

A recent flash poll by Government Business Council found these to be the top three techniques agencies use to secure application data.

Embracing the secure cloud

The velocity of the threats agencies are experiencing demands a fundamental shift in security posture focused on data centric security. Organizations need a cost-effective, efficient and flexible security solution that enables continuity of operations.

The answer? Cloud technology. However, many federal agencies are still in the early stages of their cloud evolution.

According to a recent flash poll from Government Business Council:1




AND

of federal leaders consider
their agencies’ cloud
security operational or
advanced

of federal leaders say
their agency has yet to
implement a cloud
security architecture



  1. Government Business Council, Flash Poll, September 2016

Recommendations

Two important considerations:

Start where you are.

Remember, we got into our current cyber posture one system at a time, we will solve the problem the same way. The journey to a liquid security environment must begin wherever the organization is today. Which means applying a security layer to existing legacy systems while ensuring the security layer is agile enough to move forward as the environment evolves.


Build a culture of security everywhere.

Security is everyone’s problem—not just the CIO or CISO. Cybersecurity teams need leaders across the business to be vested in the liquid security journey and security must be built into all systems from the onset.

Author

Gus Hunt

Managing Director and Cyber Lead
Accenture Federal Services


Email Follow Gus Hunt on Twitter. This opens a new window. Connect with Gus Hunt's Profile on LinkedIn. This opens a new window.

ABOUT GUS: As former CTO for the CIA, Gus Hunt continues to help protect our nation's most valuable data as Accenture cybersecurity lead.

Suggested content