Imagine a scenario where an attacker breached the perimeter boundary and business continued as usual.
No televised news segment. No newspaper article. No walk down the long corridor to the boss’s office.
It’s a scenario that becomes a reality with a fundamental shift in security posture focused on data-centric security.
Chief information officers (CIOs), chief information security officers (CISOs) and business leaders face a perfect storm of exponentially increasing volumes of data, types and quantity of devices, and velocity of threats.
Historically, the energy spent on securing data has been focused on building a better “wall.” It’s an approach that no longer works in today’s perimeter-less world where some seven billion connected devices (80 billion by 2025*) have opened a liquid stream of data vulnerable to attack.It is time to shift our security posture to focus on a liquid approach to cybersecurity—where strong, immutable identities, hardened data and an ever-changing polymorphic attack surface enable us to move beyond cyber resilience to a constant state of business operations.
The shift to identity as the new perimeter requires a smart liquid security approach built on a dynamic platform that can keep pace with threats and easily adjust as the threats themselves change and adapt.
It demands a focus on data-centric approaches that harden and protect the data itself and ensure control over data, even after it has left the organizational boundary. This approach is achieved by embracing cloud technology and using the software-defined world to create constantly shifting, hard to find and self-healing attack surfaces that make it difficult for malware to gain a foothold.
We must focus the big data lens on internal and external behaviors and apply advanced analytics, artificial intelligence and machine learning to discover and act against threats in real time so that when the inevitable breach occurs, rapid detection, isolation and remediation without disruption of ongoing business operations becomes the norm.
A recent flash poll by Government Business Council found these to be the top three techniques agencies use to secure application data1.
Two important considerations:
Remember, we got into our current cyber posture one system at a time, we will solve the problem the same way. The journey to a liquid security environment must begin wherever the organization is today. Which means applying a security layer to existing legacy systems while ensuring the security layer is agile enough to move forward as the environment evolves.
Security is everyone’s problem—not just the CIO or CISO. Cybersecurity teams need leaders across the business to be vested in the liquid security journey and security must be built into all systems from the onset.