Look to the IT edges to secure your digital transformation
By GRAHAM BUSHKESIndustry Innovation & Technology Manufacturing cybersecurity IIoT IoT manufacturing
Take a holistic view of security to develop a comprehensive strategy.
Earlier this year, an organization known as the Cyber Threat Alliance (CTA) released a report. In it, the group – which represents some of the world’s most prominent cybersecurity companies – doubled down on an important warning it first issued in 2016: beware of the growing risks associated with the “edges” of IT networks.
While that threat was critical several years ago, the stakes today are even higher. For years, those who oversaw company networks could mostly rely on firewalls to keep threats at bay. Those days are gone. Today, as manufacturers continue to embrace the many benefits that come with IoT and digital transformation, their risk profiles continue to grow. The explosion in endpoints has greatly expanded risk across the growing attack surface, and worse. Once a threat successfully makes its way inside these increasingly complex network environments, it becomes far more difficult to address.
To truly reap the benefits of the digital age, security professionals must adopt a new mindset and shift their attention to new connected edges where the risk of attacks are at their highest. The following are areas that require focus:
Defending the device edge. It’s difficult to overstate the impact mobile technology has had on manufacturing. We take for granted the use of devices that grow smarter, faster, and more powerful with each passing year. But this power and convenience comes at a cost. IoT devices are fundamentally insecure, often using easily exploited communications code or including hard-coded back doors. Many can’t even be updated or patched. What’s more, not only are these devices often implemented as-is, right out of the box, most companies are reluctant to conduct maintenance on them, as the demand for 100% operational uptime means many decide to simply leave well enough alone.
It should be no surprise, then, that these devices are so often successfully targeted by cyber criminals.
To properly defend the device perimeter companies must ensure all communications are encrypted, and that the security systems inspect that encrypted data at network speeds. It’s also important to establish a way to automatically identify and assess every device on the network from the moment they connect, then tie access to segmentation policies. This ensures each device is restricted to predetermined areas, without the need for manual intervention.
“Hardening” of devices should also be an integral part of any cyber hygiene program. When a device is booted it should automatically trigger an automated security check to ensure that nothing has been compromised. Patching and updating critical systems to remove vulnerabilities, where possible, also needs to be simple and automated. To help with this, configurations should be standardized and regularly checked for errors or manipulation. Segmentation helps ensure devices that can’t be automated remain protected and separated.
Another front opens
Defending the cloud edge. The race to the cloud by manufacturers is well underway, prompted by its inherent efficiency, scalability, elasticity, the massive computing power it offers users, and the prospect of more streamlined costs. Yet despite its many benefits, cloud computing has also opened another front for attackers to target and exploit.
The issue isn’t that cloud computing is insecure, but rather how companies choose to approach it. Cloud users often have a misconception about the security provided in the cloud, mistakenly believing that providers deliver all necessary security services. The reality is that cloud providers are only obligated to secure the underlying cloud infrastructure shared by all customers. Securing corporate data, applications and computer resources are the responsibility of the client.
Complicating the issue further is IT managers who are pressed for time, and may be tempted to seek out security solutions that can be rapidly implemented because they sit on top of the cloud infrastructure as a simple overlay. The problem is, any security solution that’s not designed from the ground up for the cloud will inevitably leave gaps in functionality, making it very difficult to establish any kind of consistent security policy that companies need, especially across and between different cloud and physical environments. Simply put, it’s a trade-off that companies can’t afford.
Protecting the cloud starts with deploying “cloud-native” security solutions, designed to leverage the management controls and APIs built into the cloud. But even those can run into trouble if users try to deploy and operate them in a “multi-cloud” environment that leverages many different providers and solutions. Just because a security application is designed for the cloud doesn’t necessarily mean it’s equipped to communicate seamlessly between different deployments. And when it comes to security, that kind of consistency is critical.
Ad hoc measures
To avoid this, companies should seek out solutions that take advantage of connectors, designed to translate commands and policies between different environments, enabling security updates to move seamlessly across cloud boundaries with a single click.
Defending the WAN edge. Cloud-based computing also puts pressure on organizations that support multiple remote offices. To keep pace with digital business requirements, many have had to transition from using traditional wide area network (WAN) technologies to software-defined WAN systems (SD-WAN). They optimize the performance of things such as hosted applications and unified communication services. However, most SD-WAN solutions come with minimal security, requiring organizations to resort to ad hoc measures when securing their branch connections and environments.
The takeaway for network managers is this: look for SD-WAN solutions with a fully integrated suite of security features that also work seamlessly with the other security solutions deployed across the organization. That ensures a consistent level of security at every branch location, while simplifying overhead through a single management and policy orchestration console. It provides visibility and control across every aspect of the distributed network.
While each edge has unique vulnerabilities, all must be seen as part of the same security environment. Stepping back and taking a holistic view of security is a prerequisite for developing a comprehensive strategy. An integrated, proactive stance, underpinned by security solutions that function as part of a unified and integrated fabric, are important steps on the way to achieving success during ongoing digital transformation efforts.
Graham Bushkes, the country manager for Fortinet Canada, has more than 32 years of experience in the IT industry. Fortinet is a provider of network and content security in Burnaby, BC. Visit www.fortinet.com.