Twitter: @MikeDeCesare
We have never been more connected than we are today, and the number of devices will continue to skyrocket to 29 billion by 2020 with 12 billion of those connected to enterprise networks – that is double the 6 billion devices we see in the enterprise today. And these numbers are conservative.
RSA is around the corner and I have no doubt there will be a focus on “visibility” again this year. From what I remember, last year every vendor was touting some sort of visibility value proposition and message in their booth or through advertising and branding around the Moscone Center. But what does visibility actually mean? Why are we just now starting to talk about its value? How should you think about visibility as part of your broader security strategy?
Let me kick off the discussion and give you my point of view on why VISIBILITY is the Next Big thing in Cyber.
It was more than 10 years ago that Apple released the iPhone. I can vividly remember my first interaction with my IT department, who was not prepared (or thrilled) at the concept of connecting a device to the company network. Mostly because it was not owned by the company and therefore was not equipped with all the security products typically provisioned onto managed assets or computers owned by the company. What I didn’t realize at the time was that this was the start of IoT. Back then we called it BYOD or “bring your own device” to work. But over time as the volume and diversity of devices and operating systems expanded, the life of a CIO changed. Prior to that day CIO’s fundamentally controlled everything on their network meaning all the machines would have been purchased by the company, loaded with security and then put on the network. But the iPhone represented a device owned by the individual but still expected to be allowed on the network.
Fast forward to 2018 and those same CIO’s are now dealing with literally thousands of different devices, many of which are running closed, proprietary operating systems. These devices span categories like smart phones, security cameras, HVAC controllers, VoIP phones, smart TV’s and even Amazon Alexa. All of these devices expand the attack surface that CIO’s need to protect. Because of this simply knowing what is on your network is the first step in making sure you are spending your money in the right places. Now let’s take a look at why visibility is the next big thing in cybersecurity this year and beyond.
The Explosion of IoT Devices
The first trend that is causing visibility challenges is the diversity of all the devices coming onto a company’s network. There are thousands of devices in a campus environment today with very little standardization on operating systems. This means security companies can no longer take the traditional endpoint security approach of installing a small piece of security software (known as an agent) on every device. This might still work for Windows and Linux, but as the percentage of devices grows that use other operating systems, this leaves a company with major blind spots on their network.
Data Centers are Moving to the Cloud
The second reason visibility is key is due to the movement from a data center that was a controlled environment to a data center that is a hybrid mix of both physical and virtual. The data center houses a company’s most critical assets – servers, customer data, financial data, source code – so security is paramount. Years ago, if you went to any physical data center, IT would keep the data center secure by physically limiting who had access. But the explosive growth of virtual servers as well as the movement of physical assets from the data center up to the cloud have changed everything. Amazon AWS, Microsoft Azure and Google have all done a great job on luring companies to move compute power up to the cloud. But in addition to the sought-after benefits, this migration also comes with new challenges. The once heavily controlled physical environment is now a hybrid mix of physical, virtual and cloud. The reality is that as virtualization and cloud instances grow, simply knowing what is on that hybrid data center network is a challenge.
Intersection Between IT and OT – or Industrial IoT
Finally, the intersection between corporate IT (campus and data center) and OT (industrial control systems) is driving the need for increased visibility. Ask most CIO’s and they will tell you that there are physical air gaps between these systems. But look closer and we find all types of intersections between these systems. One example here is our home power systems. Traditionally the power companies sent people out to knock on your door, read your meter and then bill you for your usage. But with the introduction of the smart meter those same power companies were able to save a ton by automatically being able to beam down to your house once a month and pull your current power usage and bill you correctly. Your house which sits on the OT network is connected to their billing system that sits on the corporate IT network. There are literally thousands of examples of similar type systems and every one represents an increase in the attack surface that has to be defended.
The net of all of this is that visibility must be the foundation of any good cyber security strategy. A company can put every security product in the market on 99% of their devices and the reality is the bad actor will find the 1% to penetrate. And most of the high-profile breaches of late are living proof that a skilled attacker once inside can move laterally or east and west on a network to gain access to confidential business and mission critical data.
Before you think about other security technologies, visibility needs to be first on your list. Once you have full visibility across your environment, you can then regain control.
