Changing Security Landscape and an IT Giant’s Security Story
“There is no need to penetrate a network when one can breach the people who run it.”
I am sure you must be thinking whether this Taylor Swift quote of DefCon 2011 even stands relevant today and if that’s the case, we are in same boat.
The IT world has moved far-ahead from on-premise days and cloud is trending everywhere. Similarly, the network penetration and cyber-attacks have also evolved. The threats we see today are not new, but the level of sophistication our adversaries employ continue to reach new heights.
According to Cyber Security Ventures, global ransomware damage costs will exceed $5 Billion up from $325 million in 2015. The costs include damage and or loss of data, downtime, lost productivity, post-attack disruption in business, malware investigation, deletion of malware host devices, personal brand, and employee vigilance and enablement in direct response to the cyberthreats and ransomware attacks.
Cyber Security breaches, whether perpetrated by insiders or others, are an insidious threat, all the more so because those breaches, including the most disastrous ones, often are not detected until the damage is done. No board can afford to be complacent.
Changing times: “Reactive to Proactive”
In earlier days, the below quote used to aptly describe the state of security in IT landscape and how it was perceived.
“The only truly secure system is one that is powered off, cast in a block of concrete and sealed in a lead-lined room with armed guards.” — Gene Spafford
Cyber security has always been considered the private domain of IT, which was charged with the purchase and deployment of technology to defend against network intrusions and to have limited downtime post-attack. However, the long line of devastating data breaches at established brands is changing all that.
Operating in this new fragile environment is not easy.
In a latest study by National Association of Corporate Directors (NACD) on cyber security reveals some startling responses.
NACD’s Cyber risk oversight study revealed that over 90% of respondents believe their board’s understanding of cyber security risks still needs to improve.
Boards have now started changing their view of cyber security as being a core function of IT management, and are now demanding that C-suites treat cyber threats as an enterprise risk that should be addressed from a strategic, company-wide, and economic perspective. The mindset has also changed from reactive measures to a well fortified proactive approach.
The Vanishing Security Boundary
There was a time when protecting your environment simply meant setting up a strong perimeter to keep adversaries out. But with the significant growth of connected devices and services, including bring-your-own-device and cloud-based applications, that perimeter now extends across a much more diverse set of technologies.
Today with the explosion of data from both inside and outside of an organization, it’s clear that attack vectors are everywhere.
So, it’s a perimeter-less world, which is constantly evolving and under constant attack. We have seen how Wannacry and Petya has impacted the technology world. That’s the environment small businesses and enterprises must deal with.
During a recent catch-up, one of my friend from Microsoft talked about their Security strategy and I must say — I was impressed with this IT Giant’s approach towards Security.
Fun Fact: Microsoft is the only company in the world which has Security integral to its product and the whole approach is of not just Security but “Intelligent Security”.
Annually, Microsoft invests more than $1 Billion on security which is much higher than any of its competitors in this space.
How is it possible?
Microsoft today runs some of the biggest Internet services, both on the consumer side with things like Xbox Live, as well as on the business or the commercial side with services like Office 365 and Dynamics and Azure. And that gives it a pretty unique perspective to what’s happening, a great sampling of what’s happening in terms of both the attack vectors and how one responds to them.
Microsoft’s Intelligent Graph
Informed by trillions of data points across an extensive network of sensors, devices, authentication events and communications, the CDOC teams employ automated software, machine learning, behavioural analysis and forensic techniques to create an intelligent security graph of its environment. In a unified and holistic approach, it can detect attacks as they happen and before they can impact its services and customers.
Satya Nadella, CEO of Microsoft believes in what digital technology can do to every walk of life and every industry and he has been extremely optimistic about it while talking at Washington DC to government workers and sharing the Microsoft Security story.
Digital technology is at the core of everything going forward. And, therefore, when Microsoft talks about empowering every person and every organization on the planet it becomes even more paramount to build trust into the core of computing. And that is what it endeavors to do.
I am extremely excited about impact of technology and the way our world is completely shaped by that in current era.
The mantra of any organisation in today’s world towards security should be: ‘Security is a not a product, but a process’
It’s more than designing strong cryptography into a system; it’s designing the entire system such that all security measures, including cryptography, work together and this system is being feeded constantly.
We are living in extraordinary times. While the evolution of cloud computing has transformed the way we work, recent activities in our world has put an immediate to ask towards security from cyber-attacks. I hope that industry and government will play a big role and Microsoft’s stand for the same is truly appreciated.
I hope you enjoyed my views on “Changing security landscape & an IT Giant’s security story”. What do you think? I look forward to interacting with you.
Pls comment here or tweet me.
Thanks.
