Security in the age of Digital Disruption
Last week, I had the opportunity to present to an audience of over 100 Indian IT Leaders at a flagship event. A quick show of hands confirmed that over 90% of them were involved in at least one initiative on Digital Transformation. And it isn’t difficult to understand why.
With technology creating a level playing field, new-age “Digital Disruptors” have a very low entry barrier to new and adjacent markets. One example of this is Amazon, which started life as an online “e-tailer”, but now has sizeable business interests in areas like Media & Entertainment, Financial Services, Transportation & Logistics, and Public Cloud, among others. According to research by IMD, Digital Disruption from new market entrants now impacts half of companies globally, and has become a top-of-mind issue at the board level. The only way incumbents can ready themselves for this onslaught is by leveraging digital technologies themselves, to transform their own business and operating models.
Transformation and the IT Infrastructure
For IT teams, this presents a peculiar challenge. The pace at which business expects digital capability far outstrips the traditional rate of change in IT – making it vulnerable to risk. How do you balance the need for speed, with the requirement for predictability and risk mitigation?
The answer: Build IT infrastructure malleable enough that it can be moulded to any requirement, while conforming to corporate policies. This is the reason that most organizations start out with an initiative to “Modernize” the infrastructure. It sounds easy enough, but can be extremely challenging when you are dealing with brownfield, and potentially multi-vendor environments. The key to success here is to leverage modern advances in Software-Defined infrastructure as well as SaaS services.
The Security Conundrum
Let’s take the requirement of security, for example. In the scenario of microservices, containers, public clouds, APIs, IoT and more, the application is getting rapidly distributed from the Data Center, to the Cloud to the Edge. Similarly, Users and Things need to access these apps from anywhere in the world (or space, in the not-too-distant future). How do you secure such a distributed environment? Traditional methods of perimeter security fall woefully short. In fact, the perimeter as we knew it, doesn’t exist anymore! The user is the new perimeter. The app is the new perimeter. The “Thing” is the new perimeter!
That brings us to the all-important concept of “Zero-Trust”. Zero Trust is a comprehensive approach to securing all access across your networks, applications, and environment. It is not limited only to the Data Center or Cloud, but extends to end-user Devices, IoT, the network and anything else that data traverses. It helps prevent unauthorized access, contains breaches and reduces the risk of an attacker’s lateral movement through your network. In short, it helps you exert better control over your security posture and reduce your overall attack surface.
The principle of Zero Trust is pretty simple – when someone or something requests access to corporate assets, you must first verify their trustworthiness before granting that access. A comprehensive Zero-Trust implementation should allow you to:
- Consistently enforce policies and controls
- Gain visibility across the entire environment – users, devices, components and more
- Get detailed logs, reports, and alerts that can help you better detect and respond to threats
In the next blog, I will cover a little more in detail on how to plan and implement a Zero Trust environment across your entire infrastructure – for your workloads, your workforce and your workplace.