Businesses must address complex IT issues in order to combat cybercrime
Complexity has very much become the norm for today’s businesses. The rapid rise in the adoption of public, private and hybrid cloud platforms, combined with hugely intricate networks consisting of a growing number of network devices and the rules that govern them, means network architectures are constantly evolving.
This rate of development presents a huge number of opportunities for businesses, including the ability to offer new, innovative services, work in more efficient ways and achieve greater business agility. However, it is also resulting in significantly increased levels of complexity for IT teams, which makes staying secure a real challenge.
Indeed, complexity is now viewed as one of the leading risk factors impacting cybersecurity. According to a recent report from the Ponemon Institute, 83% of respondents believe their organisation is at risk because of the intricacy of business and IT operations, highlighting just how prevalent the issue has become. And, with nearly three-quarters (74%) of respondents citing a need for a new IT security framework to improve their security posture, businesses need to find a way to deal with this complexity and the risks it presents.
Ultimately, it comes down to efficiently managing a complex web of solutions, while also keeping cyber defences intact.
When it comes to maintaining security, one of the biggest issues facing businesses today can be best visualised through a ‘patchwork quilt’ analogy. Not only are networks increasing in size, firms are also being faced with the challenge of figuring out how to patch together several different systems and services from a wide range of vendors, all of which have distinctive features and capabilities.
The sheer quantity of tools and services being used across heterogeneous environments – multi-vendor and multi-technology platforms, physical networks and hybrid cloud – means a larger attack surface. As the attack surface grows, gaps can appear where attackers can find their way inside the network. And, without true visibility across the entire architecture and a clear view of each piece of technology, it’s difficult to find and close those gaps.
The services and applications in these various systems will also likely require different security policies, further adding to the complexity. For example, changing one security policy could have implications elsewhere, and without proper visibility, IT teams aren’t always aware of how one change impacts the entire network. Not only can this have security repercussions, but it can also have a negative impact on business continuity. But it’s not just the technical side of things that businesses should be solely concerned with. The human factor of security also must be addressed.
It has become clear that the complexity issue is further heightened by the fact that today’s IT security teams are often understaffed and don’t have the required levels of expertise to effectively deal with cyber threats.
The so-called ‘skills gap’ has been a widely discussed topic in cybersecurity and one that is becoming more prevalent as cybercriminals expand their capabilities, and corporate environments become more intricate. As a result, many businesses are lacking skilled information security personnel needed to securely manage their complex networks.
Human error and misconfiguration risks are also more prevalent than ever. The likes of security lapses, improper firewall management and vulnerabilities being overlooked are all very real concerns that, due to the complexity of modern networks, can become commonplace.
To address these challenges, businesses need to be able to streamline the management of security policies. By using a centralised policy management tool that looks across the entire network and automatically flags policy violations, the task for IT teams will be significantly simplified, giving them greater levels of visibility and control.
Furthermore, policy-driven automation can be used to ensure a company’s security strategy is consistent across the whole organisation, while also being able to identify high-risk or redundant rules with a greater degree of accuracy than through manual efforts. This way, businesses can continue to develop their infrastructures and grow their businesses without having to worry about opening themselves up to security risks.
From a people point of view, carrying out reviews of existing rules and policies is a tedious and time-consuming task to do manually, which can easily result in mistakes being made. But, an automated tool can remove the threat of human error. It can also complete this job in a fraction of the time, thereby making IT teams more efficient and freeing them up to perform higher level functions that increase the business’s overall security.
Coping with complexity is a very real problem for IT security teams, but it is one that can be overcome. By embracing automation, organisations can be sure that nothing will fall through the cracks and, even when a new piece of software is introduced, the overall system will remain as secure and agile as possible.
Businesses addressing the technical complexity and the human factor of corporate networks can continue to grow and add new services, safe in the knowledge that their defences are stronger than ever.
Andrew Lintell, Regional Vice President Northern EMEA, Tufin
Fastly's CDN Reportedly to Blame for Global Internet Outage
A huge outage has brought down a number of major websites around the world. Among those affected are gov.uk, Hulu, PayPal, Vimeo, and news outlets such as CNN, The Guardian, The New York Times, BBC, and Financial Times.
It is thought a glitch at Fastly ─ a popular CDN provider ─ is causing the worldwide issue. Fastly has confirmed it’s facing an outage on its status website but fails to specify a reason for the fault ─ only that the problem isn’t limited to a single data centre and, instead, is a “global CDN disruption” that is potentially affecting the company’s global network.
“We’re currently investigating potential impact to performance with our CDN services,” the firm said.
What is Fastly?
Fastly is a content delivery network (CDN) company that helps users view digital content more quickly. The company also provides security, video delivery, and so-called edge computing services. They use strategically distributed, highly performant POPs to help move data and applications closer to users and deliver up-to-date content quickly.
The firm has been proving increasingly popular among leading media websites. After going public on the New York Stock Exchange in 2019, shares rose exponentially in price, but after today’s outages, Fastly’s value has taken a sharp 5.21% fall and are currently trading at US$48.06.
What are CDNs?
Content delivery networks (CDNs) are a web of small computers, or servers, that link together to collaborate as a single computer. CDNs improve the performance of internet-connected devices by placing these servers as close as possible to the people using those devices in different locations, creating hundreds of points of presence, otherwise known as POPs.
They help minimise delays in loading web page content by reducing the physical distance between the server and the user. This helps users around the world view the same high-quality content without slow loading times.
Without a CDN, content origin servers must respond to every single end-user request. This results in significant traffic to the origin and subsequent load, thereby increasing the chances for origin failure if the traffic spikes are exceedingly high or if the load is persistent.
The Risk of CDNs
Over time, developers have attempted to protect users from the dangers of overreliance through the implementation of load balancing, DDoS (Denial of Service) protection, web application firewalls, and a myriad of other security features.
Clearly, by the state of today’s major website outage, these measures aren’t enough. Evidently, CDNs present a risk factor that is widely underestimated ─ which needs to be rectified with haste. Content delivery networks have become a key part of the global infrastructure, and so it’s imperative that organisations start to figure out risk mitigation strategies to protect companies reliant on the interconnected service from further disruption and disarray.