Digital transformation requires a modern approach to cybersecurity
- By George Kamis
- Oct 04, 2019
Although organizations are expected to spend more than $1 trillion on cybersecurity by 2021, “no matter what defensive measures security professionals put in place, attackers are able to circumvent them,” the authors of Verizon’s 2019 Data Breach Investigations report wrote. In particular, they said, the public sector is highly vulnerable -- with state-affiliated actors representing 79% of all breaches involving external hackers, and privilege misuse and insider errors accounting for another 30%.
The race to digital transformation has made agencies' cybersecurity challenge even more daunting. Forrester Research surveyed 1,600 IT decision makers and found that security was their greatest digital transformation hurdle.
When done well, modern cybersecurity can actually help accelerate digital transformation. Finding the right balance between digital transformation and security, however, is critical. To achieve this balance, agency IT professionals must first understand the elements of digital transformation that create both opportunity and risk. Then they can adopt processes and policies that target the risk without impeding opportunities.
Digital transformation creates opportunity and risk
Digital transformation is about agility, connectivity and collaboration. These four transformation hallmarks create enormous opportunities while also exposing agencies to significant risks:
Cloud services. Applications like Dropbox, Office 365 and others are becoming commonplace in the public sector, but there are likely many others -- some unsanctioned (e.g. shadow IT) applications that employees are downloading unbeknownst to federal IT managers. This situation has led to multiple security blind spots and fragmented security management and accountability.
Data flow. Data needs to flow freely yet securely, but with the massive amount of data being created -- more than 90% of the data in the world was generated over the last two years -- there's not enough safeguards in place to ensure its security. Securing mission-critical data while still allowing its relatively free movement is a tall order for resource-constrained IT teams, especially given the shadow IT challenge.
Hyperconnectivity. As workflows move to the cloud, workforces, devices and business processes have become globally hyperconnected. Anytime/anywhere availability is a must-have for government employees who need immediate access to information, but it effectively eliminates the defined perimeters that once existed within agencies. Today we must protect the human perimeter, which contains millions of inherent vulnerabilities from employees leveraging BYOD and internet-of-things devices to work faster and smarter.
Open communications. All of this technology is facilitating better, faster and more open communications among government employees. That improves productivity and workflow processes, but it also creates an urgent need to ensure trusted interactions between employees, vendors, partners and others.
Targeting risk by focusing on users and data
IT has traditionally relied on firewalls, secure websites, email gateways and other “point solutions” to defend against attackers, but those types of appliances in and of themselves are not enough to protect today's boundary-less world. Agencies working toward digital transformation and cloud migration should focus less on protecting themselves with infrastructure and more on securing their users as they interact with data.
Infrastructure-centric security traditionally applies generic policies to groups, departments or an entire agency, but that approach is inadequate for today’s digitized environment, which is in large part about empowering individual users. Agencies are encouraging employees to work and communicate more efficiently and effectively through their daily interactions with data and specific cloud applications.
Blanket security policies don’t support this effort. Instead, their “all or nothing” approach can generate high false positive rates, forces workarounds and make it difficult to find suspicious activities -- a needle in the haystack problem for the cybersecurity team and a golden opportunity for hackers.
Instead, agencies should adopt a one-to-one personalized approach to security that is rooted in user’s behavior and intent. Different users have varied proximity to proprietary or classified data. Those that are closest to this data should be categorized as high risk and monitored accordingly.
If one of those users shows signs of uncharacteristic behavior -- for example, logging into the network from an unknown IP address or using an unsanctioned application to share information -- that user should be immediately flagged. Security policies should be enforced for that user alone, without impacting the productivity of the rest of the team and without compromising the underlying intent (agility, productivity, efficiency) of the agency’s digital transformation efforts.
Evolving security to meet today’s requirements and threats
This doesn’t mean agencies should necessarily move on from tried-and-true security solutions. Firewalls and other traditional security solutions are still valuable as a first layer of defense.
But those solutions should incorporate -- or at least be complemented by -- a human-focused approach. For instance, cloud access security brokers that include an element of user-centric security can not only help agencies secure cloud applications, they can help IT teams gain a better understanding of who is accessing those applications and how they’re using them.
The methods that malicious attackers use to attempt to infiltrate government networks and exfiltrate data will continue to evolve. Agencies must ensure that their security procedures evolve, too, especially as they undergo digital transformation. Organizations must move toward a targeted cybersecurity strategy that strengthens security while affording employees the freedom they need to be productive and transformative.
George Kamis is CTO for global governments and critical infrastructure at Forcepoint.