Distributed IT architectures, thanks to the cloud and its close cousins ‘hybrid computing’ and ‘virtualization’, have transformed how organisations use, think about, and buy technology.
Companies are now able to scale as far as they need or want, without being burdened with large upfront capital expenditure and the spectre of rapid obsolescence. Computer resources and access to applications can be provisioned faster and cheaply, no matter where staff are or what device they’re using.
But, as any risk professional is bored of saying, with more freedom and flexibility comes more risk and unpredictability.
The knock-on effect
It’s hard enough managing every piece of a hybrid IT environment in isolation, but when they need to integrate and work together as a collective whole – where changes to one piece has a knock-on effect on others – we are faced with the prospect of one small problem in one part of the network spreading very quickly to disrupt the whole system.
This risk of disruption or attack is compounded by the fact that some cloud and hybrid system architectures still require, or it’s beneficial for them to be, in the public cloud, as opposed to closed or private networks which are easier to control and secure.
The problem is that, regardless of the difficulties, at some point you will need to figure out a way to ‘embrace the mess’ because technologies and our organisations are increasingly demanding a cloud-first or hybrid approach. The real challenge, therefore, is not so much whether you should adopt a hybrid approach, rather it’s more about how you can achieve a consistent security posture across your entire environment with one.
The value of your data
Most organisations underestimate the value of their data and, as such, do not employ the level of security mandated by the relevant laws and regulations. The Australian Privacy Act, for example, orders organisations to adopt robust risk management principles to manage threats originating from within their organisation.
A personal record is valued at $50 in the Dark Web, so your organisation is, potentially, an untapped goldmine for any nefarious character both outside or within your business.
It’s this lack of understanding around value that means organisations often don’t have in place the processes or technologies to know if a breach has occurred. Recent research has shown that only 10% of security breaches are ever discovered and that, even when detected, it’s generally some 200 days after it occurred and will take a further 70 days to secure.
How can you best go about securing your hybrid environment?
The ACSC Essential 8
A good resource to start developing a plan to secure your hybrid environment is what’s known as the Australian Cyber Security Centre’s Essential Eight, which is a list of the most important security considerations for businesses, as assembled by the Australian Signals Directorate (ASD) within the Australian Department of Defence (DoD).
Although serving as a general guide for all digital environments, a number of the points are especially relevant for securing hybrid environments given their increased ‘attack surface’.
Take things like ‘application whitelisting’ and ‘MultiFactor authentication’; all organisations and their relevant employees need to be across these concepts, but they can significantly reduce risk when adopted within hybrid environments.
Secure all of your endpoints
Security is so broad a topic that you can get caught going down infinite rabbit holes. A daunting task, yes, but often a required one, especially if your organisation is seeing a surge in the number of so-called endpoints.
Industries like retail, manufacturing, mining and financial services are experiencing exactly this as they are at the forefront in adopting the ‘Internet of Things’ (IoT); introducing vast numbers of increasingly intelligent, connected devices that are collecting and transmitting huge volumes of data. The problem with this is that organisations are losing visibility of their data because there are multiple data-exit points through they lose control of it. As such, there is a need to assess and implement data leakage protection controls.
But, leaving IoT aside, one of the biggest challenges facing industries such as these is how to maintain security at the furthest edges of the network where people are operating.
As technology makes it easier to provide access to networks and applications in remote locations, the very process of doing so demands that highly-sensitive access privileges must be pushed further away from the corporate datacentre.
Endpoints have become the main source of breaches as the user is essentially trusted to access those networks – people are often the weakest link in any chain due to sheer negligence in following security expectations. It’s also at these edges where policies of removing access controls from former employees and contractors is at its most lax, meaning that sometimes you don’t even need to hack a user to hack the server, but get access through authorised permissions.
It used to be that you could use some sort of thin-client technology, like Citrix, but today everyone is using standard operating systems over the web, leaving them more exposed and highlighting the need for some sort of endpoint protection technology.
Patching, patching, patching
Most people would be surprised to know there are typically several thousand vulnerabilities discovered in systems and applications every day, meaning hackers have virtually limitless options for breaking into many systems.
It’s critical that security is viewed as a moving beast; requiring vigilance for both inbound and outbound traffic.
Part of controlling your IT environment is about limiting what people can do by locking-down certain functions, but traditional security suites often don’t do a great job of this. Once a payload is successfully downloaded you need a plan for preventing information and data from being accessed and copied.
The ‘Whitelisting’ of applications and having a disciplined approach to patch management are critical, therefore, in establishing and maintaining a secure IT environment for all.
Brennan IT scan help you to secure and provide seamless management across your complete hybrid environment; discover more about how we can help you with your Hybrid IT environment.