With the digital technologies utilized by businesses and consumers becoming complex and cyber-attacks against seemingly sophisticated organizations becoming almost daily news, it is no surprise that security of their company’s applications, network and data is on the top of the mind for any business leader worth their salt.
What better way to outline trends in security than to talk to the experts of security themselves? And what more effective way to remember said trends than to compare them to puppies? Here are the cybersecurity trends and technologies that CISOs are discussing:
- Zero Trust: With a shift to remote work and applications being hosted on the cloud as opposed to on-premise, the company’s security perimeter is no longer the corporate network and the attack surface has expanded at a ridiculous pace. To adjust to this new environment where the traditional network edge has all but disappeared, CISOs are considering the Zero Trust security model. The zero trust model’s motto of “never trust, always verify” means that all users, whether internal or external to the organization, should be authenticated before getting access to applications and data, provided the LEAST amount of privileges to perform their jobs and continuously validated for their security posture. Zero Trust differs significantly from the traditional network security principle of “trust but verify” where internal users and devices are automatically trusted if they’ve logged in before.
Identity-based segmentation, multi-factor authentication, finely grained identity and access management policies and verifying the security posture of end-point before they are granted access are some of the technologies that CISOs are contemplating as they evaluate the zero trust model.
Zero Trust access is kind of like the access you give a new puppy in your house: every puppy makes mistakes and is pretty much guaranteed to break or destroy something. You can’t be there 24/7 supervising them, so you can either A) give them free roam of the whole house and hope for the best (traditional access model) or you can give them access to a single room, or a single playpen, and limit the fallout of their tirades (Zero Trust)!
- Just-In-Time (JIT) access: Just-in-Time (JIT) access means that access to applications or systems to perform critical actions is limited to predetermined periods of time, on an as-needed basis, as opposed to the traditional practice of standing privileges.
Privileged Access Management (PAM) Software Solutions are increasingly being utilized for JIT access. PAM solutions can require users to “request access” and automatically change credentials when the specified time expires. JIT implementations significantly reduce the risk of abuse of privileged accounts if they are compromised or by a malicious insider.
Back to the puppy analogy: most puppies are food fiends that will eat until they are in a food coma. As such, we give them a certain amount of food at a certain time of day. You wouldn’t leave that little four-legged glutton with a 50 lb bag of Costco dog food alone in a room together, but that’s exactly what we do with access privileges! It’s ever-important to provide the principle of ‘portion control’ to our user’s access.
- Shift Left Security: Shift Left Security means to design software with security best practices built in and and testing an application’s security features in the earliest stages of the Software Development lifecycle, as opposed to security testing conducted at the very end of the development cycle which increases the risk of software being released without the security measures.
Tools such as Static and Dynamic Application Security Testing and Container image scanning tools, as well as training development teams in Secure Coding practices can help put the security guardrails earlier and more effectively in the software development process.
Most of us have experienced the joys of training a puppy a series of tricks, and the process is relatively easy, provided you are consistent. But have you ever tried to teach an adult dog a trick? It can certainly be done, but it’s a slow process and requires a ton of extra effort! Building security into your DevOps processes after your company has been doing things the same way forever takes more time, resources, and investment than if you were to incorporate security from the very beginning!
- Ransomware Playbook: With ransomware attacks continuing to evolve, in addition to implementing security controls, organizations are establishing a ransomware playbook that addresses steps for assessing impact, mitigating damage, ensuring business continuity, internal and external communication channels and even negotiation strategies. It is crucial that the playbook is tested with real-world scenarios and fine-tuned as a result of the tests. Having such a playbook during a crisis can help organizations with a planned response with different options explored.
To round out this final trend, you can consider a ransomware playbook to be similar to a puppy training manual, or (better yet) YouTube training videos. It can be quite frustrating to tell your puppy to stop barking at every noise that they hear, only to have to do it all over again every day… indefinitely. But a quick YouTube search will serve as your guide to instruct you to leverage rewards and specific commands to address that problem in a matter of hours!