End to end security, zero trust key focus areas for organisations

One of the most critical and pervasive elements that every business is facing today is the ‘security for all'. The last two years have been watershed years in cybersecurity and the pandemic continued to bring in new challenges, as attackers really took advantage of the overstretched landscape to unleash new human-operated ransom. 

 

Irina Ghose, Executive Director-Cloud Solutions (Azure, Microsoft 365, Dynamics 365), Microsoft hosted a panel discussion on ‘When security is the priority, everyone wins’ with Phil Montgomery, General Manager for Security, Compliance & Identity GTM, Microsoft, Aashish Narkar, global head, IT Security (Internal IS), TCS and Chandan Pani, Chief Information Security Officer, Mindtree during the second day of Microsoft’s Future Ready conference.

 

Speaking about the top changes and challenges businesses are witnessing in the security landscape now, Aashish Narkar of TCS said, “During the pandemic, almost every organization's IT departments were tasked with enabling secure remote working for the entire workforce within a few weeks of time, which essentially diminished the security perimeter. Many organisations probably had 20-30 per cent of capacity and capabilities in place for remote working and were required to scale those rapidly. Suddenly, every user's endpoint device became the perimeter and their digital identities became extremely critical, before providing access to enterprise resources.

 

This led to exponential rise in attack surface, leading to opportunistic and targeted attacks. Another challenge was to maintain the required level of security hygiene with respect to patching vulnerability management, and compliance. Technology architectures built for yester years suddenly became irrelevant and ineffective. Surviving new normal required radical thinking and rapid adoption of key transformative next generation security services. Those who invested in required technologies proactively were better off transitioning to a new state. However, those who have not prepared enough would have struggled for sure.”

 

Chandan Pani of Mindtree highlighted that there has been really a big uptake in the way security started getting managed for business continuity, and organisations were forced to cope up. There are multiple thoughts around hybrid models, and organisations need more time to settle down to understand the need for one size for all customers. 

 

Pani highlighted security challenges from IT, security and data protection point of view in the last one and a half years. “The first one is your seamless connectivity. Connectivity earlier was never a challenge. Now that everybody is working from home, the right set of connectivity is something which is the most complicated piece that we need to have. Based on connectivity, you will have collaboration and productivity. This is something which is core for our delivery. The next thing is the trust on the new perimeter. How do we trust the new perimeter right now? Earlier we had many points solutions, and blind spots were fully managed because we are trying to defend the perimeter. Now scalability is always a challenge because of remote working. Why were all these things happening,” asked Pani.

“Incident response also is quite challenging because of commodity malware, personalised payloads, phishing ransomware supply chain attacks. The challenge that I see for all IT professionals, specifically for the security professionals, is how to manage the new perimeter, how to implement new solutions, and how to scale up,” elaborated Pani. 

 

Irina Ghose of Microsoft questioned Phil Montgomery about the traditional measures that organisations were using, which now are not relevant anymore, and what some of the specific changes that had to be made to meet these challenges. Phil Montgomery explained,  “By having a good understanding of the attackers, their tools, techniques and procedures or TTPs we can look at what we've done in the past and realise that it's just not going to serve us anymore. One of the things that's really important about attackers is the dwell time inside an organisation, which varies by country. 

 

How long are they going to sit inside the network, looking to upgrade their privileges, and looking for different things to attack? You know, I believe last year, nine months was the average dwell time. So I think that's a very sobering fact that the attacker is spending multiple months inside our network. This is happening because we don't have an end to end view of what's going on. The only reason why attackers can stay inside the network for so long is that we have so many siloed security products that don't talk to each other. Ultimately, we have to develop an end to end view of everything that's going inside our network.” 

 

He added that at that point, techniques like artificial intelligence and threat intelligence can be applied. Montgomery said that even in attacks that happened within the last 12 months, many of the attackers got through an old school full VPN. He said it is remarkable that people are still deploying a traditional VPN in this day and time. “Zero trust is really very simple – every time an access is made remotely, you don't assume any trust, you re-authenticate, you check the credentials, you assume it every time and you give minimal access. So even if somebody does get in, they can't do much damage,” he said.

Also Read: Cyber-attacks increased 50% Y-o-Y on corporate networks in 2021: Report

Also Read: Cloud security, AI, risk management key trends for data protection in 2022: Dell