A New Perspective on Security
We should all be very unhappy. It’s distressingly clear that enterprises today are failing to adequately protect their assets. As someone who has worked for security vendors, both large and small, for many years, this frustrates me. And, as I hear from customers and friends on the enterprise side, they share our frustration. The good news is that we can (and will!) do better – by re-thinking some of our assumptions, and by applying some new technologies, we can dramatically improve the effectiveness and efficiency of our security.
But first, let me take a moment to introduce myself – I’m Jason Garbis, and I’ve recently joined Cryptzone to lead product strategy and product management. I’m excited to have this opportunity, because I believe in Cryptzone’s approach and technology, and feel there’s a clear need for this kind of solution in the market. Now let’s get back to our topic, and explore three macro trends that are making our information security tasks more difficult.
- The first trend is the shift toward cloud computing – both a move to more dynamic, virtualized private clouds running on-premises, as well as an arguably bigger shift toward running software on public Infrastructure-as-a-Service platforms. In both cases, this shift has led to a more complex, and more rapidly changing IT environment. Complexity and increased velocity make security harder – and we’ve all seen instances where the business’ need for speed and agility results in decreased security, due to the inability of the security infrastructure and security team to keep pace.
- Second, many (if not most) organizations have experienced a breakdown of their formerly hard perimeter. Increased cross-organizational collaboration, complex and growing remote access needs by employees or third parties, frequent use of multiple devices (including BYOD), and the dramatic adoption of web services-based application integration have all combined to make the perimeter-based approach to security effectively obsolete.
- While these first two trends have legitimate and often highly valuable business drivers behind them, the final trend – the current threat landscape – is what makes our jobs so difficult; and the stakes so high. Attacks on organizations and IT infrastructures are at an unprecedented level in both volume and level of damage, and show no signs of abating. And, the nature of these attacks is changing. Once primarily for economic gain, increasingly attacks are based on espionage, which changes the methods and targets of these attacks.
It should be clear that given these trends, our approach to security must adapt, and do so now. I believe that we need to rethink some basic assumptions about security and trust, and adopt a Zero Trust Model (an approach created by Forrester.) By following this model – and using the Cryptzone AppGate solution to achieve this – we’ve seen customers significantly improve their security, and do so in a way that actually improves business user productivity and business agility. Like many aspects of information security, the path toward an effective Zero Trust architecture is a journey – and I hope that you’ll join us – hopefully as a customer or partner – as we make this journey together, to a place that’s better connected, simpler, and more secure.
Make sure to check back to the Cryptzone blog as we explore and explain Cryptzone’s approach here, so stay tuned.
And if you’re interested in learning about the Forrester Zero Trust model, and about Cryptzone’s perspective on this, join Cryptzone and Forrester analyst John Kindervag – the creator of the Zero Trust Model – for a webcast on November 5, 2015, entitled “All Cybercrime is an Inside Job”. Register here!