Citrix Blogs

Behold! The IT Archeological Dig – Yes, Complexity is the Enemy of Security

The Need for a New IT Security Architecture:
Global Study on the Risk of Outdated Technologies

As we saw in the first Ponemon security study, seventy-four percent of businesses say a new IT security framework is needed and eighty-three percent say their organization is at risk for security breaches because of the complexity of business and IT operations. But what does a new security framework look like? It’s all about the apps and data. If complexity is the problem, then the answer is to simplify security by shifting IT away from device-level, platform-specific, end-point security. Offer a comprehensive solution for app and data delivery across any device, network, and cloud.

At the same time, future proof enterprises for emerging requirements and challenges (e.g. becoming the borderless enterprise). While the first report primarily dealt in trends in cybercrime, human factor risks, and organizational factor risks, the second deals with risk created by outdated and inefficient IT security technology – due to disruptive technologies, lack of visibility, lack of resources i.e. budget, time, and expert staff.

Rapid Disruption!

Emerging and disruptive technologies — love them or hate them — are seeing employee adoption with or without IT approval. And as IT validates and transfers them out of the realm of Shadow IT, it stays in a constant battle against technology sprawl.

Today’s application and data delivery models truly are an archeological dig of platforms and technologies — from mainframe, client-server, PC, Web / SaaS / Cloud, Mobile, and emerging IoT. Unfortunately, the reality is that many times there isn’t enough budget allocated or resources available to update or migrate legacy systems. But security vulnerabilities tend to increase with time and that has led to a proliferation of point security solutions that independently secure applications and tame consumer-grade services like file sharing, cloud apps and services, and personally owned mobile devices.

The result is a challenging and confusing patchwork of identify and access management, network, application and data security products to meet compliance mandates. This is complicated by the lack of interoperability, information sharing, and central management of these nonintegrated point solutions. It’s an inefficient and inadequate approach that quickly becomes outdated. Our survey found that:

Danger Ahead!

The report also identifies the challenges and shortcomings that organizations are facing with regard to visibility – into end user activity, detecting emerging attacks, and demonstrating compliance. If the assumption is that only two types of companies exist — those that have been hacked and those that will be — the appropriate approach is to increase capabilities for quick, accurate, and relevant detection. Visibility includes performance — circumventing security controls is easy to rationalize if they interfere with getting work done. Our customers have identified several pain points — some emerging attacks, some not — all mitigated with a comprehensive approach to app and data delivery.

Encrypted, virtualized or containerized delivery of critical apps and desktops also goes a long way towards building a compliant infrastructure – one with a reduced scope of audit. Whether dealing with sensitive data or intellectual property and under multiple compliance standards such as HIPAA, PCI-DSS, FISMA – they all require systematic logging, reporting, and auditing capabilities. According to the results:

The insider!

An additional finding of the report identifies insider risk. Who is an insider? Employees, contractors, vendors – anyone that works with your apps and data. Patchwork security solutions are not effective in addressing insider risk especially when the perimeter is expanding and becoming more porous. The new model starts with identity as the new perimeter. Identity unlocks contextual access providing distinct levels of access for different groups, locations, and endpoints.

But what about user behavior? Technologies with the most promise to revolutionize security are machine learning and big data analytics – combine these with identity and access management and the industry can unlock the power of intelligently discerning end user behavior to distinguish between a malicious action and a mistake. But that takes a unified approach where telemetry, analysis, insights and alerts are streamed and acted upon dynamically – between multiple application and data delivery controllers. What do insiders at the surveyed organizations do? Our survey found that:

Disruptive technologies will not go away. In fact, the pace will only continue to accelerate. We continue to take the traditional approach and bail water or adopt a unified identity-based approach to app and data delivery that allows organizations to Secure the Future of Work.

To see more of our results, visit our landing page. Stay tuned for more survey results at RSA 2017 and don’t forget to stop by our booth in the North Hall, No. N3534!

Exit mobile version