“If you always do what you’ve always done, you will always get what you’ve always got.”
Many have attributed this inspirational quote to Albert Einstein or Henry Ford, but, regardless of the origin, what really matters is the point it makes. If you want to change the result, you need to change the way you do things.
This quote serves as the perfect metaphor for the growing cyber-security challenges that every organization — large and small — faces in an uber-connected digital world.
Attempting to defend the attacks and techniques of today and tomorrow with the tools and processes of yesterday will simply not yield the effectiveness required to keep any data or systems secure. This is the very basis of our conclusion that now, more than ever before, there is a need for a new IT security architecture.
At Citrix, we take security very seriously. As CTO, I speak with many of our valued customers across many industries and I consistently hear that they rely on us to provide not only enabling products, but to offer thought leadership and guidance for their respective industries to help them continually re-think their current and evolve their modern security postures.
It is for that very reason that we designed and commissioned this industry-leading survey: to find out what’s holding up businesses from addressing these increasingly complex and pervasive cyber attacks.
Designing and deploying a stronger, more comprehensive “north > south > east > west” security paradigm without impacting the user experience is rapidly becoming a delicate balancing act. We’ve seen from the shadow IT phenomenon that if any organization’s approach to security becomes a barrier to individual productivity, the users will find a way around it. This ultimately makes the organization less secure.
The new IT security architecture also must combat the complexity that is inherent in legacy. It must help organizations gain insights and intelligence that has not previously been available. This is what modern business requires — more clarity and more insight — as this leads to increased proactivity and ability to act earlier against many types of threats.
Let’s look at some key findings:
- 53% of respondents felt that the need for a unified view of users across the enterprise was the #1 goal of a new IT security framework in their organization.
- 69% of respondents felt that some of their organization’s existing security solutions are outdated and inadequate.
- 59% of respondents felt that in their organization, employees and third parties bypass security policies and technologies because they are too complex.
In addition to the above, the survey revealed that a combination of more skilled staff, combined with the application of brand new technologies, would potentially have a significant impact in improving their overall security capabilities. Let’s take a look:
- 77% of respondents felt that Machine Learning was one of the most important technology trends to reduce security risks.
- 72% of respondents felt that an improvement in staffing is a business goal that improves security posture.
The responses above, although alarming, actually lead to a conclusion that a tried and tested model — people, process & technology — can still be very relevant in the reimagining of the new IT security architecture.
Hiring and retaining the right people — those with a good mix of technical skills, analytical skills and critical thinking skills — is challenging, but achievable. Target knowledgeable and experienced security practitioners.
Prepare to examine the current process and be ready to eliminate parts of the working methods that do not add value in combating new attackers and threats. Focus on making the new process flexible and inclusive of new technologies.
Approach decisions around technology with an open mind. Exploring new technologies, such as Machine Learning and Advanced Analytics, and combining those with skilled staff and enabling process can help deal with threat detection and remediation in ever more advanced ways. Through these techniques, systems can learn patterns of behavior, good and bad, of an individual or group and automatically apply policy when anomalies are detected.
The overall security landscape certainly causes significant concern for CEOs and is now considered a business problem and not an IT problem. Threats and bad actors aren’t going anywhere anytime soon. Attacks from malware are getting more sophisticated every day and demands from ransomware are striking many industries and individuals — but there’s more and more we can do to defend against them.
Be bold, embrace the future and take the necessary steps to build security into your business strategy. In many cases, this might mean investing in new people, process and technology to deliver your new IT security architecture, but this is what is needed in the world of the “new normal” – it’s time to change the way we’ve done what we’ve always done so we can get some new results.