By Damian Hicklin
What I first want to do is set the scene, the past 6-8 months have seen a lot change in our lives, the world, cybersecurity, and this has accelerated the journey to a digital nomad life for workers, playing directly into the hands of a SASE working world.
As most CISOs know only-too-well, large-scale work from home (WFH) initiatives due to COVID-19, where the priority was getting users up and running as quickly as possible, forced security leaders into an unforeseen sprint to deliver elementary security for remote employees. We have all read about the skills shortage in our industry, the pandemic has compounded this further because already stretched security teams needed to pivot quickly to enabling remote working, this resulted in them taking an eye off more strategic objectives and projects. All the while, the attack surface expanded exponentially, SecOps lost protection as use cases tuned to workers being in known locations were no longer valid, rushed VPN, or SWG deployments lacked bespoke and custom rules & policies for this new digital nomad workforce.
This move to home working was already underway, COVID-19 has just accelerated the Digital Nomad journey – and the security solutions now being overwhelmingly being considered – cloud-based security technologies, and managed services.
COVID-19 has been disrupting CISO’s cybersecurity programs and changing their priorities. While no one knows when the coronavirus impact will end, although the recent vaccine developments have given us all some hope, we are getting a good perspective on what the new normal will look like – but I am going to talk to 4 key stages in the transformation to a new resilient digital nomad way of workers lives. But what will it change?
What Will It Change?
Working from Home will become the new normal. This one might be an obvious assumption, but one we can back up with data: According to ESG research, 79% of IT executives say that their organization will be more flexible about WFH policies after the pandemic subsides. The IDC surveyed the G2000 (the world’s largest public companies) and post-vaccine, the foundations are being laid to enable 40% of their workforce to be home workers. Furthermore, WFH seems to be, well, working…….78% of knowledge workers report being either more productive working from home or having no change in productivity. Between productivity gains and real estate savings, WFH is a winner — and is driving lots of changes to security investment and priorities.
COVID-19 may be the final nail in the security perimeter coffin. To support a more distributed IT infrastructure, security controls will move wholesale to endpoints. The good news is that cloud-based management plans will make this architecture much easier to scale and operate than in the past.
Cloud workload migration accelerated due to COVID-19 as it is easier to administer cloud infrastructure than on-premises servers, networks, and storage devices. To keep up, CISOs must ramp up cloud security hiring, training, and skills development in their teams. It is also now clear that the public cloud is the de facto infrastructure for network security controls, consolidating SD-WAN and security services. The same is true for security analytics with data and analytics engines moving quickly to the cloud. Finally, security management plans are heading in the same cloudy direction. CISOs will need new skills for migrating data and tools and managing cloud subscriptions.
With everything distributed, CISOs will need to work with business managers to determine who can do what from where and really (and I mean really) tighten up their security policies with granular and dynamic rule sets. Once policies are determined, they will also need the CIO's help to build an infrastructure for policy enforcement and monitoring. There is a tremendous opportunity for security technologies here — vendors that build intuitive, flexible, and scalable policy management engines will clean up.
COVID-19 is a global opportunity for the cyber-underworld, leading to a wave of new scams and attacks. To counteract this trend, organizations need to be able to operationalize, analyze, and hunt for threats at an unprecedented scale. In the G2000 this should represent a growth opportunity for threat intelligence platforms and investigation tools, those operating at the higher end of the market. SMB enterprise will likely dive deeper into threat intelligence services.
Before this, some basics as to what has been happening over the past seven or so months…..
Phase 1: The initial lockdown
Let’s call the initial lockdowns in Spring phase 1, which is about employee access, network confidentiality, and basic endpoint security.
Since this initial run to the sun, I have heard and read of many technology leaders trying to address network performance and user productivity (phase 1A if you like!?).
Some organizations were implementing split tunneling so key employees can access VPNs and the internet simultaneously.
Some were paying to upgrade employee bandwidth, especially for executives spending their days on Zoom/WebEx meetings while their children use the same networks for home schooling, gaming and streaming.
Some companies were implementing key employee systems with WAN optimization software.
Back at corporate, there’s also lots of load balancing and SD-WAN activity.
There was a lot going on in a very short period of time!
Phase 2: What can I see?
Forward-thinking CISOs started thinking about phase 2 which was focused on awareness and risk assessment - a lot of LAN traffic has been rerouted to WAN’s.
The goal? Scope out the new attack surface and understand the new risks.
To gain this level of visibility given home networks will be populated with insecure IoT devices, out-of-date family PCs, smart devices etc, they needed to deploy endpoint security agents to assess these devices.
Leading CISO’s considered monitoring cyber-adversaries and threat intelligence, looking for targeted attacks, COVID-19 tactics etc, but with a lack of context, and of course, the people, processes & technology to do it. All the while trying to fix the rushed Lockdown WFH initiatives
Phase 3: What do I know?
During the summer and into Autumn organizations only just started to get visibility and enough historical data to proceed to phase 3, a full risk assessment and a board-level report.
These reports needed to examine the WFH infrastructure, new traffic patterns, perceived vulnerabilities, rising threats, etc. They also needed to dig into a more thorough look at emerging WFH issues like insider threats, expansive privileges, data security exposures and insecure cloud application configurations.
What was their goal? Quantify risk and then prioritize the actions…oh, and still try to fix those initial WFH deployments for something more robust and scalable.
Phase 4: Mitigate the risk
This leads to phase 4, which is still happening now and is all about risk mitigation. During this phase, business is employing controls for data privacy/security, network privileges, and segment home network traffic to protect WFH assets like gaming systems, smart appliances, security cameras etc.
The move to home working had begun before COVID-19 and the world we are now living in has just accelerated this digital nomad life, and mistakes are being made. Businesses existing threat detection will be tuned to workers being in an office or known location, remote access will have a lack of bespoke web and email rules leaving business exposed, security teams will be focussed on reactive operations and for those with their own SOC there will be overworked analysts swamped with an expanding attack surface and unfamiliar threat actors.
At the end of phase 4, WFH should be set up — at scale, but….
Security Teams Can’t Keep Pace
While security teams and point solutions try their best to keep pace with today's dynamic needs, it creates a fragmented approach, increasing their overall complexity. Security stacks that contain multiple tools are prone to receiving an overload of alerts regarding potential threats and general notifications.
According to ESG’s G2000 survey recently:
- Nearly 88% of businesses use more than 25 different security tools and point solutions
- Close to 80% admit it is becoming harder and harder to manage the deluge of alerts
- Just under 70% claim that each incident requires 2-3 employees to handle
As you can see, it is challenging for an organization to secure their network. It takes a lot of time, and human resources. If a security team finds themselves over-extended, the peril of a successful attack dramatically increases.
The best solution is one that does more than filling in the missing gaps. One that's able to consolidate multiple security components under one umbrella that's delivered from a unified cloud-service.
Converging multiple point solutions together allows an organization much greater flexibility and security. Over 90% of organizations agreed that cloud-security provides greater efficiency and allows security teams to focus on other vital areas.
Cloud-security solutions are more easily deployed and allow the organization to extend its network protection to remote workers and their multiple endpoint devices.
So what is the answer?.......
Be more SASE!!!
Security Access Service Edge (SASE) is the latest security trend to hit the world of cybersecurity for businesses. But unlike meaningless buzzwords, SASE looks set to become an essential toolkit for any cybersecurity framework.
SASE moves away from data center-orientated security. Instead, it unifies your network and security tools into a single service delivered via the cloud and provides edge-to-edge protection for remote users and data centers.
Recently, the Cybersecurity and Infrastructure Security Agency (CISA) released chapter 2 of their Cyber Essentials Toolkit. CISA's Cyber Essentials is a guide for businesses and government agencies. It educates them on critical fundamental foundations needed for a robust cybersecurity framework, such as how to implement organizational cybersecurity practices and the essential tools required.
They specifically mention that for an organization to reduce its risk from online threats, they need to embrace an holistic approach.
The main drawback of this policy is that it relies on multiple point solutions; typically, point solutions only fix one specific problem. The result is a technology stack that grows and grows as more threats and situations arise, and more point solutions are added.
Combining multiple solutions into one tool isn't a new concept. Look no further than SaaS apps such as Microsoft office 365, which allows users to access Word, Excel, Outlook with a single login, and seamlessly share information and data between other users and between files.
Google's suite of applications offers similar features, with Gmail, Google Drive, and their host of analytical apps. With one login credential, Google users can access their apps from any remote location and any device.
So what does SASE do, how is it different, why is it the future, and how can it fix the problems of the early pandemic response and fix those rushed WFH deployments?
But What Is SASE?
So what is the big idea here with SASE? Well, it is both powerful, and simple. At the end of the day the very heavy security stack, as well as network infrastructure will converge in the cloud as a service. SASE uses the same model I just described by converging Wide Area Networking (WAN) with essential cloud security tools.
The entire SASE service is delivered via the cloud. This allows an organization's employees to access their cloud's data and applications from any device, no matter where they are located.
There is a dire need for this solution because administrating and consuming security is more complicated than ever in the new digital nomadic life.
The use of cloud within organizations is rapidly increasing. Sometimes, up to 90% of workloads are taking place in the cloud according to Gartner. Plus, network security is no longer only confined to the organization's data center. Employees are also leaving the traditional physical perimeter network and working from remote locations.
As per my earlier comments, significant proportions of the workforce will remain mobile and remote and as a natural consequence more than half of the apps used by an organization will be SaaS. We already see an increase in the usage of cloud-based apps and SaaS, which takes place entirely on the cloud.
One of the effects of all this, is that for many businesses, the edges of their network have expanded further than the confines of their office premises and their data center. Data center-orientated security solutions cannot provide adequate protection as they once used to. Why?
SASE Old World Drivers
Well once upon a time, the data centre was the centre of our world, the Apps resided there, workers were the primarily in corporate offices and when they weren’t, perhaps in a branch office, businesses used a VPN to backhaul the traffic to the DC so everybody could get access. So, because of this, that heavy security stack resided there as well.
But there is a newer emerging world….and the new(er) world is a SASE one.
Many more of us are working from home, the vast majority of people aren’t in an office, the majority of apps and data are no longer in the data centre – they are in the Cloud.
So where do you put security when workers want to go direct to the Cloud, it’s obvious, put it in a Public Cloud as there is no need to backhaul traffic any more.
But as I’ve pointed out, there is a new reality – we all use a variety of Apps which can be on premises, but we consume from the Cloud.
That’s the logic of SASE at a very high level. There is an increasing sense of inevitability about this, the pandemic alone is driving the cyber security business in this direction, but as I mentioned at the beginning, business leaders were already eyeing up this move, COVID-19 has just made us all, a bit more SASE!
The Bottom Line
SASE is still a fresh term, coined by Gartner in 2019. It is still unknown by many security teams, and many of its vital components, such as Zero Trust, are still gaining traction in the cybersecurity industry.
But it is only a matter of time before SASE becomes more than just a buzzword. It stands to become the new industry standard as organizations are looking to merge and converge their security into a single cloud solution.
A handful of companies offer a true SASE solution for businesses, and they are still growing both through M&As and tech partnerships – Trustwave partners with two of the 4 Gartner Leaders – Netskope and Microsoft. For these companies, growth is critical in order to add more tools to their overall security stack, which means organizations have even more defenses at their disposal.
As businesses are increasingly switching to the cloud, and the number of remote and mobile workers continues to rise, there is an excellent chance that SASE will become the new status quo. They are quickly learning that deploying point products—especially at the network edge—to address the ever-changing requirements of connectivity, security, and mobility requirements does not scale.
The promise of SASE is that an organization can deploy scalable cloud-native solutions at a lower cost without sacrificing agility and security, while allowing skilled but scare security staff, to focus on more strategic work.
New Vulnerabilities Discovered in SolarWinds Products by Trustwave SpiderLabs
Download our fact sheet on the SolarWinds vulnerabilities that Trustwave SpiderLabs has discovered. All three vulnerabilities are severe with the most critical one allowing remote code execution with high privileges.