Antonio Grasso, founder and CEO, Digital Business Innovation
When IT infrastructure moves to the cloud, data—and the paths used to access that data—must be protected. With hybrid and multicloud environments, this protection becomes much more complicated. That’s why automation is being used increasingly to enhance and simplify security and to enable rapid defenses and self-securing, automated responses.
When you manage your resources on premises, there’s usually less external access to the data. But when you move your infrastructure to the cloud, you must secure the path to that data because that path is now more open-ended and accessible by outsiders.
More than ever, you’re dealing with objects, not just humans. Imagine that you’re a company that uses the Internet of Things (IoT), and you want to scale your architecture to the cloud. You can’t simply say, “It’s okay, I assigned a password,” because now you’re dealing with objects. In the old stack, you might not have the infrastructure technology needed to support these new use cases, so you have to redesign your application architecture—a costly endeavor.
It’s also important to remember that with the growing use of edge computing, not all of your data needs to move to the cloud. For example, let’s say you have a factory that produces a product using automation. You have many machines that aren’t elaborating data locally. Instead, they relay the data to a server where the data is exchanged. You receive back elaborated data and make decisions. You wouldn’t imagine putting this server in the cloud and opening all your machines to outside access—that would be dangerous.
When dealing with objects, it’s important to think about edge computing. Edge computing provides a proximity layer to the machines, and then tries to give them power to locally elaborate large amounts of data. If the data is being used only by the factory, the data doesn’t need to go to the cloud. If you’re thinking about an integrated security strategy, you need to include edge computing because you’re dealing increasingly with objects.
Data security is complex, so your security strategy must have many components. Overall, every company must consider good data governance: how you collect data, how you save data, and how you use data. Other components include tunneling, cryptography, redundancy, and continuous updates. That last one is especially important—what’s secure now is not secure tomorrow if someone can find a point of access. The specific strategy you choose, however, depends on your data’s sensitivity.
The foundation of a strong security strategy is identity and access management. Humans are the weakest point in data security. The less you need to rely on humans, the safer your data is.
Many cloud infrastructure vendors like Oracle are developing holistic and integrated security using an important approach called “secured by design,” which also includes “secured by default.” You can start using their services knowing that the infrastructure is secured by design and that the initial configuration is secured by default.
Automation plays a big role in this security strategy. Deterministic automation is cued to run a process based on some event or action: if this, then that. Such automation is reactive. Using this type of automation to identify anomalies in data flow or for continuous security updates is important. Intelligent automation that learns from experience, however, is used in integrated security not only to identify anomalies in data flow but also to resolve the problem.
We’re not just moving toward intelligent automation. Infrastructure vendors are relying increasingly on virtualization. We’re talking about something that can be managed by other software, not the physical machine where you need to press a button. With virtualization, you need to put all the responses under the control of this intelligent software, which needs to be trained. It can identify anomalies. It can manage identity and access management. It can do a lot of things. You can’t have a human being monitoring the infrastructure 24 hours a day, 7 days a week.
You need to adapt your organization to the influence of the automation in your security framework. The chief information security officer (CISO) needs to focus more on human resources. We can talk about a complex security infrastructure, integrated security, self-aware security, or intelligent automation, but we also need to deal with the insider threat: someone inside your organization who wants to do some damage, or employees who simply open an email attachment by mistake.
As I said before, the human is the weakest point in cybersecurity. You can deal with an insider threat only if you have good management of your people and your team. With integrated and automated security, the CISO can focus more on people and try to spread a culture of common goals across the enterprise and its effect on security. It's very important to focus on growing the knowledge and the awareness of your organization around data security. This is a really big thing.