By Rohit Gupta
A once-in-a-generation shift, unlike anything CIOs and chief information security officers (CISOs) have seen in their careers, is upending cybersecurity strategies today. On the surface, things look familiar—after all, enterprise leaders have long been playing a persistent cat-and-mouse game with well-funded hackers, and that’s not about to change.
But dig deeper, and it’s obvious that the stakes are getting higher. That’s because all enterprise information, not just traditional targets such as financial accounts, is gaining in value as data and analytics transform business models. As Jeff Pollard, principal analyst at Forrester Research, recently told the Wall Street Journal, cybersecurity will become a top priority for many CIOs in the coming year as companies increasingly monetize data and see it as “an incredibly valuable commodity.” Cyberthieves are seeing the same trend.
At the same time, security challenges are growing as well-defined network perimeters give way to highly distributed enterprise ecosystems created by public and hybrid clouds and mobile applications.
Making matters worse, most enterprises simply can’t attract and retain enough qualified security talent. One study estimates that 1 million such jobs currently go unfilled, a number that could more than triple by 2021.
The result: it’s time for a new approach to cybersecurity that creates a protective foundation for the future.
Automation Is the Answer
Part of the answer comes with new, cloud-based security platforms that provide an integrated suite of services. With automation of security processes as a key component, the best of these platforms offer everything from identity management and cloud access security brokers to regulatory compliance and configuration monitoring.
It’s time for a new approach to cybersecurity that creates a protective foundation for the future.”
By augmenting all aspects of security processes, enterprise cyberdefense systems can automatically detect vulnerabilities and fix them before an attack takes place. For instance, if an organized group of hackers finds a way to break through defenses, automated systems can quickly identify the breach and alert security officials or take predetermined actions to limit damage.
Automation can also mitigate another pervasive threat: the shadow IT systems people adopt without getting approval from the IT department. Common examples include web-based services for note taking and file sharing, which are often free to download and dangerous to use when they don’t come with enterprise-class security controls. If employees are storing customers’ financial records in these consumer-oriented platforms, that’s a problem. Because they’re focusing on convenience and productivity rather than on safeguarding data, employees might not consider where information will be stored, whether it will be encrypted, or how regularly the associated servers will perform backups.
A pervasive threat is the shadow IT systems people adopt without getting approval from the IT department.”
The latest security platforms perform shadow discovery—the ability to identify applications running in the enterprise, who is using them, the sensitive or regulated data that is flowing in and out of them, and whether hackers are chatting about the vulnerability of the programs on the Dark Web. Based on the associated risks, CIOs and CISOs can take appropriate action, whether that’s steering end users to approved alternatives or licensing enterprise versions of the applications.
Prepare for a New Normal
Sophisticated cloud-based security platforms, such as Oracle Identity Security Operations Center and Oracle Management Cloud, give CIOs and CISOs the automation tools they need to forecast, prevent, detect, and remediate cybersecurity threats. Just as important, as security professionals use resources like these to fortify their organizations today, they’re preparing their organizations for tomorrow’s brave new world of cybersecurity.
Photography by Bob Adler, The Verbatim Agency