Today, we are in a working paradigm that was supposed to be many years away. Employees authenticate themselves to corporate networks using devices that may be compromised, through third-party networks of unknown pedigree. Consumers demand better experiences online, leading to rushed development cycles and inevitable vulnerabilities in each release.
Businesses, governments, and digital service providers tackle these shifts in piecemeal fashion. Legacy, multivendor cybersecurity solutions remain, making it difficult to form a clear picture of multidimensional ecosystems and the risks they face.
To cope with the heightened complexity of hybrid, multi-network environments, a good start is to address the issue of an expanded attack surface. Vulnerabilities may be widespread, but they can be managed by taking a two-pronged approach.
First, compile a comprehensive, no-device-left-behind, asset inventory. Trying to formulate a risk strategy without profiling all the endpoints in the environment is impractical. Once you are aware of each device and its software mix, you can start to get a clear view of just how vulnerable your digital estate is.
Next, it is important to formalise the workflow of vulnerability management. To address every vulnerability in the new hybrid environment would be costly and unwieldy, in terms of budget and manhours, so triaging potential issues should be top priority.
Some vulnerabilities are easy to exploit but may not yield great value for attackers. In the general case, attackers are not just looking for low-hanging fruit; they are looking for low-hanging, juicy fruit. Your vulnerability management approach needs to reflect this, keeping in mind your new, cross-network asset inventory.
But addressing vulnerabilities is just the first step. We live in the cloud now, at least partially. Choosing the right provider will be essential. This must be a trusted partner, capable of protecting you while you concentrate on the business of business. They should not only provide you with the basics of cybersecurity, including all the tools necessary to build your vulnerability-management strategy; they should also be proactive on regulatory compliance, automation, and governance tools.
Outside of what they provide to customers in the short term, providers must also look to the future. They, more than anyone else, should be aware of how life and work models are changing. Over the past year, they will have seen thousands of individuals and organisations retreat to digital spaces to work, shop, and socialise. They will also be aware that conventional wisdom predicts that these habits will linger to a large extent, after we receive the much-anticipated all-clear from global health experts.
Providing long-term security for digital natives and millions of freshly minted digital expats will require unprecedented levels of intra-industry collaboration. We must start building open cloud platforms with security built into every layer that interoperate with others. Managed Security Service Providers are our future if we are to live all the facets of our lives in the digi-sphere.
- Compile a comprehensive, no-device-left-behind, asset inventory.
- It is important to formalise the workflow of vulnerability management.
- Managed Security Service Providers are our future if we are to live all the facets of our lives in the digi-sphere.
- We live in the cloud now, at least partially. Choosing the right provider will be essential.
To cope with the complexity of multi-network environments, a good start is to address the issue of expanded attack surface, writes Hadi Jaafarawi of Qualys.