At a lively virtual gathering we recently held for our customers, leaders discussed the biggest cyber threats organisations are facing today and the rapidly evolving security technology being used to beat them.
A hot topic was the rapid switch to cloud infrastructure that many organisations have made in the last year to support remote working, and the security issues that hosting data both on premises, and across public and private clouds, can raise.
Scott McKinnon, Security Architect at our partner VMware, tackled the question of protecting workloads and apps located in the cloud and on premises. He said:
“The most important thing is consistency. If you’re running a set of workloads on prem and you wish to move them to public cloud, or begin to integrate SaaS based services, you really want consistency of approach to security. You don’t want to have to go and have another complete set of tooling just because you happen to choose a particular hyperscaler to run your workload on. You want a model that’s really about the intent that you wish to put around the protection of the asset. That intent can be realised in different ways depending upon where the workload ends up running, but it means that, from your workflow and staffing perspective, you’ve got a consistent set of tooling.
If you do that, then the tools can still be the same whether the workload is completely on prem, on cloud, or whether you have a hybrid environment as well. It’s about the idea of having security by design and not just a point solution to try and solve a particular problem for a particular service at a particular time. It’s building the muscle, discipline and approach to how you do security – that way you know you’ll be successful wherever you decide to run your workloads.”
After the event I caught up with Scott to discuss this in more detail, here are a few key soundbites from our Q&A…
Q: It was great to hear you talk at the event, can we dig a little deeper into cloud security? You’re saying that while for some organisations cloud is a security big concern, in fact it’s offering them the answer?
Scott McKinnon: Thanks for having me. That’s right, for organisations that have virtualised and cloud-ready environments, now is the moment to refocus defence and embrace an approach to security that leverages the infrastructure itself for visibility, context, and control. This approach means fewer products to manage, less complexity, greater context, and far better collaboration between security and IT. Cloud is the root of our solution, rather than the problem, if we seek ways to leverage its unique properties to secure applications and data. This will be nothing short of a transformation – and we’ve never needed that more than we do today.
Q: The complexity of the security solution landscape was something raised by several experts at the event, would you say we’ve reached a tipping point there? In your talk you referenced ‘security by design’…
SM: Absolutely. There’s certainly no lack of security products today. Quite the opposite. Organisations have too many products bolted onto their infrastructures, and the complexity is killing their defence. The average company owns upwards of 80 security products and there’s an urgent need to consolidate them, particularly those that work in connected-use cases or leverage overlapping datasets.
Streamlining the process reduces complexity considerably and enables a process where different parts of a defence-in-depth strategy can reinforce each other. At the end of the day, prevention is there to make up for hardening fails. Detection and response kick in when prevention fails. And we should learn much from detection and response and then use those experiences to improve our hardening and prevention. That’s much easier to accomplish when they have been designed to do so.
Q: You mention gaining “greater context” and I’ve heard you talk before about “context-centric” security, can you explain what VMware means by that?
SM: Sure, at VMware we believe in “intrinsic security” – protection that is inherent in the end-to-end technology infrastructure, rather than needing to be bolted on. And that intrinsic security should provide rich context, not just about threats, but about what you are protecting – your endpoints and workloads, networks, workspaces, and clouds.
Context-centric security means you know behaviours and intended actions, including data, users, access points, and configurations. It equips you with powerful intelligence that enables you to quickly understand what the workloads behind your apps are, how they talk to each other, what network services they consume, what users and devices are connecting to those apps, and so on. With this context, you can act faster to prevent or respond to new threats.
Q: Artificial Intelligence and the automation of security was also a hot topic at our event, what role are they playing in providing the context you’ve just discussed?
SM: They’re playing an integral role. VMware Carbon Black Cloud, for example, intelligently analyses cyber criminal behaviour patterns and can stop attacks, whether they’ve been seen before or not, giving visibility into how these attacks have evolved over time. This visibility allows us to detect new forms of attack, constantly evolve our security defences, and deliver customisable control of security posture to our customers. In this way, organisations can future-proof themselves from adversaries who are constantly evolving their methods. In a world when new types of attack are emerging every day, we see this as the future of security.
Click here to learn how you can fight back against cyber attacks with autonomous security from VMware & Ultima.