As the GM of Symantec, I had the good fortune of being able to attend both the Gartner Security & Risk Management Summit and the 2022 RSA Conference the week of June 6. While attending two conferences, on different coasts, in a single week gave me jet lag, it also gave me a chance to hear again the concerns of some of the smartest security practitioners around - our customers.
Strolling through the hall exhibits, where so many cybersecurity vendors showcased their products and services, I could only imagine how challenging it is for an organization to break through all the white noise and conflicting messages, and zero in on the best solution for their environment.
Here are key takeaways from my week at both conferences:
- Tools management overload is a huge problem. This was a hot-button topic everywhere I turned. More tools require extra work to manage but don’t guarantee more security. Enterprises wind up running security products from different vendors side by side that have little integration or coordination, leaving dangerous gaps in their defenses. And organizations don’t have the bandwidth to act as system integrators for so many different vendors and products. As a result, CISOs are rightfully raising questions as to why they still get breached and fail audits while absorbing the high costs of purchasing and managing more and more tools.
- Integration that reduces complexity will become a dominant trend. I hear the same request from customers over and over: They want out-of-the-box integration, especially when deploying multiple tools from the same vendor. As an industry, it’s clear that we need to reduce the number of management consoles, reporting infrastructures, and inspection engines for our customers. That also means offering common ways to authenticate, run reports and check for threats. Not to mention, customers should be able to perform multiple security functions without needing to deploy a large number of agents. For example, any customers deploying Symantec Endpoint Security Complete can use the same agent to redirect traffic to our Symantec Enterprise Cloud when they're exposed on the internet and not behind a proxy or firewall. All that traffic is then tunneled to our cloud where it gets inspected just as if the user was on a protected private network. We’ve similarly integrated our Zero Trust Network Access, Web Isolation, and our Secure Web Gateway technologies so that our customers don't need to manage disparate solutions. Frankly, not all of our competitors have similarly grasped this message.
As an industry, it’s clear that we need to reduce the number of management consoles, reporting infrastructures, and inspection engines for our customers.
- Security in the post-Covid world has changed. After what we all went through in the last two years, customers need to treat their internal environment as if their employees all work from their local coffee shops. Forget the conventional thinking about network security. It’s now all about identity, the data, the applications, and the devices that you need to protect. Traditional notions about the network no longer apply. Don’t assume you can trust any packets on your network and it’s no longer reasonable to believe you’re going to always stop adversaries at the front door. So, it becomes all the more critical to continuously track the behavior of every user and every system inside your environment, and immediately block anything outside the norm. This also underscores the need to embrace Zero Trust – but, as I talk about next, make sure you understand what that entails.
- Zero Trust isn’t what you might think. It’s altogether unsurprising that many security companies are hyping “Zero Trust solutions.” That’s false advertising. Zero Trust is an approach, not an outcome. It's part of a philosophy and a way of thinking about overall security. Simply put, nothing can be trusted. As a result, you need to put in the right checks and balances – based on context – to determine how you allow individuals or devices to communicate with your applications and data. And there is no real finish line. Zero Trust is a journey and not something that you'll ever be finished with.
- A cybersecurity skills shortage is no closer to resolution. The biggest issue facing the industry remains the lack of qualified individuals who can work in cybersecurity. We’re lucky to work in a fascinating sector but there remain too many open job slots. Fixing the problem will take time and is going to require clever solutions. Beyond the obvious need to automate more front line security tasks, we simply need more qualified cyber defenders in the market. I spoke with one executive from a Bay Area company that is creating a fund allowing anyone going to a public community college to get cybersecurity training for free. That’s a great idea. I have been in this industry for many years, and there will always be a skills shortage, so every effort to address this is a step in the right direction.
- Hybrid cybersecurity is a real “thing.” There is no doubt that we’re in a world where the majority of organizations intend to move their workloads to public clouds. However, it’s a mistake to believe that this decision is “all or nothing”. It’s unlikely to ever be the case that any large company moves all of their applications and data exclusively to a single cloud vendor. Enterprises still want to leverage multiple clouds, including their own. When companies operate their own data centers on-premises, they can more easily implement their own unique requirements. And even for companies moving to the public cloud, most go the multi-cloud route to give themselves more flexibility.
- Identity Infrastructure. Cybersecurity solutions are not nearly as effective in any organization that fails to build a robust identity infrastructure with multifactor safeguards. It’s still common to find organizations that haven't integrated Active Directories from multiple trees that may reside in different parts of their enterprise. That likely means that privileged credentials are spread out everywhere and not being governed effectively. Accounts that should be disabled or deleted are still active. It’s hard to solve security problems when your own identity trees aren’t properly managed.
- The security conversation must continue. Customers must keep asking themselves basic questions so as not to leave themselves vulnerable to attacks. Questions such as: Where is my most important data and who has access to it? Am I vulnerable to known exploits? Am I patching intelligently and often? Any organization that ignores foundational hygiene and gets distracted with the shiny new objects marketed at cybersecurity shows like RSA, exposes their company and their customers to significant risk.
To learn more on how Broadcom Software can help you modernize, optimize and protect your enterprise, contact us here.
We encourage you to share your thoughts on your favorite social platform.