Recently an event organizer reached out to me to contribute and moderate a CISO Round-Table panel where they had already chosen Ransomware as the dominant theme of discussion. I had a little time in hand while doing an errand and a bit of inspiration; so I managed to jot down some thoughts which I shared with the organizers to consider toward the session themes and flow with a view to make the event topical, timely, relevant and engaging for the majority of attendees. Reproducing the same here for business and IT leaders, and Cybersecurity professionals to reflect and comment on.
- Ransomware in specific and malware in general has been an oft-beaten drum in the security industry, and always manages to catch some interest. We can certainly include that as a theme; however several critical and deserving areas demand attention which I would request us to consider.
- End-Point Security:
(a) The domain of end-point security is large and varied beyond just ransomware/malware. We need to address the various device types (mobiles, tablets, laptops, desktops, servers, firmware and cloud workloads), the various OSs (Android, iOS, Linux, Windows — I’m not even touching Mainframe), the fact that any user today wishes to access any enterprise service running anywhere (on-prem/cloud) using any of these devices.
(b) There are hard core management aspects involved such as asset management, patch management, config management, updates, upgrades etc. which are different albeit complimentary aspects than the hardcore security aspects of EPP (AV), EDR (0-day), TVM (scanning), XDR (integrating with solutions managing other 0-day vectors), Mobile Device Management (MDM), Mobile Application Management (MAM), and SecOps (monitoring) etc.
(c) Hence, it makes sense to address this bigger and way more complex jig-saw puzzle which has been one of the main domains where our on-going challenges have been exacerbated with the pandemic.
3. Other Security domains: Below are the minimum number of summary domains that are complimentary to end-point security and critical to the enterprise especially with the post-pandemic work environment.
(a) Identity & Access Management (IAM):
i. IAM is that super-glue holding together the effective and efficient (and yes, secure and privacy compliant) management of the various user communities (employees, partners, contractors, temps, and customers) trying to seek access to various enterprise resources running anywhere (on-prem/cloud) using any device (Corp issued or personal).
ii. In addition, it also needs to address needs such as Single Sign-on, MFA, Self-Service Password Reset, Risk Based Conditional Access, PIM/PAM, and meet the increasing demand for Password-less.
(b) Cloud Security:
i. Cloud Application Security Brokerage (CASB) for SaaS security and governance was already an established domain and it has been further transformed post-pandemic by a surge in SaaS usage. Additional aspects of data protection and DLP as also threat management during SaaS usage have become key aspects of consideration.
ii. Cloud Security Posture Management (CSPM), Cloud Workload Protection Platform (CWPP), Threat Vulnerability Management (TVM) for IaaS and PaaS security and governance was perhaps an emerging domain a couple of years back trying to break out from under the wings of the CASB domain which did little justice to the need of IaaS/PaaS security. Post-pandemic it has turned in to a domain of its own right and is transforming rapidly as we speak where many enterprise security leaders and practitioners seldom see beyond the tip of the iceberg that is EDR protection for cloud nodes while a gamut of security and compliance issues pertinent to IaaS and PaaS lie unaddressed which this domain can do full justice to.
(c) Data Security:
i. Data Lifecycle Management and Data Protection including its discovery, its classification & labelling based on content & context, its encryption and authorized access as also denial to unauthorised access & auditing of the same, its tracking to inventory which authorized entity has access to it at a given time, its revocation as/when required, its retention for as long as required, its delegated access as/when required to authorised delegates for compliance, legal, investigation & other necessary requirements, etc.
ii. Data Leakage Prevention (DLP) encompassing Email (and other collaboration channels such as Teams, Sharepoint, Office docs etc), End-Point (all OSs in all form-factors and at all locations on-prem and cloud), and Cloud (SaaS, data repositories, cloud shares etc.).
(d) Network Security: Perhaps the least important domain in perspective as it has become reduced to a carrier of identities and data/information.
(e) SecOps:
i. Security Information & Event Management (SIEM) to include aggregation of all events from all sources, their correlation to discern potential security incidents leveraging AI & ML to reduce human dependence and fatigue, and end-to-end management of security incidents in a scalable and management free (hence SaaS based) and easy to work/learn platform
ii. Security Orchestration & Response (SOAR) to include automation of workflows and remedial actions pursuant to security incidents and investigations
iii. User & Entity Behaviour Analytics (UEBA) to include infusion of user/entity context into security incident management
iv. Threat Intelligence (TI)of the dynamic global threat environment built-into the platform to make it intelligent about and capable of dealing with such threats
(f) I have glossed over Network security — it being a very traditional security domain which has by and large passed hands to IT Ops in the last few decades.
(g) I have also not done justice to critical areas such as Dev-Sec-Ops and Security skills shortage - which are very relevant and somewhat different issues to touch upon.