The Rise and Fall of Enterprise Security Technology

Over the past few years “security” has become a buzzword across many industries, and for good reason. With the threat of data breaches haunting industry stalwarts, household brands and countless consumers, companies are paying more and more attention to their in-house security strategies.

To be smart about security, IT professionals need to think like a detective. We need to think like the “bad guys” to protect the “good guys,” and identify weaknesses before they are exposed.

However, more than 315 technology and security professionals surveyed in the 2018 Black Hat attendee survey revealed that when it comes to defending against cyberattacks, only three types of technologies were rated as “very effective” or “somewhat effective” by a majority of participants: encryption, multi-factor authentication tools and firewalls. The remaining technologies—including mobile security tools and data leak protection—were ranked “effective” by fewer than half the respondents. Passwords, perhaps the most universal of security technologies, were rated “effective” by only 19 percent of security professionals and “ineffective” by 37 percent.

Despite the broad availability of security technologies, there has been a rise and fall in the effectiveness of certain technologies, as the broader landscape shifts and hackers get smarter. Exploring the available security technology through the eyes of “on the ground” technology and security professionals better enables us to identify why the three leading tools earned their recognition as most effective—and how the industry is effecting that change.

The Modern IT Landscape

New technologies such as artificial intelligence (AI), machine learning and hybrid cloud have significantly influenced the effectiveness of security strategies that may have been successful just five years ago. While IT teams are eager to implement new technologies, they cannot allow their security practices to fall by the wayside—in lockstep with the introduction of next-generation technology, some security practices have become obsolete in turn.

Modern security strategies must remain fluid: Treating your security practices as an afterthought can be dire for an organization in the modern IT landscape.

However, many organizations may be unsure where to start when it comes to security processes, protocols and figuring out which technologies are best for their businesses. Smaller organizations specifically may not have a full-time security officer, but it is important to have a member of the IT team trained in security or a contractor who can assess the current status of the security practices and determine where the weakest links are. Once the assessment is complete, it should be clear which security strategies should be implemented. Following a companywide security audit, for example, you can decide if dual authentication is needed in the sales department or if encryption is needed in finance. Security plans are not one-and-done, they should evolve as you assess your business’ needs and the changing technology landscape.

The Tools of the Trade  

While a strong security strategy is comprehensive, three technologies emerged as leading underlying protocols in 2018—encryption, multi-factor authentication and firewalls—and are crucial assets to any cybersecurity arsenal.

  • Encryption: Many federal organizations have been successfully using encryption for years. IT organizations should consider it as part of their security plan as well. Even when implemented at the most basic level, encryption can be a great asset for a company. If a company laptop is stolen, for example, the private, proprietary company information stored on that device can be subject to exposure. The laptop user may believe they’re doing well at keeping their documents and personally identifiable information secure, but we all know how easy it is to make errors, such as saving a document in an insecure place. Encryption can act as a safety net: The processing power needed to even try to break encryption is extremely challenging and is a lengthy process, so while a file might be in plain sight, a thief will not be able to access the data and it will be rendered useless to them.
  • Multi-factor Authentication: Long gone are the days when your primary device password could be your favorite color in all lowercase. Truthfully, you shouldn’t just have one password anymore. Most security questions can be easily guessed or researched now: a quick online search can lead hackers directly to your mother’s maiden name or your high school mascot. The extra layer of security provided by a multi-factor authentication tool is necessary in 2018. With multi-factor authentication another layer of security is added, whether it’s a token or a four-digit code sent to you via an approved communications channel (email, text or even a mobile push authentication tool). It’s another way the good guys have outsmarted the bad.
  • Firewalls: Firewalls remain a leading, effective security technology. Firewalls have been around since the 1980s and are still an excellent defense for an IT team. With a firewall you can create rules, stay on top of controls, filter traffic and keep people within the organization safe.

Staying Ahead of the Game

While encryption, multi-factor authentication and firewalls are all excellent security management tools, there is one other invaluable tool—user education. As they often say in sports, “Your best defense is a good offense.” User education should be viewed as an investment in your IT organization. Almost every company now has a budget devoted to security, but rather than spending it all on hardware, it’s important to spend some on helping your teams understand risks and best practices. Humans are often security’s weakest link. Understanding how to create a smart password or when not to click on an email can make a world of difference in an organization’s success when it comes to security.

With today’s ever-changing technology landscape, it’s more important than ever to stay aware and educated on current security trends, as well as those that have been rendered ineffective. A flexible and custom security plan that is maintained regularly can be invaluable in today’s technology climate.

Featured eBook
Speed and Scale: How Machine Identity Protection is Crucial for Digital Transformation and DevOps

Speed and Scale: How Machine Identity Protection is Crucial for Digital Transformation and DevOps

Digital transformation requires new approaches to security, demanding the protection of machine identities that enable authentication and encryption required for secure machine-to-machine communication. Solving machine identity protection challenges within DevOps environments, requires a fundamentally new approach. Information Security teams must deliver a frictionless, automated solution that allows DevOps engineers to seamlessly provision and manage certificates ... Read More
Venafi
Destiny Bertucci

Destiny Bertucci

Destiny Bertucci is Head Geek at SolarWinds. Bertucci holds a broad array of certifications and degrees, such as CCNA, (ISC)² Methodologies, CompTIA IT Operations Specialist (CIOS), CompTIA Secure Infrastructure Specialist (CSIS), INFOSEC, database development degree, BS IT Security, and SolarWinds Certified Professional®. In her 16 years as a network manager, she has worked in healthcare, federal, and application engineering, allowing her to be a successful SolarWinds senior application engineer for over nine years. She started her networking career in 2001 by earning CCNA/Security+ certification and launching a networking consultant business. After using SolarWinds® tools for many years, she joined the company and continued earning certifications and degrees to expand her professional reach into database development and (ISC)² methodologies. Customizing SolarWinds products, while working on setups and performance, deepened her knowledge of the complete SolarWinds product line. She is now skilled and experienced in network, security, application, server, virtualization, cloud, and database management.

destiny-bertucci has 2 posts and counting.See all posts by destiny-bertucci