The central dilemma posed by digital transformation is this: How do companies reap the benefits of high-velocity software development without creating onerous security exposures?
Related: Golden Age of cyber spying dawns
The best practices standards and protocols to pull off this delicate balancing act have been thoroughly vetted and are readily available. And there’s certainly no shortage of sophisticated technology solutions.
So what’s missing? Why have organizations, of all sizes and in all sectors, failed to make more progress shrinking a security gap that appears, in fact, to be inexorably widening?
These were questions I discussed at RSA 2019 with Samantha Madrid, a veteran executive in the enterprise security space, who recently joined Juniper Networks as vice president, security & business strategy. Juniper has been in the vanguard of integrating security deeper into the plumbing of modern business networks.
Madrid observed that the white noise of overlapping marketing messages has not made it any easier for enterprises to chart a truer course for securing their networks. One of the first things Madrid told me she did when she arrived at Juniper was to ask her colleagues to stop using marketing buzzwords.
“A vendor should be able to explain, in simple terms, how they can help solve a customer’s problem,” she said.
Having covered tech security since 2004, I can attest that there is plenty of room for more clarity, and less hype, in security products marketing. To hear my conversation with Madrid in its entirety, please give a listen to the accompanying podcast. Here are excerpts edited for clarity and length.
LW: Can you frame the security challenges companies are facing in today’s very dynamic environment?
Madrid: I’ve been in this industry for close to 25 years, and up until this point security has been mostly about packaging various technologies and applying them at various points around the perimeter. But where we are right now is that our customers are trying to wrap their arms around vast amounts of data. From a security standpoint it’s about really thinking through a connected security strategy for your organization.
LW: What are some of the successful approaches gaining traction
Madrid: It’s not about taking a rip and replace strategy. That’s a wrong way of looking at it. It starts with leveraging your existing footprint. A vendor should be coming in and providing an architecture that allows you to leverage your existing investments, and leverage the data coming from digital transformation. It should be about bringing all of that together through a connected design. It’s no longer about just what’s happening at a gateway, it’s about what’s happening at all points of the network.
LW: Because that’s where the threat actors are probing?
Madrid: The folks targeting your environment are persistent and very focused. So you need to have eyes, and intelligence gathering, at all corners of your network, private and public. You need to understand how your apps are behaving, and how your users are behaving. It’s about safeguarding your users, your applications and your infrastructure. You can do this by understanding who, and what, is on the network; and by automating policies. That’s what connected security is about and that’s how we have to start framing the conversation, moving forward.
LW: How do you triage all of these things?
Madrid: A great way to start is by looking at what you have, in terms of security capabilities. And then when you start down a path, like multi-cloud, security needs to be a part of that design. It’s more than just running workloads. It’s about making sure you have the ability to orchestrate and automate policy. Anytime you venture to a new initiative that is a great time to take inventory of what you have, or don’t have, and have these kinds of discussions.
LW: Why does it seem like companies have been slow to grasp the security ramifications of digital transformation?
Madrid: I don’t envy customers, frankly. You walk through a show, or go to a vendor’s website, and you’ll see every vendor out there using the same terminology. So how do you figure it all out? My response is, ‘Don’t try to figure it out.’ Start with the problem you’re trying to solve, and focus on the business outcome you’re looking for.
It might be endeavoring to let users bring any device they want on the network. Or maybe it’s a multi-cloud implementation. So know the problem you want to solve first, and then have the conversation with the vendor.
LW: You’ve just joined Juniper; what does the company bring to the table?
Madrid: If you step back, security in many organizations has been siphoned off, and become a very siloed function. There’s been a lot of repackaging and a lot of buzzwords circling around every year. As an industry, we really have not moved the meter, in terms of helping our customers, by and large.
What excites me about Juniper is the fact that security is a part of the infrastructure, whether it’s distributed, or whether it’s more traditional in design. And, frankly, we’re battle tested. We support the world’s largest networks and we can bring high performance security, at scale; whereas, historically, you’d have to make a tradeoff. With Juniper you don’t have to make that tradeoff. So that’s what excites me.
*** This is a Security Bloggers Network syndicated blog from The Last Watchdog authored by bacohido. Read the original post at: https://www.lastwatchdog.com/qa-how-cutting-out-buzzwords-could-actually-ease-implementation-of-powerful-security-tools/