Throughout Tufinnovate Boston, a topic on the minds of most attendees was the Tufin product roadmap. What does Tufin have up its sleeve? Always a popular session, Tufin’s VP of Products Ofer Or began by discussing the state of cybersecurity and market trends – particularly, digital transformation. Organizations are adopting digital transformation at an impressive rate. But digital transformation doesn’t equate to better security; in fact, security is getting worse. According to Accenture, security breaches are up 11% since last year.
Ofer raised the question,” Why is this happening? You’d think with better technology, automation and IT, security would also improve.” Ofer explores three main reasons why security is getting worse despite the promises of digital transformation.
- Cybersecurity skills shortage
Cybersecurity positions are difficult to fill, and even when the positions are filled, it’s hard to keep the right people. Automation is becoming more widely adopted as a way to mitigate the cybersecurity skills shortage, increase the productivity of the existing IT security teams, and improve security posture. “So, problem solved; let’s just automate everything, right?” Ofer asked the audience.
But it’s not that easy. Automation involves navigating a sophisticated security fabric made up of multiple products in multiple disciplines developed by multiple vendors. Adding to the challenge is the fact that legacy products aren’t necessarily designed to support automation.
- Let’s talk about trust…
Trust leads to access to capabilities between entities that otherwise should not be possible. But trust isn’t a “one and done” concept; it changes along with the business. Digital transformation disrupts the traditional mindset of “inside means trusted” and “outside means untrusted.” That no longer holds true as you can’t assume trust at all. Threats can be anywhere, including inside the organization.
Taking that a step further into today’s DevOps world, application owners are programming the infrastructure. While they’re professionals at what they do, they aren’t IT or security professionals, and they can make mistakes.
To combat these challenges, organizations are adopting Zero Trust:
- Trust is not assumed
- Threats exist everywhere
- Location does not constitute trust
- Everything needs to be authenticated and authorized to be trusted
- Policies need to be dynamic
- Cloud security
Not only is Ofer seeing wide adoption of cloud, he’s also seeing an increase in organizations taking a cloud-first strategy. The challenge is that despite the prominence of cloud, there is still no best practice when it comes to cloud security. Cloud adoption challenges operations teams to work differently, but they aren’t security professionals.
What does all this mean for Tufinnovate attendees and Tufin users?
Ofer ended his session with an overview of the Tufin product roadmap and new features and functionalities that customers can look forward to that address the above challenges. But we can’t give away all our secrets, so you’ll have to stay tuned as we roll out these updates over the coming months.
The Tufinnovate audience represents a broad spectrum of Tufin users. Some are new customers who are just getting started with their deployments; others have been Tufin customers for years and are further along on their journey. The Automation Journey breakout session addressed this range of users.
When starting your automation journey, it’s crucial to start small and tackle the lowest-effort projects that will bring the greatest return on investment. The session provided a breakdown of the journey in terms of three milestones: rule cleanup, firewall admin automation, and application-driven automation. At the peak of the automation mountain is Zero Touch Automation.
No matter where an organization is in their automation journey, Tufin has tools and capabilities that help you take a phased approach and ultimately reach the top of the mountain.
Speaking of the automation journey, we heard from another Tufin customer about how they started using SecureTrack in 2012 and how their use of Tufin has transformed over the years. Since deploying SecureChange in 2018, they moved from a manual process that involved copying changes from the product into a shared file via Excel spreadsheet to being able to push changes to multiple gateways and having full visibility into their network.
That’s a wrap on Tufinnovate Boston 2019. Thanks to all the customers, partners, and sponsors for another great year. We look forward to Tufinnovate EMEA, taking place in Lisbon on September 10-12.
*** This is a Security Bloggers Network syndicated blog from Tufin - Cybersecurity & Agility with Network Security Policy Orchestration authored by Susan Rivera. Read the original post at: https://www.tufin.com/node/2415