If this year’s RSA is any indication, enterprises are beginning to understand they must secure the cloud and are learning how best to do it, while also embracing automation to reduce risk.
FireMon has always been an evangelist of the benefits of automation, and there many discussions of how organizations can reduce risk from misconfigurations resulting from security teams being overloaded by manual tasks. But there’s also signs enterprises are getting a better handle on shared responsibility for cloud security, while realizing they must see everything in their infrastructure in one place, including operational technology (OT).
The unifying concern at the RSA Conference is that everyone wants to understand where the security gaps are and ensure they don’t create any more.
Cloud security needs are becoming clearer
Security professionals clearly want to better secure rapidly scaling and increasingly complex hybrid cloud deployments — they know they must keep pace with the growing use of public cloud by lines of business.
They also want to know that any code pushed out to the cloud is inherently secure and will stay secure through proper configuration of each cloud platform, which differs from provider to provider. The good news is that the products and tools around cloud security are solidifying around specific security issues, such as identity management, and there’s more clarity around where these issues are located within a hybrid environment. Products are bearing down on those issues and trying to find the edge.
Visibility includes OT
Part of fully mapping the growing hybrid cloud is having a complete picture of their infrastructure that includes OT. How you do secure it and how do you handle the gaps between OT and IT?
Enterprises realize they must see OT and bring it together with their view of on-premise IT and cloud deployments, as well as Internet of Things (IoT). Security vendors that attended RSA this year are making big strides with offerings that address OT. FireMon’s position has always been that you can’t manage what you can’t see, and that it’s essential to see everything if you’re to fully mitigate risk; that’s why we’re so focused on integrating Lumeta into the overall FireMon solution. OT is like any other endpoint, including IoT devices, and it must be seen and secured.
Fourth party risk must be managed
The rising awareness that OT must be secured is accompanied by wanting to fully understand the “security supply chain,” including an emerging concept that’s known as “fourth party risk.”
Enterprises want to know that companies such as FireMon, which use data from customer installations to provide superior support, are in fact the ones processing and storing it. They want certainty that the third parties they employ are storing its information securely, and that if there is another party involved — an extension of the security supply chain if you will — that any fourth party risk is mitigated.
Closing gaps means making sure security teams and DevOps are better aligned and embracing automation so nothing falls through cracks in the process. In a sense, this is security’s own “Six Degrees of Kevin Bacon,” and having certainty and clarity about each link in the security supply chain.