It is often assumed that the network security team will be able to protect the organization from any new digital initiatives the business decides to adopt, but most legacy security infrastructure is just not designed to expand easily across new technologies. For instance, if the business requires a new e-commerce portal or remote workers brought up in record speed, can the network security adapt? 2020 made it clear the essential nature of these digital initiatives, and many executives are now asking their organization to further accelerate digital business so the burden on security teams to keep up is not going away anytime soon.
In fact, a 2021 Gartner survey of CIOs revealed that 76% of CIOs saw business demand for new digital products and services increase in 2020 and 83% predict this demand will rise further in 2021. So, the challenge will only increase as management doesn’t always consult the security team when selecting new technologies. For the security professional, it’s not just a matter of procuring a new product; it’s a matter of shifting foundational infrastructure approaches to be more adaptable and agile. That’s why network security leaders need to automate and simplify virtualization of their infrastructure to effectively respond to the security challenges of these accelerated digital initiatives.
Challenges for network security in the new world order
Changing work patterns, new cloud technology trends and accelerated business demands are just some of the factors which are forcing organizations to adopt new network security approaches. Let’s look at these dynamics and the most pressing security challenges leaders face as digitisation takes place.
The move to hybrid cloud
The shift to the cloud is not in question. But the ideal mix of public vs private cloud is still being worked out. This hybrid model is looking particularly attractive as many organizations realize neither 100% public nor 100% private is the answer. A hybrid approach delivers the speed and scalability of the public cloud, with the control and reliability of the private cloud. Cloud-based technology allows companies to innovate faster, implement upgrades with more flexibility, and scale more quickly and cost-effectively.
This moves the goal posts for security leaders as the perimeter is now anywhere and everywhere that sensitive data exists, meaning that physical, fixed approaches to network security won’t cut it anymore. Security leaders need to secure their hybrid cloud environments against the challenges of:
- cloud migration: As migration occurs there’s a greater risk of data breaches or accidental data loss.
- evolutionary threats: Cybercriminals are constantly adapting, and with the advent of the cloud, many have now shifted to target the latest cloud applications.
- an ever-expanding attack surface: With a hybrid environment, the attack surface is greater because you need to connect more applications, software, services, platforms, and networks. Providing even more places for cybercriminals to attack!
Security challenge: Skills shortage
Addressing a skills shortage in this area is something that keeps network security leaders up at night. In a Logic Monitor survey 58% of organizations considered the lack of cloud security experience within their employee roster to be a big challenge.
Accelerated digital business demands
As many organizations were forced to adapt their business models or supply chain for COVID-19, business leaders realized they need to embrace digital business models and they want to see the transformation happen quickly. Digital business acceleration is not only about new technologies, it’s about automating and increasing the penetration of technologies used in a company, and using technology to automate processes to the fullest.
There are several challenges for the network security professional. Adopting a fully digital business requires the company culture to be adaptable and willing to invest financially, so the first hurdle might be one of gaining buy-in. Furthermore, security leaders are being forced to modernize cyber security at the same time that the rest of the organization is going through its own transformation. This means the security team needs agile, flexible, scalable solutions.
Security challenge: Automation
Just like the cloud, digitization creates a bigger attack surface, which needs to be understood, monitored and controlled by the security team. No-one has enough time or team members to consume all of the data from all of the controls to fully address cyber risk, so security leaders are being required to automate more than ever before.
Increase in remote workers
As we all know, COVID-19 has prompted the move to allow work at home permanently, but it has also created a range of quirky hybrid workforce models like the one recently announced by Google. In the Gartner study, these digital workplace initiatives were ranked highest in terms of priority for CIOs.
The cybersecurity risks from remote working are many and varied and include data leaking, not being able to track user activity, and maintaining compliance with regulatory requirements. There’s also an increased risk of phishing attacks, malware, and viruses, largely because employees are using devices for both private and company purposes.
Security challenge: Rightsizing
One of the biggest hurdles is rightsizing network security to adjust for the shifting workforce habits. Security leaders need to be able to quickly, easily, and dynamically alter security needs as remote working practices develop. It’s impossible to accurately predict future security needs; enterprises will either be hamstrung by not enough capacity, or over spending due to built-in redundancy or capacity in the wrong places.
Three requirements of new network security solutions
One of the biggest impacts of this new world order is the need for protection against an ever-expanding attack surface. The IT department needs to be able to scale threat protection more easily and quickly than has been possible with fixed, physical, hardware-based solutions.
This new approach requires:
- Highly modular architecture
CIOs are noting across the board the need for increased modularity, agility, and flexibility. Virtualized network security can quickly adapt to any changes in traffic capacity and encryption levels by scaling network security with a modular approach that makes it much more practical to control the uncontrollable. This model keeps IT dynamic so the security team is able to focus on other areas.
- Automated virtualization
While essential, virtualization is a challenge to implement and integrate, so security teams need a platform which automates the virtualization of their firewalls and other security processes. This keeps cybersecurity in sync with the pace of digital business acceleration.
- Cloud-based approach
This approach is much more familiar to all users. Not only does this make the implementation and integration of new security solutions quicker and easier for the network security team, it also makes it easier for less experienced team members to implement and use new technologies.
Like it or not, disruption has happened and will continue. Network security leaders recognize this requires a new approach to network security to protect the enterprise as these digital initiatives are implemented. There’s a widening attack surface with rising levels of encrypted traffic to be inspected and a fixed, hardware-based security infrastructure doesn’t provide the flexibility, agility and scalability required. Security professionals need to tackle this growing attack surface, as well as challenges like rightsizing, a skills shortage, and the need for automation – to name just a few – if they are to keep their organization safe.
Download our whitepaper, Now is the Time to Virtualize Your Network Firewall, to find out why network security leaders are virtualizing their on‑premise network firewalls to address the security challenges of today’s accelerated digital initiatives.