But the cybersecurity industry has been going through a decade of change, and together we’ve arrived at yet another inflection point. Today’s distributed enterprise has everyone working from many different locations while accessing data wherever it may reside, be it a private app hosted within a corporate data center or an app hosted in a public cloud.
These apps are everywhere and so are our employees. We have a new class of aptly-named anywhere workers that corporate cybersecurity teams have to support. As a result, security today has to get closer to the data and the person—an employee, contractor, partner, or customer—working at the edge of our enterprise.
For IT and security, SaaS and SASE are as common in the everyday vernacular as Zoom and instant message.
Companies are more dynamic and productive in this SaaS-based world, driven by employees who demand it. The world is unabashedly digital. Services are ubiquitous. This is the world we call the “unbound enterprise.”
Protecting the unbound enterprise without getting in the way of productivity is something I have been thinking a lot about, particularly since joining Forcepoint as CEO.
The ways in which security must evolve to protect the unbound enterprise was also the theme of my keynote at RSA 2021 yesterday (watch it below).I had the pleasure and the privilege of discussing these issues in a fireside chat hosted by UK tech journalist Georgie Barrat.
I’d love it if you would spend a few minutes watching our fireside chat and sharing your feedback, but if you can’t, here’s a recap:
- Hackers and attackers are always trying to exploit a change in our environment.
Remote work has exponentially increased the attack surface. Last year, there were about 46,000 phishing sites coming online every week, bad actors going after users. The threat of ransomware is as foreboding as nuclear winter during the Cold War (remember those days?). Even industries that aren’t traditionally digital are under attack, as we’ve seen with critical infrastructure such as Colonial Pipeline.
- Where organizations really struggle today is knowing where the perimeter really is.
The perimeter is no longer the corporate network—it’s the individual and data. Employees are working from home, in hotels, or depending on your geography in the office of a customer or partner. The data people are accessing and using are inside a private data center or part of a public cloud. As data consumption has physically changed to “anywhere”, security now has to be “everywhere.”
- How you deliver security to the right place and right time is the real challenge.
Today’s reality is hybrid. For compliance or competitive reasons, our customers and partners must continue to maintain private apps, so we must deliver the same level of comprehensive security service regardless of whether the app is on-prem or cloud. To do this, we need to provide a unified enforcement policy to protect data wherever it is accessed.
- Security must evolve to account for the vagaries of user behavior.
Traditionally, security was binary. Users or their actions were either good or bad. Today, understanding the nuances of behavior and the intent of users is critical, table stakes in practical terms. The only way we can move left of breach or data exfiltration is by gaining the richness and context delivered in understanding user intent.
Today’s reality is hybrid. For compliance or competitive reasons, our customers and partners must continue to maintain private apps, so we must deliver the same level of comprehensive security service regardless of whether the app is on-prem or cloud. To do this, we need to provide a unified enforcement policy to protect data wherever it is accessed.
Together, we must bring security frameworks forward to enable the unbound enterprise.
Converging capabilities into a cloud-delivered service is paramount. So is opening up a secure ecosystem of services, where cybersecurity leaders like Forcepoint can provide APIs to partners to help support joint customers that have already invested in security. Security has to move at the same speed as digital transformation and to do this it must extend technology investments, not force rip-and-replace processes. This is how security will also drive today’s unbound enterprise forward. If every CISO doesn’t take this seriously, businesses will be left behind. You can’t afford not to do it.