industryopinion
Next-gen cybersecurity: Cementing the future of
the web with zero trust Mike Johnson, CISO at Fastly, outlines the ‘zero trust’ mindset that will underlie the security stack of the future.
A
s the Internet continues to develop and the average time spent online soars, we have to be as vigilant as ever in ensuring the effectiveness of our cybersecurity strategies.
‘If you build it, they will come.’ Te sentiment is as true today as it
was in 1989 (when Field of Dreams came out - I know!). While the original sentiment of this statement was positive, it’s hard not to think of how aptly this also describes the current state of the Internet. It has been built from the ground up - sometimes artfully, and occasionally with a more slapdash attitude - and the users have certainly come, with just short of 5 billion of us having an active presence on the Internet in 2022. Tis huge audience has also meant - as is always the case - that cybercriminal activity is rife, with 2021 seeing 50% more cyberattacks per week on corporate networks, compared to 2020. Tis increased volume of attacks means we need to consider
cybersecurity strategies more than ever as we continue to develop the web. Apps need to be built with a security-first mentality to create more secure and resilient online experiences.
Implementing a security-first culture Real-world security is oſten perimeter-based: Te underlying principle is that we can build a security system to keep hostile elements out, and on the inside, we have an open compound. Simply put, we are focused on keeping attacks out, and worry very little about what goes on inside our own walls. Te assumption is that anyone who has access to the interior of the compound - real-world or digital - can have safe access to everything within it. Now, however, industry sentiment and best practices are changing.
Security is increasingly moving towards a model known as zero-trust, which is based on identity rather than location. Tis model forgoes the traditional compound-based security structure, and assumes you can’t trust anything either outside or inside your organisation. Entities must verify the identity of anything trying to gain access to a system before granting access. Embracing zero trust, and the stronger security controls that come
with it, is the future of online security. To enable these practices, organisations must create a culture where security is at the forefront of developers’ minds, fully integrating security into their DevOps practices from the ground up. From the very moment an app development begins, or the implementation process of an upgrade goes live, as many attack avenues as possible should be identified. Tis allows SecOps teams to implement testing and remediation earlier in the
18 | April 2022
development process, ensuring security is inherent to the dev cycle. As hybrid work patterns become increasingly common, and organisations lose the ability to closely monitor the networks and devices employees access data on, this approach will only become more important. Troughout the early stages of adopting a zero trust mentality,
organisations oſten struggle to find the balance between security and innovation; oſten thinking that the former can end up stifling the latter. To avoid this, the right technology and processes, built with the modern Internet and our modern ways of working in mind, can help security and development teams work hand in hand. Businesses today need to simultaneously consider how
interconnected we are, while also being conscious of the fact that we are spending more and more time working remotely. In their current setup, a large swathe of security teams are improperly equipped to deal with these working conditions. Indeed, ease is oſten prioritised over effectiveness, with security oſten getting tacked onto existing systems, instead of equipping these systems to deal with attacks themselves. Tis is exemplified by the reality of organisations spending an average of $2.6 million on 11 web application and API security tools every year, according to our report “Reaching the Tipping Point of Web Application and API Security.” Additionally, the perceived complexity of security oſten acts as a
deterrent for many DevOps teams, stifling effective collaboration with security operators. Te result is that security tools are neither used nor implemented to their full potential, leaving the door cracked to cyber attacks. Te solution to this is attainable, though. Instead of building
complicated security systems, we need tools that can plug directly into development processes and integrate with the tools DevOps teams use daily. Security solutions must provide automation, coverage for different architectures, and high levels of visibility and insight so that security becomes an enabler of innovation, not a blocker. Furthermore, we should leverage a more efficient, programmable network to ensure security stacks are scalable as the needs placed on them grow. In future, we’ll continue to see increased granular access control to
these security toolings – meaning the practice of granting different levels of resource access to individual users – but we must find a way to do it without impacting an app or website’s speed and performance. Clear user authentication is the key to this new security mentality, and moving it to the edge increases its ability to both perform strongly and effectively secure user privacy.
www.pcr-online.biz
Page 1 |
Page 2 |
Page 3 |
Page 4 |
Page 5 |
Page 6 |
Page 7 |
Page 8 |
Page 9 |
Page 10 |
Page 11 |
Page 12 |
Page 13 |
Page 14 |
Page 15 |
Page 16 |
Page 17 |
Page 18 |
Page 19 |
Page 20 |
Page 21 |
Page 22 |
Page 23 |
Page 24 |
Page 25 |
Page 26 |
Page 27 |
Page 28 |
Page 29 |
Page 30 |
Page 31 |
Page 32 |
Page 33 |
Page 34 |
Page 35 |
Page 36 |
Page 37 |
Page 38 |
Page 39 |
Page 40 |
Page 41 |
Page 42 |
Page 43 |
Page 44 |
Page 45 |
Page 46 |
Page 47 |
Page 48 |
Page 49 |
Page 50 |
Page 51 |
Page 52
