Home Software & Security What are some of the challenges of Cybersecurity?

What are some of the challenges of Cybersecurity?

by Susubiribi
  • Network-based security does not “bend” to hybrid or diversified situations (you cannot stretch your firewall into AWS).
  • Why Newer computing architectures, such as Linux containers, have a temporal and rapid life cycle that is too fast for old, manual network management techniques.
  • Most importantly, the networking segmentation approach, such as VLANs or zones, exposes too much attack surface to undesirable actors.

If one workload is compromised with malware, all workloads are at risk of infection. In this era of increased worry about APTs and data exfiltration, the classic network segmentation paradigm is inadequate security. Consider an infected container that moves throughout a data center and is not partitioned from transmitting and receiving communications.

So what can enterprises do?

  1. Protect key assets by enclosing them in a ring. Find a mechanism to separate high-value assets from low-value computational infrastructure. This “security” measure will not discourage a determined hacker, but it will make connectivity with critical systems much more difficult.
  2. Integrate security and segmentation into the application development process. To reduce inter-application communications, more granular security restrictions could be built directly into application structures.
  3. The best protection is dynamic adaptation. Implement an adaptive security architecture in which security moves and adapts with dynamic compute assets — such as Linux containers or vMotion — without the need for human involvement. Neil McDonald and Peter Firstbrook of Gartner wrote one of the greatest essays on this technique last year.

Many of the CISOs I’ve met have mentioned that the first six months on the job are spent determining the most valuable and at-risk behaviors and taking steps to mitigate the risk. How will they be able to take such measures while still dealing with the catch-22?

Only by involving the security, infrastructure (e.g., networking), and applications teams in rethinking the application development cycle from a security standpoint can this transformation be made. These groups must work together to understand and invest in the types of security measures that support distributed computing’s rapid and dynamic workflow. The attack surface will be reduced, while the difficulty of infiltrating important information assets will increase.

You Might Be Interested In

Related Articles

Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.

This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. Accept Read More...

Subscribe To Our Newsletter

Subscribe To Our Newsletter

Join our mailing list to receive the latest technology news and updates.

You have Successfully Subscribed!