EDITOR’S QUESTION
HOW WILL WE SEE
CYBERSECURITY
STRATEGIES CHANGE
IN 2018?
//////////////////////////////////////////////////////////////////////////////////////////////////////////
Article by Mechelle Buys Du Plessis,
Managing Director – UAE, Dimension Data
2
018 will see a vast change in internal
security procedures moving towards
what is called a zero-trust security
model. IT departments of organisations are
spending millions of dollars while witnessing
successful breach of their defences.
Increasingly, the consensus appears to
be that the IT industry, with its sets of
sophisticated best practices, compliance and
guidance directives, is in some way today,
losing the game to smarter and innovative
groups of dispersed threats actors.
This is driving 2018 to be the comeback
year of the zero-trust security approach. IT
departments will do a reset of all end user
access registers, and assume that any end user
cannot be trusted until they explicitly establish
their identity before any requested access.
The zero-trust security approach does not
reject the flexibility of personal choice of
devices awarded to end users though the
BYOD policy. Almost ten years ago, the zero-
trust security approach would have meant a
strict ‘corporate device only’ usage policy. A lot
has happened since then and end users can
now select their secondary device of choice.
But it does mean that whichever device
is being used, verification of access to
data by the device will be much more
28
INTELLIGENTCIO
rigorous, though multiple layers of security
credentials. Vigorous authentication of end
users and their devices and their entitlement
to access corporate data, will soon become
the norm in the year ahead. with cloud-hosted security and identity
authentication solutions, compute latency
is a non-issue, while network latency is
now better controlled through service level
agreements with providers.
However, there is a critical rider in all this.
Implementation of the zero-trust security
approach will fail unless IT departments
revisit and review their cybersecurity policies
end-to-end as well. This will be taking into
consideration large-scale adoption of
hybrid cloud and access into multi-cloud
applications by end users. Such a ground-
up review of cybersecurity policies will help
realign existing gaps between on-premises
and in-cloud access, amongst others. A well-reviewed, ground-up, pan-organisation
wide cybersecurity policy enables an
organisation to engage extensively with
best-of-breed external managed security
services providers. This approach will help
organisations to enhance and reinforce their
cybersecurity profiles in areas they consider
as required and necessary, rather than
pursuing an adhoc pellet-gun approach.
It will rigorously apply micro-segmentation
for growing multi-cloud access that is
responsible for driving digital transformation
and development of innovative and new
business processes by decision makers,
leading to net new revenue. The result – a
new generation of cybersecurity policies that
have been revamped and made future-ready
for an organisation’s digital journey and
digital transformation.
A valid counter-argument often cited to
such a wide-scale and profound zero-trust
approach in the past were the delays in user
access and reductions of user productivity
due to system and network infrastructure
latencies and non-responsiveness. However,
A well-reviewed and prepared cybersecurity
policy can also be enhanced by the usage
of blockchain technologies. Using an
organisation’s blockchain solution to keep
a record of user authentication and access
requests is a huge leap into path-breaking
standards of compliance and audits.
No longer can log data go missing or be
compromised by accidental or intentional
efforts of cover ups.
Blockchain technology and usage of an
external managed security service provider
marries the best of both internal and
external best practices, and hugely elevates
an organisation’s cybersecurity profile and
preparedness. Both are essential components
in the successful closure of an organisation’s
zero-trust security approach exercise.
www.intelligentcio.com