The increasing complexity and sophistication of cyber attacks have highlighted the need for organisations to adopt a consolidated security architecture. Reactive approaches to cyber attacks, which focus on addressing incidents after they occur, have proven expensive and ineffective.
These approaches often lead to complicated security operations, as organisations need help to integrate multiple siloed security solutions. Such fragmented approaches also create vulnerabilities in an enterprise’s security posture, creating gaps between different security tools and technologies.
To discuss the need for a consolidated security architecture, Cloudflare, in association with YourStory, hosted a panel discussion on Everywhere Security.
Fernando Serto, Chief Technologist & Evangelist, APJC at Cloudflare, and Sankalp Sharma, CTO, Sportskeeda, spoke about how the security industry has kept pace with the changing needs of organisations and employees, the biggest challenges security teams face, and ways in which organisations are establishing a consolidated security architecture.
Tackling an ever-evolving threat landscape
Serto highlighted the significant changes in the threat landscape and the attack surface for organisations over the past few years. Previously, when most work was conducted in office environments, organisations had more control over network infrastructure and application deployment. Connectivity and performance could be predicted and managed, often relying on specific telcos for global connectivity.
However, the landscape has rapidly evolved. The adoption of Software as a Service (SaaS), Infrastructure as a Service (SaaS), and various cloud environments has surged. Simultaneously, users now expect to work from anywhere and desire a consistent experience whether accessing personal apps or corporate-grade applications. This shift has introduced new challenges for organisations.
“Technology has evolved at such a pace that it’s enabling organisations to do better and have tools and capabilities to address a lot of the cybersecurity incidents that are still lingering around,” Serto noted.
Sharma provided a nuanced perspective, drawing from his experience managing a private data centre and working in an online business. In the past, the focus was on securing the perimeter with strong firewall rules and limited access points. However, with the evolving nature of security threats, this approach is now considered an anti-pattern.
“You don’t know what you don’t know,” Sharma quipped.
Relying on continuous authentication
In SportsKeeda’s online business, physical boundaries cannot define what is trusted and what is not. They have to adopt an ‘always validate’ approach, where trust is not based on the location of a network device but on continuous authentication of actors attempting protected operations.
Additionally, SportsKeeda’s geographically distributed and remote workforce poses unique challenges for security. Despite these challenges, Sportskeeds has been successful so far in addressing the security requirements.
The discussion emphasised the point that while vulnerabilities have always existed, but the dynamic and ever-changing nature of the current environment poses the biggest challenge. Although responsible disclosure of vulnerabilities has improved the understanding of threats, knowing what needs to be defended in such a disparate and continually changing landscape is complex.
The threat landscape has transformed due to the widespread adoption of cloud technologies, the need for remote work capabilities, and the expectation of consistent user experiences. Organisations face the challenge of protecting their applications and systems in this highly dynamic environment, where vulnerabilities exist and the attack surface has expanded significantly.