Intelligent CIO Africa Issue 11 | Page 71

TECH TALK Why tech has failed on cybersecurity Current attempts to manage today’s ever- evolving threat landscape are failing, and not through lack of innovate product development. VMware’s CEO, Pat Gelsinger, believes the answer may lie in flipping the existing security model on its head. I t’s time to acknowledge that the tech industry has failed our customers when it comes to cybersecurity and data protection. Our industry is built on trust. Trust that our software and hardware products work. Trust in the confidentiality of customer data, and trust in our ability to safeguard the integrity and availability of mission- critical systems. We earn that trust every day, by protecting our customers’ critical applications and sensitive data in an increasingly mobile and cloud world. The challenge is only intensifying, as application architectures evolve rapidly and as the apps themselves become a primary target for cybercriminals. Albert Einstein said, “The definition of insanity is doing the same thing over and over again, but expecting different www.intelligentcio.com results.” Unfortunately, that’s a good summary of our current approach to cybersecurity. Until we re-engineer our fundamental security model, we will be unable to dig ourselves out of this hole. Transforming cybersecurity: from chasing bad to ensuring good The problem is not a lack of innovative products. In fact, there’s tremendous innovation happening in cybersecurity today. The problem lies in our foundational approach, which is rooted in ‘chasing bad’. It’s a never-ending arms race, and we always seem to be rushing to catch up. When you’re chasing bad, you’re constantly looking for the proverbial needle in a haystack, across a very large attack surface. But what if we took the opposite approach? What if, instead of chasing bad, we flipped the entire model on its head and focused our efforts on ‘ensuring good’? When you focus on ensuring good, in effect you remove all the unnecessary hay, because you narrow down the exploitable attack surface exponentially. How? At the heart of ensuring good is a revival of the age-old cybersecurity concept of ‘least privilege’, where users and system components are given the absolute minimum level of access, function, and interaction required. In other words, unless you explicitly have access, you don’t. The big difference today – and the big breakthrough – is that we now have the ability to enforce least privilege at scale, without slowing down the pace of innovation or the businesses we serve. Ensuring good goes far beyond the rigid ‘lockdown’ methodology of INTELLIGENTCIO 71