TECH TALK
“The only
consistency in
cyber hygiene is
how inconsistent
we are.”
deny-by-default. We’re talking about
an approach that’s far more nuanced
and sophisticated. When we harness
least privilege to ensure good, it’s about
striking the right balance between
security and the need for fast, flexible
service delivery. In other words, we’re
making security empowering rather
than confining. Just like brakes on a car:
the purpose is not to slow you down, it’s
to allow you to go fast.
Three core tenets of
ensuring good
There are three core tenets behind
ensuring good. First, leverage a secure
infrastructure to build least privilege
environments around applications.
Second, empower the ecosystem by
exposing the boundaries and context of
those environments and enabling the
ecosystem to align to those boundaries.
And third, make it simple and easy to
practice good cyber hygiene.
Secure infrastructure
A secure infrastructure changes the
rules of the game by enabling you to
quickly lock down critical applications
and data, architect-in security controls,
and facilitate a repeatable and focused
cyber hygiene process. This is not simply
an infrastructure that is built securely,
but rather one that enables you to
understand the relationship between
applications and infrastructure and
create least privilege environments
around them.
Infrastructure centred on ensuring good
needs to have native, built-in capabilities
that are architected in from the ground
up, with tight alignment to what we
care about most: applications and data.
Today, too many cybersecurity controls
are aligned to pieces of hardware buried
deep down in the infrastructure – a
72
INTELLIGENTCIO
Not because security teams don’t
understand what is needed, but because
cyber hygiene has become too difficult
in a world of constant change. Clearly,
we need to make it dramatically simpler
and easier to practice the five key pillars
of good cyber hygiene: least privilege,
micro-segmentation, encryption, multi-
factor authentication and patching.
When you examine the major security
breaches that made headlines over
the past few years, every one of them
could have been avoided completely,
or greatly reduced in impact if the
targeted business had followed these
basic principles.
Pat Gelsinger, CEO, VMware
router, switch, or server for example.
Why? Because in a hardware-driven
world, that’s the only place we can hang
them. In a software-driven world, we
have a rich and fluid canvas to work on
rather than a rigid set of hardware and
edge-based solutions.
Empower the ecosystem
The ecosystem of security controls
needs a privileged position in the
environment in order to effectively
focus on ensuring good. Those controls
must have access to rich context
about the applications and data they
are trying to protect, and ubiquitous
coverage for visibility and control.
Much of the ecosystem is already
expressing enthusiasm about the
game-changing notion of ensuring
good, as it begins looking for bridging
methods to sort through an otherwise
untenable stack of hay in search of
that elusive problem needle.
Cyber hygiene
Consistently executed basic cyber
hygiene is the single most effective step
we can take against breaches and a core
tenet of ensuring good.
And yet the only consistency in cyber
hygiene is how inconsistent we are;
we continue to fail in this space.
When it comes to security, the question
we typically ask is, “How do we secure
it?” What we should be asking is, “How
can we leverage our IT infrastructure in
new ways to transform security?”
In an era when the tech industry has
failed on cybersecurity, the time has come
to flip the security model on its head.
Introducing VMware AppDefense
VMware’s new security model, VMware
AppDefense, leverages the unique
properties of virtualisation to protect
applications running in virtualised and
cloud environments.
The new solution creates a least
privilege environment by capturing
the intended state of applications
and then monitoring how applications
behave when running against that
intended state.
By understanding the intended purpose
of an application, organisations can
now direct their security efforts to
monitoring a few key behaviours instead
of trying to detect every possible threat
– significantly shrinking the security
problem and lowering security costs.
This new security model radically
changes the current failing approach to
security. Instead of chasing a constantly
expanding and changing threat
landscape, it allows organisations to
focus their efforts on setting protections
around the applications and data that
need them most. n
www.intelligentcio.com