Hyper competition, globalization, economic uncertainties — all of it converging to drive a C-suite impetus for the business to become more data-driven. Organizations invest in more data science and analytical staff as they demand faster access to more data. At the same time, they’re forced to deal with more regulations and privacy mandates such as GDPR, CCPA, HIPAA, and numerous others. The outcome? The current methods meant to serve them — usually an overburdened IT team — end up failing, resulting in an alarming amount of friction across the entire organization.

The heart of the friction

Friction across the enterprise ecosystem impacts every part of the value chain. It’s driven by three primary dynamics:

Increasing number of analysts and data scientists asking for data.More regulations and policies required to enforce.A tectonic shift of data processing storage to the cloud.

Analytical demand

Over the last two to three decades, analytics have gone from the domain of IT to business self-service analytics. For the traditional financial and summary type reports, this is easy since data comes from curated and structured data warehouses. The newer self-service demand is for non-curated data for purposes of AI and machine learning.

Regulatory demand

More regulations result in more policies, but the bigger impact is going from passive enforcement to active enforcement. Passive enforcement relies on training people and hoping they’ll follow proper protocol. Active enforcement establishes a posture where systems proactively stop people from hurting themselves or the company. For example, a zero trust framework would assume you should only have access to the data you need and nothing more.

Moving to the cloud

With the move to the cloud, we don’t just move data outside our traditional perimeter defenses. The platforms separate storage from processing or compute with different styles of compute to serve different analytical use cases. The result is an exploding number of policies applied across dozens of data technologies — each with its own mechanism for securing data.

A use case for balanced data democratization

Privacera worked with a major sports apparel manufacturer and retailer on its data-driven journey to the cloud. The client’s on-prem data warehouse and Hadoop environment turned into a massive set of diverse technologies: S3 for storage and a host of compute and pressing services like EMR, Amazon Web Services (AWS), Starburst, Snowflake, Kafka, and Databricks. GDPR and CCPA emerged as critical mandates that had to be enforced actively. Hundreds of analysts excitedly tried to get access to the new data platform, outnumbering the IT support staff. The result was more than 1 million policies, and they only managed to get around 15 percent of their data into the business’s hands.

The solution: Centralized policy management and enforcement for their entire data estate. Here are the elements of their centralized data security governance:

Real-time sensitive data discovery, classification, and tagging to identify sensitive data in newly onboarded data sets from trading partners.Build once, enforce everywhere. Policies are built centrally in an easy to use, intuitive manner. Those policies are then synchronized to each underlying data service where the policy is natively enforced.Built-in advanced attribute, role, resource or tag-based policies, masking and encryption to define fine-grained controls versus the previous coarse-grained model.Real-time auditing of access events, monitoring, and alerting on suspicious events.

The result: The client reduced the number of policies by 1,000-fold, onboarded new data 95 percent faster, and got 100 percent of the data into the business’ hands. 

The new way forward

Gartner’s State of Data and Analytics Governance suggests that by 2025, 80 percent of analytical initiatives will be unsuccessful because they fail to modernize their data governance processes. The challenge for CIOs and data and privacy leaders is these mandates are often not owned by a single person. CISOs often feel they own the security posture but not the enforcement. The data leader focuses on the analytical output and insights. The CIO is often left holding the bag and needs to pull it all together. In its recent Hype Cycle for Data Security 2022, Gartner suggests 70 percent of the investment in the data security category will be toward broad-based data security platforms that can help organizations centralize data access and policy enforcement across their diverse data estate.

Learn more about balancing performance and compliance with powerful data democratization. Get your free copy of the Gartner Hype Cycle for Data Security 2022.

Data and Information Security

By John Davis, Retired U.S. Army Major General and Vice President and Federal Chief Security Officer for Palo Alto Networks

What critical innovations can change the balance in cybersecurity, providing those of us responsible for defending our organizations with more capabilities against those who would do us harm?

This is not just a theoretical exercise. It is something all of us in cybersecurity need to understand — and a key national security priority.

I’ve given this question considerable thought in my role advising many of my former colleagues and other leaders in the U.S. government. In my view, there are two key interrelated developments that can shift the cybersecurity paradigm. They are:

Innovations in automation.Software-based advanced analytics — including big data, machine learning, behavior analytics, deep learning and, eventually, artificial intelligence.

I’m not saying these innovations can reverse the historical advantage offense has had over defense. But improved use of automation — combined with software-based advanced analytics — can help level the playing field.

Cyber threats are increasingly automated using advanced technology. Unfortunately, defense has continued to employ a strategy based mostly on human decision-making and manual responses taken after threat activities have occurred.

This reactive strategy can’t keep pace against highly automated threats that operate at speed and scale. The defense has been losing — and will continue to lose — until we in the cybersecurity community fight machines with machines, software with software.

Prevention is key

Any good defensive strategy should be comprehensive with protection, detection, response, recovery, and resilience. Prevention is key, especially in today’s complex environment. That is where we have not invested enough — and where automation and advanced analytics can make an enormous difference.

First, let me define what I mean by prevention, starting with understanding the basic cyberattack process, sometimes referred to as the cyber threat lifecycle. This process consists of seven steps:

Probing;Developing a delivery mechanism to get to a victim or target;Exploiting a vulnerability in the network environment;Installing malicious code;Establishing a control channel;Escalating privileged access;Moving laterally within the network environment.

These steps usually occur in that order, but not always. The final step defines a successful attack, which could be encrypting data for ransom; exfiltrating sensitive data; exposing embarrassing information; or disrupting/destroying targeted systems, devices, or data.

Modern cyber threat actors can work their way through the attack process more quickly than ever with advanced software and machines.

But the process still takes time — allowing defenders to see and stop a threat at any step in the process. To do so, however, defenders must have complete visibility across their network environment and be able to deliver protections everywhere automatically. Therefore, they need both sensors and enforcement points. Just seeing malicious activity without being able to stop it won’t change the dynamic between offense and defense.

Tackling speed and scale

Automation lets security teams fight machines with machines and save their most precious resource (people) to do things that only people can do better and faster than machines. This includes hunting and deep, high-end analysis. Any other approach will never keep pace with the speed and scale of modern cyberthreats.

Software-based advanced analytics enable security teams to fight software with software. They make it possible to deploy sensors and enforcement points in all critical places in a network environment. More importantly, they enable the integration between the sensors and enforcement points.

With advanced analytics, any type of suspicious behavior in a network environment can be quickly matched to the attack process used by all known threat actors or organizations. Analytics can even identify a threat never seen before or a possible threat not directly matched to a known bad signature or activity.

Using machine learning algorithms, a decision can be rendered in near real-time — less than 10 minutes is state-of-the-art today — and a protection can be delivered automatically to stop the threat everywhere in the organization’s enterprise environment without the need for any human intervention.

Defenders have access to an enormous amount of data from networks, endpoints, and clouds. The right kind of data includes cyber threat indicators of compromise as well as contextual information. It does not include traditional policy and legal landmines such as personally identifiable information, protected health information, intellectual property, or surveillance-related data.

Leveraging this data, it is possible to act at speed and scale with a very high degree of precision, achieving false positive rates of less than one percent. The key to this kind of effective defense is complete, continuous, and consistent visibility and security controls across all elements of an organization’s network environment — from the network to the cloud (public, private, hybrid, multi, SAAS) to endpoint and IoT devices.

Stopping threats, mitigating risk

Cybersecurity protections that leverage automation and advanced analytics are available today and getting better as time goes by, with more of the right kinds of data to drive automated decisions and protections.

Best case, the use of these two innovations enable security teams to see and stop cyber threats before they are successful, providing an advantage for the defense. Worst case, they let security teams limit the damage of a successful attack to something determined to be an acceptable level of risk.

Why is this so important? Eliminating or reducing the advantage that cyber offense has over defense is critical to creating a more stable cyberspace. Traditionally, when offense has the advantage, it creates enormous instability. When defense has the advantage, it creates a more stable environment.

We’re living in a world with an unacceptably high level of instability in the cyber domain. The risks of miscalculation, misinterpretation or even a plain mistake are just too high. Effective use of automation and software-based advanced analytics can help level the playing field between offense and defense and create a much more effective cybersecurity posture for any organization.

About John Davis:

John is a retired U.S. Army Major General and Vice President and Federal Chief Security Officer for Palo Alto Networks, where he is responsible for expanding cybersecurity initiatives and global policy for the international public sector and assisting governments around the world to successfully prevent cyber breaches.

Data and Information Security, IT Leadership

Does your organization need to improve security and upgrade its IT infrastructure? If so, you’re not alone. Those are the top two reasons for the rise in EMEA IT budgets, according to the Foundry 2022 State of the CIO study.

These priorities are in response to an ever-evolving business and security landscape. IT departments are under increased pressure to provide resiliency amid new and advanced cyberattack risks, ongoing supply-chain disruptions, digital transformation efforts, and the complex hybrid workplace.

It’s a tight balancing act to ensure both security and resiliency, especially if like most organizations, you have a lean IT staff or there are skills gaps within your teams. But that’s where managed services can help.

How to balance security with resiliency

Most organizations recognize the need to increase cybersecurity protections; this is the top priority among 63% of EMEA respondents to the State of the CIO survey.

It’s a significant challenge. Although digital transformation efforts were already underway prior to COVID-19, primarily driven by the need for speed and efficiency, the pandemic escalated those initiatives. In some cases, it created even greater complexity as enterprises bolted on solutions and tools for the remote workforce.

These implementations have also led to security gaps and vulnerabilities. As a result, many organizations are grappling to manage and protect a complex web of IT architecture that spans on-premises, hybrid and multi-clouds, and edge environments.

How can enterprises balance the needs for robust security and resiliency for ongoing business operations? It starts with those cybersecurity protections and gaining the ability to anticipate, protect against, withstand, and recover from any cyberattack to minimize disruption.

A cyber risk framework can help provide these capabilities. It should include:

End-to-end security assurance that provides reliable quantification of cyber risk throughout the enterprise. It also maintains and manages compliance via the consistent application of policies and controls, as well as threat management across the network, endpoints, and applications.

Integration of Zero Trust principles and technologies — from edge to cloud.  This includes data and application protections, cloud and network security, and digital identity services to ensure secure digital transactions and interactions.

Comprehensive security operation center (SOC) services that discover, prevent, and respond to advanced security incidents. Considering the significant need for security skillsets, the right technologies — including workflow automation and orchestration — and managed services must augment and enhance SOC operations management.

Incident response and recovery to minimize the impact of outages. Downtime is not an option, so the framework should address training, simulation exercises, automation of policies, and threat investigation capabilities.

This framework also delivers business value, including cost reductions, improved user experiences that lead to greater productivity, and continuous compliance.

For example, a multinational bank with headquarters in the United Kingdom implemented automated cyber recovery technology to improve its operational resilience. The solution has not only enabled recovery from cyberattacks in hours rather than days, it also has provided continuous security through 24/7 forensics.

Align with the right partner

Establishing a cyber risk framework that fits your organization and business can, by itself, be a daunting task – without even trying to implement it. That’s where a managed services provider such as Kyndryl can help.

The right provider must have deep expertise, a well-established solution portfolio, and a broad partner ecosystem to maximize your investment and business outcomes. Kyndryl will work closely to understand your enterprise’s cyber resiliency maturity level, then tailor a framework to best augment your existing resources — and ultimately help balance robust security and resiliency.

Learn more about Kyndryl’s approach to balancing security and resiliency here.

Cloud Security