I found myself re-reading one of my old cyber security articles from nearly twenty years ago (thanks SC Magazine for archiving it!) and it made me think. Swap out some old technology names and a few old ideas about what was cutting edge, and the security challenges that our organisations face haven’t really changed much at all.
“Managing the security of data flow” was the piece. Yes, these challenges have gained legs: gone are the slower-paced days where absolutely everything had to be on hardware, replaced instead by spinning up virtual servers and their operating systems, by Kubernetes, Beats, serverless, microservices… speed, speed, speed. But still with us are the same old risks. Introduce anything at all on to a system that accesses the internet, where data is being shared and, just like I said back then “each component is susceptible to and must be secured against all the individual vulnerabilities that product may possess”.
I even talked about IAM, I just didn’t know it was going to get that name. Now extrapolate things out to that component or that person being in your supply chain. We’re not just storing and sharing data across our own rapidly changing virtual and public cloud environments, we’re relying on supply chains who are doing the same. How secure are all their component parts and how careful were they setting up permissions? How good are their IT teams when they’re excitedly adding that new office to their infrastructure using the wonderful magic of SD-WAN or public cloud?
More importantly, why are we all still looking at the same basic risks as we were twenty years ago, when you boil it all down? Why? Because just like back then, our need for speed is way ahead of our capability to articulate to our budget holders just why we need that investment. Investment in both tech and people or in expert cyber MSPs. Or MSSPs if you prefer to call them that. Call it what you like; the tech has moved on and got better at what it does, it’s just that sometimes it’s got SASE-er sounding names (ahem), but some of the people have been around for a few years now. They’ve seen it all before and they’re keeping pace with all the new threats and risks too.
There’s a whole army of people out there who bring the tech and the knowledge with them. Several of them are my brilliant cyber colleagues at Softcat, several of them are people I’ve worked with over the years who are still in the game, spread far and wide with their own cyber security businesses or working for the top cyber security vendors. Let’s listen to them and let’s get that cyber strategy articulated, funded and delivered.