- Vishal Masih
One Way to Overcome the Cybersecurity Labor Crunch
One of the core problems facing organizations and their cybersecurity is choosing an architecture that creates a never-ending rise in cost due to its need for greater numbers of highly qualified resources to manage and integrate a patchwork of point solutions. Organizations have to deal with the complexity and burden of evaluating, procuring, integrating, maintaining, and troubleshooting multiple individual components. This demand for skilled labor, as a core component to the efficacy of the solution, is the rub and creates an unsustainable long-term solution for most companies and often an incomplete solution in the short-term due to the security gaps created by too few people and too many fires. Fortunately, there is an alternative that can begin weaning your organization off the headcount conundrum while boosting security.
The Labor Addiction
It is no surprise that in a world of constantly evolving threats, the solution would be found through a host of different providers with the newest technologies. The problem is that while this makes for a good industry for the security supplier, it is built upon a framework that leads to solutions like NGFW, SWG, CASB, DLP, SDP, IPS, etc.
Anyone in the security industry knows how it takes a team of experts to manage and monitor these solutions. As an organization, you can either train your team to manage and monitor these solutions, or hire expensive experts or outsource it to a managed security service provider. Training costs not only include the cost of the training but also the time you have to take your team away from daily operations and its impact.
For example, an organization may have Palo Alto for NGFW, ZScaler for SWG, Microsoft for CASB, Forcepoint for DLP, AppGate for SDP, and Trellix for IPS, etc. Alternatively, an organization may have multiple solutions from the same vendor like ZScaler, Palo Alto, etc.
In either case, an organization will need a team of trained and qualified people to manage and monitor these point solutions because, in the end, they are all different products on their own. And because these are different solutions, you have to integrate them correctly to get a comprehensive picture of your security landscape.
An organization's ability to defend itself from malware and threat actors then becomes dependent on how well they integrate all these solutions. That's a big security risk.
You are depending not only on your team to have the skills to integrate these solutions but also on how well these solutions play with each other.
Because of the reasons mentioned above, organizations are increasingly turning to MSSPs to manage their security for them. Ironically, most MSSPs are also using multiple tools and they are passing on all the costs associated with it to you.
Avoiding The Labor Crunch
So, what can CIOs, CISOs, and IT security managers and directors do about it?
The solution is to consolidate your security solutions by implementing an integrated network and security platform. This type of platform consolidates the network with multiple security functions into a single solution, making it easier to manage and monitor.
When the security is built into the network, the network becomes identity and context aware.
The authentication and authorization decisions are performed in real-time based not just on source and destination IPs, but the device's security posture, the user identity, the application, the data, and the context. This allows for better communication and coordination between different security functions, reducing the risk of gaps in protection, and giving organizations total visibility and control over what's going in and out. However, you do have to start with the right security platform first.
The only security platform that currently provides this ability is SASE - Secure Access Secure Edge (pronounced Sassy).
Secure Access Service Edge (SASE) delivers converged network and security, including SD-WAN, SWG, CASB, NGFW, and zero trust network access (ZTNA) and is primarily delivered as a service, enabling zero trust access based on the identity of the device or entity, combined with real-time context, and security and compliance policies (Source - Gartner)
Consider the case of network security: Organizations need to either route traffic through security products like NGFW, UTM, and SWG; or backhaul traffic to a datacenter or in the cloud. However, each of these options has its limitations and shortcomings: Security products need to be installed on-premises at each site, and then managed and maintained accordingly. It is costly, time-consuming and labor intensive.
However, with a SASE platform, all the mundane maintenance inherent in legacy networks and security products is eliminated.
The SASE architecture frees IT from the costs and complexities associated with scaling, upgrading, managing, and otherwise handling the networking and security infrastructure associated with multiple devices at multiple locations.
And the great thing is, you don't have to rip everything out when migrating to this unified security platform. It can be done piecemeal, focusing on one security solution at a time. You can, for example, focus on securing remote access first.
Rather than authenticating users to the entire network, SASE uses Zero Trust Network Access (ZTNA) technology to limit users to the resources they're allowed to see. Using a simple mobile client, the software service stack protects them against threats everywhere and enforces application access control. Unlike legacy VPNs, SASE solutions scale globally to support 24x7 access for the entire workforce. And because SASE can have CASB and DLP built-in, you extend secure remote access beyond just network access.
An organization is then freed from the demand to have technical resources to manage and maintain their VPN, Secure Remote Access, CASB, and DLP solutions.
By consolidating security solutions and regularly assessing their security posture, organizations can not only reduce costs but also improve security and better protect their business from cyber threats. This can all be done in an incremental way that avoids ripping and replacing or doubling the workload of an already taxed IT and security team.