comforte Lounge Blog

comforte and NonStop News

  • Blog Article

    The End to Security as an Afterthought: 2016 Trends

    It’s still very early in the year but already the forecasts and predictions for what to expect in 2016 are arriving almost daily. When it comes to security, the predictions about...


    It’s still very early in the year but already the forecasts and predictions for what to expect in 2016 are arriving almost daily. When it comes to security, the predictions about what lies ahead have a greater sense of urgency than to simply inform us of the latest gadget or service. Among the most widely read surveys in the industry is the recent “Gartner’s Top 10 Strategic Technology Trends 2016.”


    While Gartner offers much commentary on all types of technologies, what strikes me most about their observations is the suggestion that companies will make the transition from ensuring a well-implemented defense to a more aggressive offense.


    According to Gartner, the seventh trend on their 2016 list centers on what they call Adaptive Security Architecture. In a recent article on this year’s trends, Forbes magazine described Adaptive Security Architecture as the idea that “… companies must build security into all business processes, end to end, versus only blocking the virtual perimeter. Keeping security as an afterthought is tantamount to inviting issues.”


    In a recent email exchange with comForte CTO, Thomas Burg, he embraced the concept of moving beyond security simply as an afterthought. “It never ceases to amaze me that many HPE NonStop users today are still thinking security is an additive, where a magic “secure all” module is all that is required,” he says. Nothing could be further from the truth and the stakes continue to be raised. “Think of securing IT systems in the same manner as you view protecting occupants in a car when there’s a traffic accident,” said Burg. “Securing occupants and securing IT share similar traits – both involve complex systems and no, there’s no one silver bullet providing a straightforward solution.”


    Burg continued this analogy by saying, “Seat belts are great but you need to fasten them in order to benefit from the protection they offer. Likewise, airbags have proved to be extremely beneficial in reducing injury but if you haven’t fastened your seat belt, in most instances they will not inflate on impact. Now we have automatic braking technology that responds much faster than any driver can but with each new addition, how often do we downplay the importance of seat belts? To ensure cars offer the protection we expect, you have to diligently use all the technology provided by the manufacturer.”


    They key difference between car accidents and IT is that car accidents are just that, accidents. Breaches are not accidents, they are intentional, malicious acts. The “bad guys,” with the intention of penetrating your data center, add a whole new layer of complexity to the best practices adoption plans of any data center manager and increasingly, there’s no end in sight. Security breaches are a constant threat and there’s simply no silver bullet that will defeat those intent on penetrating your defenses. However, there is an important element in any defense being built and if the tide is to turn and a more offensive stance is implemented, it is going to need more that simply purchasing off-the-shelf products.


    “Securing IT systems requires the diligent use of all existing technologies (anti-virus, network-based firewalls, etc.), as well as close examination of the relevance of new, emerging technologies (network segmentation, tokenization, using big-data techniques for anomaly detection, etc.) as they apply to specific data center requirements,” said Burg. Of course, let’s not forget that “cloud-based computing and the IoT will only make matters worse!”


    No matter where you are in a security implementation lifecycle, though, the single most important component is a solid relationship with partners and advisors to create an ecosystem around the most important aspects of security. And the HPE NonStop community is well served in this respect. As one who never forgets to fasten his seatbelt, getting invaluable insight from experienced consultants will mean HPE NonStop users have even greater depth of defense — and offense — than they otherwise may have had. “Transitioning to an offensive stance,” concluded Burg, “well of course that’s an eventuality, but as in defense, there’s no silver bullet in offense either. You have to shut every window and close every door and for many in IT, it’s in pursuing these basics where they often fall down.”


    To understand where your company’s weaknesses are, get in touch with comForte to discuss our new security review service.