Managed Security Services – Nice-to-have or necessity?
Today I caught up with Guido Crucq, we discussed Managed Security Services (MSS) and their role in securing today’s enterprise networks.
Guido is the Group SVP – Security for Dimension Data, and previously the General Manager for the Security Business Unit, Dimension Data Asia Pacific.
Keith Austin: Guido, thank you for taking time to chat with me today. Security is a hot topic these days with data leaks at Sony and Target to name some high profile examples. How have you seen enterprises’ approach to security change in response to these threats?
Guido Crucq: Consistent is the highly fragmented market place that is characterised by varying technology for specific problems. Many new technology start-ups only tackle part of the problem. In the last 5 years the importance of cyber security in enterprise and the impact of breaches where cyber-security was not addressed is now an entire organisation problem and therefore comes to the attention of the C and board level. Criminals now invest in cybercriminals and away from traditional crime. This is helped by the advent of places like the dark-web for criminals to work anonymously in a borderless environment. These criminals have easy access to tools, there is a lower risk of being caught and the punishment lower. Also there are less people involved and it is easier logistically. Last but not least is the fact that malware is now a traded commodity between criminals as opposed to the published content of previous times.
KA: Your mention of malware as a traded commodity draws me to the threat of ransomware, specifically the most recent threat from WannaCry. How can organisations effectively protect themselves from these threats? Is the answer more than technology?
GC: While WannaCry has been great at highlighting the risk associated with ransomware, unfortunately it has proved more of a distraction and meant a lack of focus on a more wide-net strategy. The main point about ransomware in general is that it is nothing new. This type of attack to exploit a known vulnerability has been around for a long time. The purpose of such an attack is to have a high volume with high impact. With a good patching regime and other standard security polices and procedures in place, organisations have nothing to fear from such campaigns.
KA: What do you see as the common weak point in organisations today?
GC: Device management, keeping servers and other infrastructure patched and up to date. Keeping security controls well managed, well configured and properly patched. Cyber security is still addressed in a very siloed way with network, application and end-point all working separately. They are trying to address threats cross-functionally, where hackers expose threats across the stack. Meaning they are more agile and can expose threats easier. They also share information and tools within a social community construct, working together where organisations are not.
KA: Today there are very expensive and complicated security products available to organisations, how do they choose the right technology and how do they ensure a return on investment?
GC: Again, organisations acquire new technology in a siloed way to address a specific threat. This is often lead by FUD (Fear, Uncertainty and Doubt) techniques to perpetuate this. Once these new technologies are deployed, organisations quickly realise they do not have the expertise to manage and operate these devices. This can not only cause strain on resources but also have the effect of creating more security problems than it addresses.
KA: How does MSS help in achieving these desired outcomes from new technology?
GC: Outsourcing security operations does not relieve the client from responsibility but it does change the focus from infrastructure management to risk management. Taking advice from the MSS provider to achieve the desired business outcome, economy of scale and the right expertise for the technology in use. Then the provider can correlate what is happening within the client with what is happening on the internet. Remember that cybercriminals only have to get it right once, while our defence can never fail.
KA: What new innovations are you seeing in the industry that either scare or excite you?
GC: Critical infrastructure providers (power generation, water supply etc.) traditionally don’t have a good grip on their infrastructure and IT systems, add to that they are embracing IP enabled networks or third party access to their Operation Technology. We have seen this become a serious threat in the recent past.
I’m excited by the possibility from IoT (Internet of Things) but concerned again about what this means from a security stand point. By this I mean, think about building consumer electricity, transportation, retail, industrial technology, etc. If a bus with 40 people is controlled by a cybercriminal the impact is now a public safety issue – not just an IT one. This is the state we are heading towards and we need to be prepared with IT security to avert the threats.
KA: Last one for you Guido, do you see a difference to the way Asia approaches security from the rest of the world, specifically large markets such as North America and Europe?
GC: Leap-frogging into the future. This can be a risk as well as a positive. While the region may not have legacy issues, they also do not have the process and people to avert threats etc.
KA: Thank you again Guido, this has been very interesting for me and I’m sure the readers.
If you are looking for help to navigate the security risks facing your organisation today, please reach out to your nearest Dimension Data office. Alternatively, feel free to contact Guido or myself directly.