Enterprises are Battling the Limitations of Appliance Based Security

Scott Robertson

The security challenge for enterprises is growing more complex each day. As cloud, mobility, IoT and other trends gain ground, the threats are only going to increase. Will throwing more appliances at them solve the puzzle? The answer is no, according to Scott Robertson, Vice President, Asia Pacific and Japan, Zscaler. Robertson shares insights into how CIOs and CISOs can meet the security needs of an agile enterprise through an integrated, cloud-based approach. Here are some edited excerpts from the interview:

The security landscape is already crowded with too many vendors.  What differentiation does Zscaler bring to the table?
Zscaler is focused on bringing cloud computing to Internet security. Just as Salesforce transformed the CRM market, Zscaler is revolutionizing the world of Internet security. Many vendors with roots in the security appliance or software world claim to offer cloud-based solutions. Only Zscaler was architected from the ground up as a multi-tenant, distributed cloud security platform. Zscaler has effectively moved security into the Internet backbone, operating in more than 100 data centers around the world and enabling organizations to unlock the promise of cloud and mobile computing by providing users with the shortest and safest path to the Internet. As the only truly integrated cloud security platform, Zscaler delivers carrier-grade Internet security, advanced persistent threat (APT) protection, data loss prevention, SSL decryption, traffic shaping, policy management and threat intelligence – all without the need for on-premise hardware, appliances or software.

CIOs and CISOs are increasingly using more security solutions at multiple layers, yet the threats and vulnerabilities continue to rise. Your comments?
The rapid and accelerating adoption of cloud computing, mobility, and the Internet of Things (IoT) — coupled with increasingly more sophisticated cyber threats—has reduced the effectiveness of traditional appliance- and software-based security architectures.

CISOs often express dismay with the multitude of point solutions and the number of appliances in their security portfolio. Alerts go off by the thousands with no analysis or response, and they end up collecting increasing volumes of security data from multiple vendors’ technologies, leading to needless costs and challenges.

Enterprises are adopting cloud computing, mobility, and IoT to save money and improve employee productivity, but traditional security appliances are ill-suited to secure this new world. The resulting needs of security professionals are loud and clear: they need simple and powerful ways to protect data and employees everywhere, without the proliferation of point solution appliances. These are the catalysts for adopting an integrated, cloud-based approach to security.

With threats rising in number and potential impact, what are the constraints under which CIOs/CISOs are operating?
The simple fact is that today’s security appliances simply can’t meet the needs of today’s rapidly changing, global, mobile, fluid enterprise. The solution to scaling business securely is not to purchase more and more hardware and software, and hope that the gaps in the security strategy go undetected.

CISOs are battling the limitations of the appliance-based security model:
Location dependent: A security appliance is tied to legacy location concepts, dictating limitations to the business rather than enabling it. It forces business activities to be tied to locations or for traffic to be redirected to monitoring network segments in order to implement security controls.

Performance issues: The location dependence of appliances creates performance, point-of-failure and security vulnerability issues. For example, an organization with a central URL filtering appliance forces poor architectural decisions upon other locations and mobile users. A remote user may be required to access the Internet via slow VPN connections or simply go without corporate security protection.

Appliance overload: Appliances tend to be built for one security function only, creating an explosion of new appliances in the data center to keep up with each new threat, all of which must be individually purchased, installed, maintained and updated.

Spiraling costs: Appliances require significant costs for acquisition, installation, regular patching, log file management, access control, and integration, among several other costs. IT organizations simply cannot keep pace with the demand to update appliance signature files, resulting in inevitable security gaps.

Capacity limitations: Appliances do not provide on-demand capacity, forcing IT organizations to “over-architect” a solution. For example, an appliance may be designed for 100, 500, or 2000 users. If you have exactly 2000 users, you either must spend more money to purchase excess capacity or purchase an insufficient solution that hinders business growth.

Single tenant: Appliances are designed for a single organization, not for the notion of multi-tenant configurations, limiting their usefulness with today’s collaborative networks of contractors, partners, supply chains and vendors.

How relevant or useful are firewalls or other network security solutions when most new attacks are socially engineered or persistently targeted?
The unique combination of attack techniques utilizing sophisticated malware as well as low level spear phishing, and the reconnaissance elements targeting high value assets makes the APT a different species of cyber threat than anything seen before. Each successive stage of an APT attack builds on the successful execution of what came before it, until the infiltration reaches its desired target. This successive layering in of levels of the APT is sometimes called the APT lifecycle.

Like an insect going through metamorphosis from one stage to the next, APT attacks are by definition multi-stage. This means security as usual is not enough to defend against APT attacks. Defenses must be specifically formulated to thwart APT at specific stages of its lifecycle, with the understanding that at different stages, different defenses will be most effective.

There is talk of security on the cloud, whereas the cloud itself remains a grave concern area in security. In this context, what assurances, indemnities or punitive clauses are available to security leaders and managers?
Cloud security concerns are real. That’s because the traditional appliance-based security products designed for yesterday’s corporate network security are woefully unequipped for the challenges. Many of the problems with traditional security defenses are dependent upon security appliances as a core part of the security architecture.

When reviewing cloud security platforms, CISOs should consider both the uptime and latency which directly impact the performance of the network and, subsequently, user experience. Traditional cloud security appliances introduce latency and the users end up bypassing corporate security measures, such as VPNs, and access the cloud often on unsecured Wi-Fi networks or using mobile 3G and 4G networks. At Zscaler we understand exactly the business and security implication of latency. Our multi-tenant cloud platform built with over 100 data centers around the world has the capability to deliver true cloud scale that ensures our Direct-to-Cloud solutions provide customers with 99.999% uptime and a near-zero latency.

Securing business in the cloud also requires an entirely new approach to enterprise security, one that is built from the ground up to address the new realities of the mobile, social, everywhere enterprise. It requires solutions that allow CIOs and CISOs to regain control and visibility into all of the enterprise’s digital assets and user activity, whether located internally or externally on the Internet. Visibility is a key factor, equally, if not more, important than the notion of traditional security. In today’s complex IT environments, the ability to see clearly every user, device, and application accessing your corporate network is no longer a “nice to have,” it’s a business imperative.

The next generation of enterprise security will be about much more than blocking threats. Although threat detection will continue to be critical, the next generation of security will also serve as a business driver and competitive advantage for companies looking to embrace innovation, be more agile and flexible, and out-maneuver their competition, without being held back by outdated capital and operating cost structures that must be planned and invested years in advance.

What do you think is lacking in today's CISOs or their approach to security?
Despite stating the importance of information security, security professionals fall behind their partners in IT who have accelerated their virtualization, consolidation, and consumption of cloud infrastructure, platform, and software services over the past three to five years. While automation and integration are well on their way to becoming the de facto processes and architectural models across IT, they have yet to become the norm in security.

Security professionals want similar advances in their security technologies now. They desire integration of data security and encryption with cloud-based security and policy-driven data protection across all connectivity channels. They also desire advanced functionality — cloud-scale visibility, machine learning, advanced correlation, and crowd-shared threat intelligence — that requires a platform and/or cloud-based approach to security that leverages big data.

Going forward, will companies continuing to buy and install multiple solutions from different vendors or is there more likely to be a consolidation of their security requirements?
Forrester recently conducted a study on how the security market views both integrated security platforms as well as cloud computing/software-as-a-service (SaaS)-based delivery models.

This study clearly indicates that security professionals recognize that the era of point security solutions is over. The way forward is clear: Organizations must demand integrated security platforms that combine multiple security functions into a single framework. Unified administration, policy management, reporting, analytics, and threat detection and mitigation are key capabilities to look for. APIs and integration across multiple security technologies from multiple vendors are also critically important.

A whopping 98% of respondents believe an integrated security platform would be more effective in delivering a broad variety of cybersecurity capabilities versus multiple point solutions.

Categories: Technology

About Author

Orange Themes

Sanjay Gupta

Sanjay Gupta is former Editor at Grey Head Media....

Read more

Write a Comment

Your e-mail address will not be published.
Required fields are marked*


Recent Comments