Einstein once said that insanity is “doing the same thing over and over and expecting a different outcome.” With the number of data breaches hitting the headlines, the IT industry needs to give itself a talking to and reassess the current cybersecurity mindset.
Does everything have to be so complicated?
Network security is far too complicated and has fundamentally failed. No CIO or CISO needs to be reminded of the high profile breaches such as Ticketmaster and Target. So why are current attempts no longer working?
It’s simple: businesses are trying to protect something they no longer own.
For the last 15 years, security thinking has focused on the network. The premise being that it’s the network that is unsecure, so by building up our network defences, we can also protect the data that runs over it.
The networks over which data travels are not always owned by the organization in question. In today’s digital economy, the corporate network no longer resides in the data centres, but in locations across the globe, in public and private cloud. The data is distributed to third parties as well as employees, whose devices and policies cannot be easily controlled. To add fuel to the already blazing fire, legacy security measures simply weren’t constructed to address the complexity and diversity of today’s corporate network so are no longer enough.
It’s time for a new approach.
The failing mindset
The technology stack has become incredibly complex, with tech layered upon tech. The amount of resources and operational overheads needed to manage it has also increased considerably. Along with the points of failure that have crept in, everything points to the failed security mindset.
So is there an answer to this never-ending insanity? Well, it’s time to go back to basics when it comes to security. Organizations need to start with a security overlay that will cover the networks independent of the infrastructure, rather than building security around the infrastructure. This security model allows organizations to save money and resource and has data protection at its core.
The industry has overcomplicated network security for too long. It’s time to dumb it down and adopt a new, simpler software-defined security overlay approach.