Masergy: “multi-cloud environments make it difficult to control what’s happening in borderless networks”

As threat actors display more interest in attacking businesses rather than individuals, companies are forced to shift a large portion of their resources towards security. In turn, effective enterprise security solutions now involve a broad spectrum of components – from in-built malware protection tools to on-site 24/7 IT security staff.

Although this multi-layered approach significantly reduces the risks of cyberattacks, it also creates new challenges for companies to successfully manage all of their resources at once, especially when some of the most important data is stored on the cloud.

We reached out to Trevor Parks, the Director of Security Solutions at Masergy, to discuss how enterprises can better manage their cloud security and what other practices can help them avoid cyber threats.

Would you like to share a little bit about your story? How did Masergy come about?

Masergy is a Comcast Business company. We began pioneering software-defined networking 20 years ago. Today, we are the world’s leading secure cloud networking platform.

What are the main challenges you help overcome?

In today’s hybrid work environment, businesses need a modern infrastructure to achieve their digital ambitions. So, companies partner up with Masergy to reduce risk and take a holistic approach to application performance, security, and digital transformation.

Masergy provides an intelligent global IT platform that enables unrivaled, secure application performance across the corporate network and the cloud. The offerings include Managed SD-WAN, SASE, Managed Security, and UCaaS.

How is AI incorporated into your services?

AI-based technologies, including AIOps (AI for IT Operations), are deeply embedded in the fabric of our global, software-defined network fabric and are a critical part of our security analytics engine.

Machine learning, behavioral analytics, and predictive analytics are all built into our centralized management systems. There, they can observe activity, pinpoint problems, understand root causes, and make intelligent recommendations for service delivery improvements.

These tools predict, as well as prevent, network and application service degradations and outages. They also serve our security operations by highlighting the urgent and important threats and automating response processes.

What would you consider to be the most serious cybersecurity threats that emerged during the pandemic?

The work-from-home business models widen the attack surface, giving an easier entranceway for more cybersecurity threats. The most concerning ones are ransomware attacks which increased by 150% in 2021, and the attack numbers continue to grow. Log4J, a Java logging framework, has also shown us that there is no end in sight – whether it’s ransomware or other attacks.

However, all threat types can be serious. What’s most important is how quickly you can find them and how well you can recover after an attack. That requires an effective security program and not just another technology purchase.

Instead, companies should employ a discipline that is established on leading strategies and surrounded by expertise and processes for improvement. In fact, many analysts will tell you that security success today is considered 60% process, 30% expertise, and only 10% technology. That helps IT leaders know where to focus their attention.

With so many cloud solutions on the market, choosing the right one for your organization can be intimidating. Which services are better suited for small businesses and which types are recommended for big enterprises?

Like many technologies, cloud solutions are often commoditized, offering many of the same general features and capabilities. The difference is in the services wrapped around the solution, both in terms of the quality of services, such as application availability and reliability, as well as the support and service experience.

Those with smaller IT budgets typically place more importance on a fully managed service encompassing implementation, 24/7 monitoring, and management, alongside a dedicated account representative. Staffing concerns are ubiquitous with regard to security analysts – meaning that companies of every size may gravitate to solutions backed by the Security Operation Center (SOC) services. Consider that the average security analyst makes $90,000/year, and a 24/7 SOC can easily cost $1 million/year. Meanwhile, SOC services start in the $100,000/year range.

In the age of video conferencing, companies of all sizes prioritize cloud application performance and 24/7 business continuity. These organizations seek out cloud Service Level Agreements (SLAs), including metrics like uptime/availability, jitter, packet delivery, and outage notifications. While many IT leaders may think SLAs no longer apply to cloud services – indeed, they do. The behind-the-scenes network is still the determining factor in meeting today’s always-on expectations, and every cloud service is an opportunity for an SLA.

Masergy, for example, offers cloud SLAs, including 100% availability for direct cloud connections to public cloud service providers, like Amazon Web Services, Microsoft Azure, as well as a marketplace of hundreds of SaaS applications. We hold ourselves responsible for data transfer right up until the exact moment the traffic is handed over to the cloud service provider.

Why do you think certain business owners are unaware of the cybersecurity risks hiding in their own network?

Business owners can be blindsided by cybersecurity attacks for many reasons, but at Masergy we find the following three to be the most common ones:

• Mindset. Historically most business leaders don’t think they are a target and believe their business has nothing worth stealing. Fortunately, we’re starting to see these attitudes shift with the rise of hybrid work, end-user vulnerabilities, and ransomware attacks.
• Education. Business leaders simply aren’t aware of how sophisticated, efficient, and easy it has become for modern-day attackers to infiltrate an environment and wreak havoc from the inside out.
• Invisibility. In short, IT complexities cause blind spots. Multi-cloud environments make it difficult to see and control what’s happening in today’s borderless networks. Additionally, supply chain vulnerabilities expand the surface of the corporate network in ways business leaders often don’t recognize, and the frequency of supply chain attacks is increasing.

In your opinion, which industries should be the most concerned with implementing cloud solutions and why?

Companies across every industry use cloud solutions, so every company needs to be concerned about cloud security. We need to dispel the myth that cyberattacks are targeted at specific industries and companies. Nothing could be further from the truth. You don’t need to become a target to become a victim.

Cloud solutions raise security concerns because they fundamentally shift the roles and responsibilities of security. Cloud solutions create a new shared security model, which becomes a grey area causing misunderstandings. If the client and provider each don’t do their part, the whole security model fails. That’s a vulnerability no company can afford—no matter what industry.

It seems like remote work is not going anywhere, so what practices are crucial for teams to maintain secure collaboration?

IT leaders struggle with where to start with remote work security. If you can only do one thing, think about your network. Businesses tend to be focused on filling their work-from-home security gaps around cloud and endpoint security.

However, the network is still considered the cornerstone of protection. Why? It comes down to one common denominator that ransomware, malware, phishing, and endpoint attacks share. They all generate observable activity inside the network. As long as you have your eyes on the network, you’ll find the intruder. Network security is the key to isolating threats and securing all the endpoints that come with any distributed workforce.

If you can do more, think broadly about your coverage. Take an all-environments approach to security, monitoring endpoints, clouds, and networks. The secret to success is to widen your current threat awareness without ripping and replacing all the security technologies you already have. Then, consolidate the constellation of environmental data feeds into one advanced analytics platform for a more correlated view of your security posture. This is not only more affordable but also provides the security operations team with one master list of prioritized threats to address.

Managed security service providers, like Masergy, are skilled at simplifying both the technical and operational aspects, backing consolidated tech stacks with certified security analysts and 24/7 threat detection and response services.

Share with us, what’s next for Masergy?

Security, the network, the cloud, and artificial intelligence are all converging into an IT foundation that empowers digital services and innovation. In 2022, Masergy is strengthening its position as the secure network and cloud platform of choice for digital transformation. As a Comcast Business company, Masergy is poised to be bigger, stronger, and more competitive.

We’re expanding our AIOps solution, as well as investing in more security capabilities to support SASE frameworks and Zero Trust architectures. In the years ahead, our partners and clients will see us advancing in our journey towards secure and fully autonomous networks, delivering solutions that are self-healing and self-managing while also being low-risk.