For many years, “information security” or “InfoSec” comprised a collection of controls and countermeasures aimed at protecting an organization’s information. Today, the term has evolved into “cybersecurity,” which refers to the updating of traditional information security in order to address the digital information environment today.
Traditionally, the three “pillars” of InfoSec were integrity, confidentiality, and availability. Information had to be free from tampering (integrity) and eavesdropping (confidentiality) as well as disruptions that made it unavailable to users (availability). While cybersecurity is quite similar to InfoSec in terms of general intent, the “cyber” in cybersecurity reflects the reality that people, data, and systems are radically more interconnected than they ever were before. Corporate information technologies (IT) no longer sit in a glass-walled room in an office building, protected by men in white shirts armed with crew cuts and pocket protectors.
Today, information systems are often located “in the cloud” and exposed to cyberspace, with all the good and bad things that exposure brings. Cybersecurity takes the pillars of InfoSec and expands them to defend digital assets against attackers that run the gamut from lone hackers to cybercriminal gangs, botnets, nation state actors and insiders. Malicious actors are hyper-aggressive, relentlessly probing cyber defenses for weaknesses they can exploit to steal information or defraud their targets. Attack techniques have grown extremely sophisticated in parallel. Cybersecurity is about achieving a strong security posture in this challenging and threatening environment.
Cybersecurity is important because businesses and public sector organizations rely on technology and digital information to function. When their technology is disrupted and critical information is stolen, they can’t operate and deliver on their missions, whether they involve making money or serving the public. Also, as data grows increasingly important in business and life in general, a data breach or cyberattack that damages data has serious consequences. Data breaches damage brands while also causing legal liability, financial losses and regulatory problems. Cybersecurity aims to prevent these negative outcomes, so it’s an important area of focus for most organizations.
Cybersecurity works in different ways depending on the size of an organization. The larger the organization, and the more sensitive it is to cyber issues, the more complex and extensive its cybersecurity efforts will be. Some organizations will rely on a standard industry framework, such as those published by the National Institute of Standard (NIST) to establish how they perform cybersecurity.
However, the simplest and most sophisticated cybersecurity programs share certain common elements in the core areas of information security, cloud security, network security, and endpoint security. Efforts typically include a mix of technologies, analytics, processes, and people to address:
More advanced cybersecurity programs include security monitoring processes or threat detection and response. In some cases, the security team will engage in proactive “threat hunting,” where it goes looking for threats inside their infrastructure—rather than simply reacting to security logs and alerts.
Disaster Recovery (DR) and business continuity may also be part of a cybersecurity program. It can also be a standalone entity in an organization, but it’s a good practice to have these two areas closely connected.
Compliance is another related workload. Indeed, a lot of compliance measures are actually security controls, e.g., ensuring compliance with data privacy laws by establishing an auditable data access control process.
Cybersecurity works when all of these various elements function well together. This is a matter of people, organization, and tools. In a large organization, each subsection of security, like email security, is its own department or team. Each team, in turn, usually has its own security toolset. The SOC typically ties it all together, with reporting and monitoring of each subsection as well as coordinated alert management and incident response system.
Finding people with the right skills to do all this work can be a major challenge. Experienced cybersecurity analysts are hard to find. Because these talents are in such high demand, they may be expensive to employ and not easy to retain. Compounding this problem is the tendency for security work to burn employees out. For example, complying with the NIST framework requires 24/7/365 detection and response from a SOC. If people have to deal with too many false positive alerts, for instance, that can cause stress and low morale, leading to premature resignations that start the recruiting cycle all over again.
Cloud security is a subset of cybersecurity, but there can be significant overlap between the two workloads. This causes confusion. Cloud security is also more than one thing, which further complicates the issue. Simply put, cloud security involves any activities or controls that protect cloud-based digital assets along with users who need to access cloud resources such as Software-as-a-Service (SaaS) applications. However, cloud security also refers to the security tasks performed by employees of cloud service providers (CSPs) such as Amazon Web Services (AWS).
Another reason cloud security can be a bit baffling at times is that most CSPs require what is known as a dual security model or shared security model. In this standard approach, which is written into a CSP’s service contract, the CSP is responsible for security on its infrastructure. The CSP is responsible for securing their networks and hardware. However, the customer is responsible for securing its assets on their infrastructure.
This is a new shift in roles and responsibilities, which can potentially create security gaps for enterprises customers that fail to address these needs.
It’s on the customer to take care of AppSec, data security, intrusion prevention, identity management and so forth. This makes sense, because how would the CSP know how the customer wants to protect its data or manage its user identities.
Cloud security also diverges from cybersecurity because the cloud itself is different from traditional on-premises IT. There is little or no “perimeter” in the cloud. Users can come from pretty much anywhere, so countermeasures have to take such factors into account.
Also, existing security policies may not work well in the cloud. For example, in the data center, a system admin may need permission to install a server, according to a company’s security policy. However, even if that same admin is required (by policy) to get permission to install a cloud-based server, the policy may be impossible to enforce. He or she might just deploy the server and not tell anyone. This happens a lot more than people might think. Then, there’s a data asset in the public cloud that no one in the corporate IT department knows about except the person in the marketing department who set it up on their own. This very risky scenario results in “shadow IT” that can increase the attack surfaces that criminals and other bad actors can potentially exploit to gain access to a company’s network.
It’s not an either/or decision—you probably need both. If you are using cloud computing, cloud assets, or cloud applications, you need some form of cloud security. And today, most companies are leveraging the cloud more and more. Cloud security may be part of your overall cybersecurity program or it could be a standalone group. However, it is imperative to define and apply strong security policies and controls to the cloud.
Masergy helps clients with cybersecurity by functioning as a Managed Security Service Provider (MSSP). For some clients, this outsourced approach to security offers many advantages. It removes some of the pressure organizations experience with staffing for security roles. Indeed, an MSSP can instantly provide a working portfolio of security technologies and analytics, along with the people to operate them—monitoring the security logs and alerts generated and also taking action in response. In comparison, it might take months to deploy solutions and recruit the staff to run them in-house.
Masergy provides technologies, analytics, and SOC services all working together. This includes the use of behavior analytics and machine learning for threat detection and system monitoring—what we call our Security Analytics Engine, which prioritizes alerts and keeps the SOC running efficiently. The result is a comprehensive threat detection and incident response that can be purchased alone or bundled with any of Masergy’s solutions; whether it’s SD-WAN, SASE, Unified Communications or Contact Center.
Our offerings include:
Call us now to arrange a consultation (866) 588-5885.
Or arrange for a consultation through our request form.