Skip to content

Archive for

Zero Trust Security Is The Growth Catalyst IoT Needs

  • McKinsey predicts the Internet of Things (IoT) market will be worth $581B for ICT-based spend alone, growing at a Compound Annual Growth Rate (CAGR) between 7 and 15% according to their study Internet of Things The IoT opportunity – Are you ready to capture a once-in-a-lifetime value pool?
  • By 2020, Discrete Manufacturing, Transportation & Logistics and Utilities industries are projected to spend $40B each on IoT platforms, systems, and services according to Statista.
  • The Industrial Internet of Things (IIoT) market is predicted to reach $123B in 2021, attaining a CAGR of 7.3% through 2020 according to Accenture.

IoT is forecast to be one of the tech industry’s fastest-growing sectors in the next three to five years, as many market estimates like the ones above illustrate. The one factor that will fuel IoT to rapidly grow to new heights or deflate demand just as quickly is security across the myriad of endpoints.

Zero Trust Security (ZTS) is the force multiplier IoT needs to reach its true potential and must be designed into IoT networks if they are going to flex and scale for every endpoint and protect every threat surface.

IoT Needs A Security Wake-Up Call Now  

Industrial Control Systems (ICS) provides a cautionary tale for anyone who thinks enterprise networks don’t need endpoint security and the ability to control access from any point inside or outside an organization.

Chemical, electricity, food & beverage, gas, healthcare, oil, transportation, water services and other key infrastructure industries have relied on ICS applications and platforms for decades. They were designed to deliver reliability and uptime first with little if any effort put into securing them.

However, the glaring security gaps in ICS provide the following lessons for IoT adoption now and in the future:

  • Only digitally enable an endpoint that can verify if every person or device attempting access is authorized, down to the risk score and device level. ICS endpoints were added as fast as utility companies and manufacturers could enable them with speed of deployment, reliability measurement, and uptime being the highest priorities. Security wasn’t a priority with the results being predictable: now many nations’ power grids are vulnerable to attack due to this oversight. With IoT, utilities need to start designing in security to the sensor level using Next-Gen Access as the foundation, leveraging Identity-as-a-Service (IDaaS), Enterprise Mobility Management (EMM) and Privileged Access Management (PAM) to enable Zero Trust strategies organization-wide. Next-Gen Access calculates a risk score predicated on previous authorized login and resource access patterns for each verified account.  When there is an anomaly in account credentials’ use, users are requested to verify with Multi-Factor Authentication (MFA).
  • An ICS doesn’t learn from security mistakes, while NGA gets smarter with every breach attempt. A typical ICS is designed to make operations more efficient and reliable, not secure. Even with many endpoints of an ICS being digitally-enabled today with device retrofitting common, security still isn’t a priority. Instead of digitally enabling IoT sensors purely for efficiency, Next-Gen Access needs to be designed in at the sensor level to protect entire networks. Zero Trust Security’s four main pillars are to verify the user, validate their device, limit access and privilege, and learn and adapt. Machine learning is relied on for learning and adapting in real-time to access requests and threats.
  • ICS assumes no bad actors exist while NGA knows how to stop them. Bad actors, or those who want to breach a system for financial gain or to harm a business, aren’t just outside. Verizon’s 2017 Data Breach Investigations Report finds that 25% of all breaches are initiated from inside an organization and 75% outside which makes NGA essential for attaining Zero Trust Security on an enterprise level. Of the ICS being protected today, the majority are reliant on trusted and untrusted domains, a security technology over two decades old. When organized crime, state-sponsored hacking organizations or internal employees can quickly compromise privileged credentials, entire utility systems are at risk.
  • Replacing security-obsolete ICS with IoT-based systems that have NGA designed in to flex for every person and device shuts down physical and digital attack vectors organization-wide. The strategic security plan for any IoT-enabled enterprise has to prioritize faster automated discovery, configuration and response if it’s going to survive against highly orchestrated attacks. NGA has proven effective at thwarting unauthorized privileged credential attacks while continually learning from usage patterns of authorized and unauthorized users.

Conclusion

ICS have some of the most porous, incomplete security perimeters of any enterprise systems. 63% of all ICS-related vulnerabilities cause processing plants to lose control of operations, and 71% can obfuscate or block the view of operations immediately according to the Dragos Industrial Control Vulnerabilities 2017 in Review.  ICS needs an overhaul starting with Next-Gen Access, enabling Zero Trust Security across every employee and device that forms an organizations’ security perimeter.

Bain & Company released a study on the price elasticity of IoT-enabled products by security level. They found that 93% of the executives surveyed would pay an average of 22% more for devices with better security. Taken together, Bain estimates that improving security solutions for these devices could grow the IoT cybersecurity market by $9B to $11B.

The speed at which manufacturers are building smart, connected products accentuates the need for Zero Trust Security powered by Next-Gen Access from their inception. Security as an afterthought won’t be effective at the scale and pace of IoT.

Source: Bain Snap Chart, July 98, 2018 Better IoT Security Could Grow Device Market

 

Zero Trust Security Update From The SecurIT Zero Trust Summit

  • Identities, not systems, are the new security perimeter for any digital business, with 81% of breaches involving weak, default or stolen passwords.
  • 53% of enterprises feel they are more susceptible to threats since 2015.
  • 51% of enterprises suffered at least one breach in the past 12 months and malicious insider incidents increased 11% year-over-year.

These and many other fascinating insights are from SecurIT: the Zero Trust Summit for CIOs and CISOs held last month in San Francisco, CA. CIO and CSO produced the event that included informative discussions and panels on how enterprises are adopting Next-Gen Access (NGA) and enabling Zero Trust Security (ZTS). What made the event noteworthy were the insights gained from presentations and panels where senior IT executives from Akamai, Centrify, Cisco, Cylance, EdgeWise, Fortinet, Intel, Live Nation Entertainment and YapStone shared their key insights and lessons learned from implementing Zero Trust Security.

Zero Trust’s creator is John Kindervag, a former Forrester Analyst, and Field CTO at Palo Alto Networks.  Zero Trust Security is predicated on the concept that an organization doesn’t trust anything inside or outside its boundaries and instead verifies anything and everything before granting access. Please see Dr. Chase Cunningham’s excellent recent blog post, What ZTX means for vendors and users, for an overview of the current state of ZTS. Dr. Chase Cunningham is a Principal Analyst at Forrester.

Key takeaways from the Zero Trust Summit include the following:

  • Identities, not systems, are the new security perimeter for any digital business, with 81% of breaches involving weak, default or stolen passwords. Tom Kemp, Co-Founder, and CEO, Centrify, provided key insights into the current state of enterprise IT security and how existing methods aren’t scaling completely enough to protect every application, endpoint, and infrastructure of any digital business. He illustrated how $86B was spent on cybersecurity, yet a stunning 66% of companies were still breached. Companies targeted for breaches averaged five or more separate breaches already. The following graphic underscores how identities are the new enterprise perimeter, making NGA and ZTS a must-have for any digital business.

  • 53% of enterprises feel they are more susceptible to threats since 2015. Chase Cunningham’s presentation, Zero Trust and Why Does It Matter, provided insights into the threat landscape and a thorough definition of ZTX, which is the application of a Zero Trust framework to an enterprise. Dr. Cunningham is a Principal Analyst at Forrester Research serving security and risk professionals. Forrester found the percentage of enterprises who feel they are more susceptible to threats nearly doubled in two years, jumping from 28% in 2015 to 53% in 2017. Dr. Cunningham provided examples of how breaches have immediate financial implications on the market value of any business with specific focus on the Equifax breach.

Presented by Dr. Cunningham during SecurIT: the Zero Trust Summit for CIOs and CISOs

  • 51% of enterprises suffered at least one breach in the past 12 months and malicious insider incidents increased 11% year-over-year. 43% of confirmed breaches in the last 12 months are from an external attack, 24% from internal attacks, 17% are from third-party incidents and 16% from lost or stolen assets. Consistent with Verizon’s 2018 Data Breach Investigations Report use of privileged credential access is a leading cause of breaches today.

Presented by Dr. Cunningham during SecurIT: the Zero Trust Summit for CIOs and CISOs

                       

  • One of Zero Trust Security’s innate strengths is the ability to flex and protect the perimeter of any growing digital business at the individual level, encompassing workforce, customers, distributors, and Akamai, Cisco, EdgeWise, Fortinet, Intel, Live Nation Entertainment and YapStone each provided examples of how their organizations are relying on NGA to enable ZTS enterprise-wide. Every speaker provided examples of how ZTS delivers several key benefits including the following: First, ZTS reduces the time to breach detection and improves visibility throughout a network. Second, organizations provided examples of how ZTS is reducing capital and operational expenses for security, in addition to reducing the scope and cost of compliance initiatives. All companies presenting at the conference provided examples of how ZTS is enabling greater data awareness and insight, eliminating inter-silo finger-pointing over security responsibilities and for several, enabling digital business transformation. Every organization is also seeing ZTS thwart the exfiltration and destruction of their data.

Conclusion

The SecurIT: the Zero Trust Summit for CIOs and CISOs event encapsulated the latest advances in how NGA is enabling ZTS by having enterprises who are adopting the framework share their insights and lessons learned. It’s fascinating to see how Akamai, Cisco, Intel, Live Nation Entertainment, YapStone, and others are tailoring ZTS to their specific customer-driven goals. Each also shared their plans for growth and how security in general and NGA and ZTS specifically are protecting customer and company data to ensure growth continues, uninterrupted.

 

 

Where Business Intelligence Is Delivering Value In 2018

  • Executive Management, Operations, and Sales are the three primary roles driving Business Intelligence (BI) adoption in 2018.
  • Dashboards, reporting, end-user self-service, advanced visualization, and data warehousing are the top five most important technologies and initiatives strategic to BI in 2018.
  • Small organizations with up to 100 employees have the highest rate of BI penetration or adoption in 2018.
  • Organizations successful with analytics and BI apps define success in business results, while unsuccessful organizations concentrate on adoption rate first.
  • 50% of vendors offer perpetual on-premises licensing in 2018, a notable decline over 2017. The number of vendors offering subscription licensing continues to grow for both on-premises and public cloud models.
  • Fewer than 15% of respondent organizations have a Chief Data Officer, and only about 10% have a Chief Analytics Officer today.

These and many other fascinating insights are from Dresner Advisory Service’s  2018 Wisdom of Crowds® Business Intelligence Market Study. In its ninth annual edition, the study provides a broad assessment of the business intelligence (BI) market and a comprehensive look at key user trends, attitudes, and intentions.  The latest edition of the study adds Information Technology (IT) analytics, sales planning, and GDPR, bringing the total to 36 topics under study.

“The Wisdom of Crowds BI Market Study is the cornerstone of our annual research agenda, providing the most in-depth and data-rich portrait of the state of the BI market,” said Howard Dresner, founder and chief research officer at Dresner Advisory Services. “Drawn from the first-person perspective of users throughout all industries, geographies, and organization sizes, who are involved in varying aspects of BI projects, our report provides a unique look at the drivers of and success with BI.” Survey respondents include IT (28%), followed by Executive Management (22%), and Finance (19%). Sales/Marketing (8%) and the Business Intelligence Competency Center (BICC) (7%). Please see page 15 of the study for specifics on the methodology.

Key takeaways from the study include the following:

  • Executive Management, Operations, and Sales are the three primary roles driving Business Intelligence (BI) adoption in 2018. Executive management teams are taking more of an active ownership role in BI initiatives in 2018, as this group replaced Operations as the leading department driving BI adoption this year. The study found that the greatest percentage change in functional areas driving BI adoption includes Human Resources (7.3%), Marketing (5.9%), BICC (5.1%) and Sales (5%).

  • Making better decisions, improving operational efficiencies, growing revenues and increased competitive advantage are the top four BI objectives organizations have today. Additional goals include enhancing customer service and attaining greater degrees of compliance and risk management. The graph below rank orders the importance of BI objectives in 2018 compared to the percent change in BI objectives between 2017 and 2018. Enhanced customer service is the fastest growing objective enterprises adopt BI to accomplish, followed by growth in revenue (5.4%).

  • Dashboards, reporting, end-user self-service, advanced visualization, and data warehousing are the top five most important technologies and initiatives strategic to BI in 2018. The study found that second-tier initiatives including data discovery, data mining/advanced algorithms, data storytelling, integration with operational processes, and enterprise and sales planning are also critical or very important to enterprises participating in the survey. Technology areas being hyped heavily today including the Internet of Things, cognitive BI, and in-memory analysis are relatively low in the rankings as of today, yet are growing. Edge computing increased 32% as a priority between 2017 and 2018 for example. The results indicate the core aspect of excelling at using BI to drive better business decisions and more revenue still dominate the priorities of most businesses today.
  • Sales & Marketing, Business Intelligence Competency Center (BICC) and   Executive Management have the highest level of interest in dashboards and advanced visualization. Finance has the greatest interest in enterprise planning and budgeting. Operations including manufacturing, supply chain management, and services) leads interest in data mining, data storytelling, integration with operational processes, mobile device support, data catalog and several other technologies and initiatives. It’s understandable that BICC leaders most advocate end-user self-service and attach high importance to many other categories as they are internal service bureaus to all departments in an enterprise. It’s been my experience that BICCs are always looking for ways to scale BI adoption and enable every department to gain greater value from analytics and BI apps. BICCs in the best run companies are knowledge hubs that encourage and educate all departments on how to excel with analytics and BI.

  • Insurance companies most prioritize dashboards, reporting, end-user self-service, data warehousing, data discovery and data mining. Business Services lead the adoption of advanced visualization, data storytelling, and embedded BI. Manufacturing most prioritizes sales planning and enterprise planning but trails in other high-ranking priorities. Technology prioritizes Software-as-a-Service (SaaS) given its scale and speed advantages. The retail & wholesale industry is going through an analytics and customer experience revolution today. Retailers and wholesalers lead all others in data catalog adoption and mobile device support.

  • Insurance, Technology and Business Services vertical industries have the highest rate of BI adoption today. The Insurance industry leads all others in BI adoption, followed by the Technology industry with 40% of organizations having 41% or greater adoption or penetration. Industries whose BI adoption is above average include Business Services and Retail & Wholesale. The following graphic illustrates penetration or adoption of Business Intelligence solutions today by industry.

  • Dashboards, reporting, advanced visualization, and data warehousing are the highest priority investment areas for companies whose budgets increased from 2017 to 2018. Additional high priority areas of investment include advanced visualization and data warehousing. The study found that less well-funded organizations are most likely to lead all others by investing in open source software to reduce costs.

  • Small organizations with up to 100 employees have the highest rate of BI penetration or adoption in 2018. Factors contributing to the high adoption rate for BI in small businesses include business models that need advanced analytics to function and scale, employees with the latest analytics and BI skills being hired to also scale high growth businesses and fewer barriers to adoption compared to larger enterprises. BI adoption tends to be more pervasive in small businesses as a greater percentage of employees are using analytics and BI apps daily.

  • Executive Management is most familiar with the type and number of BI tools in use across the organization. The majority of executive management respondents say their teams are using between one or two BI tools today. Business Intelligence Competency Centers (BICC) consistently report a higher number of BI tools in use than other functional areas given their heavy involvement in all phases of analytics and BI project execution. IT, Sales & Marketing and Finance are likely to have more BI tools in use than Operations.

  • Enterprises rate BI application usability and product quality & reliability at an all-time high in 2018. Other areas of major improvements on the part of vendors include improving ease of implementation, online training, forums and documentation, and completeness of functionality. Dresner’s research team found between 2017 and 2018 integration of components within product dropped, in addition to scalability. The study concludes the drop in integration expertise is due to an increasing number of software company acquisitions aggregating dissimilar products together from different platforms.

Analytics Are Empowering Next-Gen Access And Zero Trust Security

Employee identities are the new security perimeter of any business.

80% of IT security breaches involve privileged credential access according to a Forrester study. According to the Verizon Mobile Security Index 2018 Report, 89% of organizations are relying on just a single security strategy to keep their mobile networks safe. And with Gartner predicting worldwide security spending reaching $96B this year, up 8% from 2017, it’s evident enterprises must adopt a more vigilant, focused strategy for protecting every threat surface and access point of their companies. IT security strategies based on trusted and untrusted domains are being rendered insufficient as hackers camouflage their attacks through compromised, privileged credentials. It’s happening so often that eight in ten breaches are now the result of compromised employee identities.

Thus, taking a Zero Trust Security (ZTS) approach to ensure every potential threat surface and endpoint, both within and outside a company, is protected, has become vital in today’s dynamic threat landscape. ZTS is an essential strategy for any digital business whose perimeters flex in response to customer demand, are using the Internet of Things (IoT) sensors to streamline supply chain and production logistics, and have suppliers, sales teams, support, and services all using mobile apps.  ZTS begins with Next-Gen Access (NGA) by providing companies with the agility they need to secure applications, devices, endpoints, and infrastructure as quickly as needed to support company growth. Both NGA and ZTS are empowered by analytics to anticipate and thwart a wide variety of cyber threats, the most common of which is compromised credential access.

How NGA Leverages Analytics to Secure Every Endpoint

NGA validates every access attempt by capturing and quickly analyzing a wide breadth of data including user identity, device, device operating system, location, time, resource request, and several other factors. As NGA is designed to verify every user and access attempt, it’s foundational to attaining Zero Trust Security across an IT infrastructure. One of the fascinating areas of innovation in enterprise security today is the rapid adoption of analytics and machine learning for verifying users across diverse enterprise networks. NGA platforms calculate and assign a risk score to every access attempt, determining immediately if verified users will get immediate access to resources requested, or be asked to verify their identity further through Multi-Factor Authentication (MFA).

Machine learning-based NGA platforms including Centrify calculate a risk score that quantifies the relative level of trust based on every access attempt across an IT infrastructure. NGA platforms rely on machine learning algorithms to continuously learn and generate contextual intelligence that is used to streamline verified user’s access while thwarting many potential threats ― the most common of which is compromised credentials. IT security teams can combine the insights gained from machine learning, user profiles, and contextual intelligence to fine-tune the variables and attributes that calculate risk scores using cloud-enabled analytics services.  An example of Centrify’s Analytics Services dashboard is shown below:

Visibility and Analytics are a Core Pillar of ZTS

Analytics, machine learning and their combined potential to produce contextual intelligence, real-time risk scores, and secure company perimeters to the individual access attempt level need a continual stream of data to increase their accuracy. Forrester’s Zero Trust Framework, shown below, illustrates how an enterprise-wide ZTS security strategy encompasses workloads, networks, devices, and people.  NGA is the catalyst that makes ZTS scale into each of these areas. It’s evident from the diagram how essential visibility and analytics are to a successful ZTS strategy. NGA provides incident data including reports of anomalous or atypical login and attempted resource behavior. Visibility and analytics applications from IBM, Splunk, Sumologic, and others are relied on to aggregate the data, anticipating and predicting breaches and advanced attacks. The result is a ZTS security strategy that begins with NGA that flexes and scales to the individual perimeter level as a digital business grows.

Source: What ZTX Means For Vendors And Users, Forrester Research Blog, January 23, 2018., Chase Cunningham, Principal Analyst.

Conclusion

Every company, whether they realize it or not, is in a race against time to secure every threat surface that could be compromised and used to steal or destroy data and systems.  Relying on yesterday’s security technologies to protect against tomorrow’s sophisticated, well-orchestrated threats isn’t scaling. Reading through the Verizon Mobile Security Index 2018 Report illustrates why Zero Trust Security is the future. Improving visibility throughout the network and reducing the time to breach detection, stopping malware propagation and reducing the scope and cost of internal and regulatory-mandated compliance requirements are just a few of the business benefits. Analytics and machine learning are the fuel enabling NGA to scale and support ZTS strategies’ success today.

%d bloggers like this: