CISOs Should Reimagine the Traditional Approaches to Security
Vishak Raman, Director, Security Business, Cisco India & SAARC, explains how CISOs can approach cybersecurity in a post-COVID-19 world
As the world continues to grapple with the Covid-19 crisis forcing businesses to rapidly deploy remote systems and networks to support work from home (WFH), it becomes critical for organizations to pay attention to their security model. Indeed, today’s threat landscape has not only expanded in size, but also become much more complex in nature. In a recent interaction with CXOToday, Vishak Raman, Director, Security Business, Cisco India & SAARC, explains what CIO/CISOs should do to secure a remote workforce and how Cisco is helping employees, customers and partners in implementing secure and seamless WFH experience.
CXOToday: What should IT and security leaders do to secure a remote workforce?
Vishak Raman: The pandemic has caused a drastic shift in the way we engage with each other and the world. Organizations are now working with geographically distributed teams, and many are looking to keep their workforces remote even beyond the crisis. According to a recent Cisco study, 68% of organizations faced cybersecurity challenges when supporting remote workers and 84% of organizations feel that cybersecurity is now a top priority for them. So far, the focus has been on on-premise security. But, as workforces become more distributed and remote, the traditional approach to security has to be reimagined given that the threat landscape has not only widened but become far more complex.
Security leaders should look at simplifying security through integrated cloud platforms that could detect threats and policy violations through security analytics, and automate security functions like threat investigation and remediation, for more efficient operations.
Most importantly, the platform should be anchored in a zero-trust framework, as it assumes that all environments are hostile and breached, and therefore proactively identifies and prevents attacks, by protecting data at all endpoints. Additionally, one has to also secure user identity with VPN-controlled access to certain apps, as they are now being accessed through private networks and dispersed devices. As the new hybrid workplace develops – collaboration without compromise is the key, and it can happen seamlessly with the help of platforms that provide strong encryption, compliance visibility and control.
CXOToday: What are the key data security trends and concerns in the new normal?
Vishak Raman: While the digital transformation brings incredible opportunity, it also presents the herculean challenge of cybersecurity. According to the Cisco study, 73% of Indian organizations have experienced a 25% or more jump in either cyber threats or alerts since the start of COVID-19. This has led to 77% of organizations increasing their future investment in cybersecurity.
Today, small to large scale enterprises, including banks and governments, schools and small businesses, entrepreneurs, and individuals – are exploring a hybrid work environment. As they switch to cloud models to enhance the agility and resilience of their core processes and workflows, next-generation applications are in a state of constant instability, as new functions are added, and existing ones are transformed. This is introducing complexities in the existing security infrastructure. A Cisco study shows that 39% of surveyed organizations find that they are struggling to secure applications. The most troublesome aspect is data stored in the cloud, with 52% finding it extremely challenging to secure.
To address these challenges, security leaders are taking up a more strategic role in identifying security priorities that not only align with overall business goals but allow for conscious spending while ensuring end-to-end security. Security process automation is also emerging, as it is faster and scalable with fewer errors. Organizations are tightening security operations (SecOps) management for enhanced threat detection and prevention. According to Gartner – Information security spending is expected to grow 2.4% to reach $123.8 billion in 2020, with cloud security (33.3%) and data security (7.2%) as the highest investment areas.
CXOToday: How Cisco is helping employees, customers and partners in implementing secure and seamless WFH experience?
Vishak Raman: Remote working is not new to Cisco, we build this technology and had the backend infrastructure to switch to a remote working style securely and seamlessly. To help the industry and our customers, Cisco made its policies, plans, and processes on remote business continuity available to everyone. This has helped several large ITeS, FSI, and public sector companies in India to move their workforce overnight. In April, we engaged with over 600 customers to help them with business continuity plans in India; during the same time, we enabled over 500,000 knowledge workers in India to work from home securely.
To help our customers keep their newly remote workforces safe and productive, we had extended free licenses and expanded usage counts at no extra charge for three of our key security technologies that are designed to protect remote workers – DNS-layer security from Cisco Umbrella, zero-trust security from Duo and secure network access from AnyConnect. We also enabled free access to cloud-delivered technologies across our collaboration and security portfolio in March. The demand for WebEx has been so high that we launched an e-commerce portal to make it easier for our small business customers and individuals to buy WebEx online.
Recently we announced Cisco SecureX, the broadest and the most integrated cloud-native security platform, included with all Cisco Security products to simplify and enhance the way customers manage security. To continue on our promise of offering the most trusted and secure solutions, we also introduced platform innovations across the breadth of the portfolio including – Extended Detection and Response (XDR), Zero Trust for the Workforce and Secure Access Services Edge (SASE).
CXOToday: What is your advice to CIO/CISOs in the new normal?
Vishak Raman: Nurturing a culture that recognizes cybersecurity as a top priority is critical. To achieve this, there needs to be a synergy between business and security leaders. They will be instrumental in accelerating their organization’s recovery and shaping its new phase of growth, with security at the center of and foundational to all business imperatives.
Going forward, the ability of organizations to pivot and adapt their business and workforce models will determine their success in the new normal. How organizations view their customers and staff, infrastructure, and applications must change and influence their security, business, and operational policies. CIO/CISOs need to re-evaluate their digital transformation agenda, prioritize the development of agile and flexible infrastructure, and recalibrate for changing employee and customer experiences.