With growing agreement that the traditional enterprise perimeter and security architecture are dead, an array of security and risk management technologies have recently emerged that are worth considering in the enterprise, according to Gartner’s Ruggero Contu.
The rapid pace of digital transformation, the move to cloud, and the distribution of the workforce mean that standard security controls “are not as effective as in the past,” said Contu, a senior director and analyst at Gartner, during the research firm’s Security & Risk Management Summit — Americas virtual conference this month.
Most businesses report they’ve faced security struggles while trying to adapt to the accelerated technology changes of the past two years. A recent report by Forrester, commissioned by cyber vendor Tenable, found that 74% of companies attribute recent cyberattacks to vulnerabilities in technology put in place during the pandemic.
Of course, the irony is that the adoption of new technology also offers a solution for many of these issues. With a massive, global shortage of cybersecurity talent and skills, tools and automation designed for the new digital world are essential for meeting the security challenge.
When it comes to emerging technologies in security and risk management, Contu focused on eight areas: Confidential computing; decentralized identity; passwordless authentication; secure access service edge (SASE); cloud infrastructure entitlement management (CIEM); cyber physical systems security; digital risk protection services; and external attack surface management.
Many of these technologies are geared toward meeting the new requirements of multi-cloud and hybrid computing, Contu said. These emerging technologies also align to what Gartner has termed the “security mesh architecture,” where security is more dynamic, adaptable, and integrated to serve the needs of digitally transformed enterprises, he said.
To process data, that data must be decrypted, opening a potential for unauthorized access or tampering. There is thus a risk of exposure for data that is “in use.”
How it works: Confidential computing mitigates the risk of exposure when data gets decrypted while in use. It does this through using a hardware-based enclave—or trusted execution environment—that isolates and protects the data during processing.
To keep in mind: The performance of the cloud systems may be impacted, and there could be higher cost for increased infrastructure-as-a-service instances. Hardware-based approaches are also not bulletproof, as evidenced by the Spectre and Meltdown processor vulnerabilities.
Ensuring privacy and compliance require a way to not only control identities, but also control the data associated with those identities. Identity and access management has also faced issues around security and scalability in the midst of rapid digital transformation. The use of centralized identity stores poses security and privacy risks.
How it works: Decentralized identity provides a distributed identity model, leveraging technologies such as blockchain to distribute the storing of identities and related data across a large number of systems.
To keep in mind: Decentralized identity—and even blockchain itself—are still relatively new technologies and remain “fairly untested” at this point, Contu said. Enterprises should require proof of concepts from vendors before investing in this technology.
Infamously, passwords have severe limitations—ranging from the widespread use of weak passwords, to phishing and social engineering attacks aimed at stealing passwords, to potential compromises of stored passwords. Compromised passwords are responsible for 81% of hacking-related breaches, Verizon has reported.
How it works: Passwordless authentication replaces the use of passwords with the use of alternative authentication methods such as smart cards, biometrics, and tokens.
To keep in mind: The issue of credential theft can still be an issue with passwordless authentication if the vendor stores credentials in a central repository—cyber criminals can still attack that repository. The cost is also likely to be higher, in particular for methods that require additional hardware such as biometric readers or smart card readers.
Secure access service edge (SASE)
While still relatively new, secure access service edge (SASE) has gotten significant traction in the market because it’s a “very powerful” approach to improving security, Contu said. The term was first coined by Gartner analysts in 2019. SASE offers a more dynamic and decentralized security architecture than existing network security architectures, and accounts for the increasing number of users, devices, applications, and data that are located outside the enterprise perimeter.
How it works: SASE offers a flexible and “anywhere, anytime” approach to providing secure remote access by delivering multiple capabilities—including secure web gateway for protecting devices from web-based threats; cloud access security broker (CASB), which serves as an intermediary between users and cloud providers to ensure enforcement of security policies; next generation firewalls; and zero trust network access, which considers context—such as identity, location, and device health—before granting remote access to applications.
To keep in mind: In many cases, adopting SASE will mean migrating to new vendors and products, which can bring challenges around cost and management of the new products. Still, “the overall benefit [of SASE] is very high, as demonstrated by the interest in the market,” Contu said.
Cloud infrastructure entitlement management (CIEM)
Management of identities and their entitlements, such as access privileges, is notoriously difficult. Doing so in multi-cloud and hybrid environments adds a further level of complication. Threat actors are known to exploit these weaknesses in order to infiltrate and compromise cloud services.
How it works: Cloud infrastructure entitlements management, or CIEM, is a tool for monitoring and managing cloud identities and permissions. This can include detection of anomalies in account entitlements such as accumulation of privileges, risky dormant accounts, and unnecessary permissions.
To keep in mind: CIEM is starting to combine with other cloud security tools, and is only expected to remain as a standalone tool in the short-term. Over the longer term, CIEM will likely be available as part of identity governance and administration (IGA), privileged access management (PAM), and cloud-native application protection platform (CNAPP) offerings.
Cyber physical systems security
The concept of cyber physical systems security recognizes that cyber threats and vulnerabilities now extend outside of IT infrastructure alone, and can impact the increasingly IT- and IoT-connected physical infrastructure, as well. With the increasing convergence of IT, operational technology (OT), and other physical systems, new security approaches and solutions are required.
How it works: Cyber physical systems security offers a set of capabilities to enable organizations to securely manage their increasingly interconnected environments—particularly in terms of bringing better visibility of assets and systems, both known and unknown. Along with providing greater visibility, cyber physical systems security brings the ability to correlate inventories with vulnerability data that is available—enabling organizations to prioritize their mitigation efforts around those vulnerabilities. Other capabilities can include anomaly detection and secure remote access. Cyber physical systems security ultimately spans IoT, industrial IoT, and OT, as well as concepts such as smart cities.
To keep in mind: Regardless of how much money an enterprise invests in cyber physical systems security, the approach will fail unless there is strong collaboration between IT and OT teams.
Digital risk protection services
With digital transformation come a growing number of digital assets—and enterprises need protection and visibility for these digital assets, which may not be provided by traditional security controls.
How it works: Digital risk protection services can provide brand protection, data leakage protection, and services to protect against account takeover and fraud campaigns. The services offer visibility into the open web, social media, and dark web, to uncover threats such as fraudulent/infringing web domains and mobile apps. Other services can include protection against social media account takeovers or phishing scams.
To keep in mind: Digital risk protection services are starting to converge with other technologies such as external attack surface management.
External attack surface management
Internet-facing exposure of enterprise assets and systems can bring major risks, security and otherwise.
How it works: External attack surface management, or EASM, focuses on identifying all internet-facing assets, assess for vulnerabilities, and then managing any vulnerabilities that are uncovered. For instance, this might include misconfigured public cloud services, servers with inadvertently open ports, or third-parties with poor security posture that represents a potential risk.
To keep in mind: EASM tools are currently in the midst of consolidation, including with digital risk protection services.
Ultimately, while these eight technology categories all bring potentially useful advancements in security and risk management for enterprises, they’re also “contributing to an already highly fragmented security market,” Contu said.
“This market fragmentation has now created significant fatigue within the enterprises and all the CISOs we talk to,” he said. “This fatigue is pushing security professionals to consider a solution set platform more and more, rather than standalone solutions.”
The post Emerging tech in security and risk management to better protect the modern enterprise appeared first on Venture Beat.