Personal tools

Digital Trust and Cybersecurity Platform

University of Pennsylvania_060221A
[University of Pennsylvania]

 

 

- The Role of the CISO

Since the late 1990s, enterprise security infrastructure grew organically as CISOs added independent security controls as countermeasures to new or growing threats. This tactical strategy was adequate in the past, but it is a mismatch for today’s dangerous threat landscape and growing attack surface. In fact, a point tools-based security infrastructure often leads to high costs, complex security operations, unacceptable levels of cyber risk, and data breaches. Many organizations have had enough. As an alternative to point tools, CISOs are embracing tightly coupled security technology platforms offering advanced threat protection, central management, and coverage across endpoints, networks, and clouds.

The CISO (chief information security officer) is a senior-level executive responsible for developing and implementing an information security program, which includes procedures and policies designed to protect enterprise communications, systems and assets from both internal and external threats.

 

- Cybersecurity Platform Requirements

The current technological context demands a new security paradigm that’s focused on monitoring and analyzing all available information in order to identify and prevent any malicious cyberattacks on organizations. A cybersecurity technology platform must go beyond tightly coupled product integration and include the following:

 

  • Coverage from endpoints to data centers to clouds: Platforms must provide comprehensive coverage that includes endpoints (i.e. PCs, mobile devices, IoT devices, etc.) and networks, as well as physical servers, virtual servers, and cloud-based workloads (VMs, containers, etc.). The best platforms will also offer strong integration with common threat vectors such as email security and web security.
  • Prevention, detection, and response capabilities: First, a security technology platform must greatly improve threat prevention when compared to today’s potpourri of point tools. Each individual tool should offer best-of-breed security efficacy, while the platform should provide incremental threat protection as more tools are glued together. Beyond threat prevention, each tool should also act as a sensor for collecting security telemetry. Platforms will be back-ended by some type of security analytics services that processes, analyzes, and acts upon this growing volume of security data. Security platforms must also offer well-defined and flexible options for responding to and mitigating threats, including automated and manual options. For example, the platform should be able to automatically find and block retrospectively installed files and IoCs when new threats (that include these files and IoCs) are detected in the wild or offer options for quarantining systems, deleting files, or restoring systems/workloads to a known good state.
  • Hybrid deployment options: Today’s security technology world includes ubiquitous cloud services, costly security operations, and data privacy concerns.  Therefore, vendors shouldn’t be dogmatic about platform deployment but rather offer flexible implementation options so customers can pick and choose the best fit. In other words, individual security tools and the platform management plane should be offered in on-premises and/or cloud-based form factors. Customers can then pick and choose how they want to glue the whole thing together without sacrificing functionality or technology integration benefits.
  • Cloud-based services: Security technology platforms should include myriad cloud-based services for things like threat intelligence analysis/sharing, static/dynamic file analysis, reputation list compilation/distribution, machine learning modeling, etc. In some cases, these services will be transparent to customers, while they will be offered as upgrade options in others.
  • Central management and reporting: All individual tools must plug into a central management plane offering role-based access control that can be customized for different users, views, and functions. Management functionality must include policy management, configuration management, and detailed reporting from individual tools, from groups of tools, or across the entire architecture. Management data must also be easily exportable to other tools (i.e. SIEM, GRC tools, automation/orchestration systems, etc.).
  • Openness: While security technology vendors want customers to buy their whole enchilada, it may take years to replace disparate tools owned by different budget holders. In many cases, large organizations have established best practices around certain point tools and will never swap them out. Given this market reality, security technology platforms must be open for easy third-party technology integration by offering developer support, technology partnerships, and well-documented and standards-based APIs as a core part of their platform.

 

- Digital Trust

Digital trust is the confidence users have in the ability of people, technology and processes to create a secure digital world. Digital trust is given to companies who have shown their users they can provide safety, privacy, security, reliability, and data ethics with their online programs or devices. When a person decides to use a company's product, they are confirming their digital trust in the business. 

Digital Trust is a necessity in a global economy reliant on ever-increasing connectivity, data use, and new innovative technologies. In order to be trustworthy, technology must be secure (ensuring connected systems’ confidentiality, integrity, and availability) as well as responsibly used. The lack of assurances regarding these two aspects have led to a digital trust deficit. 

Digital trust initiative encourages stakeholders to prioritize the cybersecurity (including cyber resilience and security-by-design) and responsibility aspects of technology use (including, e.g., privacy protection, ethical and values-driven innovation, transparency in development, accountability, etc.) in order to rebuild digital trust. Because of a lack of security, alongside ethical lapses, lack of transparency, and other issues distrust of digital technologies is increasing. Diagnostics of the level of popular mistrust already exist. Normative efforts to define some of the parameters of state-to-corporate digital trust are in their infancy.

Digital trust divides dependable services from corrupt ones, helping the user decide on a secure company rather than an unreliable one. It creates a bond between a user and a company that assures the user they will be receiving what they are asking for in a safe, secure and reliable manner. The more digital trust a company receives, the more likely it will be to gain more users.

 
 
 

[More to come ...]

 

 

Document Actions