Today’s digital economy offers a wealth of opportunities, but those opportunities come with growing risks. It has become increasingly important to manage the risks posed by the intersection of digital resilience and today’s risk landscape. Organizations around the world should be asking themselves: If a risk becomes a material threat, how can we help our employees continue to get work done efficiently and securely despite unexpected disruption, no matter where they are? This new era of “anywhere work” is not only a technology issue, but one that encompasses leadership support and cultural shifts. In a recent webinar, Heidi Shey, principal analyst at Forrester, and Anton Chuvakin, senior staff, Office of the CISO at Google Cloud, had a spirited discussion about the future of data security. They agreed that this is a moment of inflection, when smart organizations are rethinking their entire security approach and using the opportunity to take a closer look at their security technology stack at the same time. Here are some trends that they are seeing today.Greater volume, more variety. The data that organizations generate is not only increasing in volume, but in variety as well. Sensitive information can exist anywhere, including employee communications, messaging applications, and virtual meetings, making traditional techniques for classifying data such as manual tagging less effective. Organizations need to grow their risk intelligence by using artificial intelligence (AI) and machine learning (ML) to better identify and protect sensitive information. At the same time, employees are accessing enterprise data in multiple ways, on multiple devices, wreaking havoc on traditional security perimeters and anomaly detection. A more strategic approach. Multiplying threat vectors and vulnerabilities often drive organizations into a losing game of whack-a-mole as they acquire more and more point solutions, which leads to information silos and visibility gaps. While security modernization doesn’t require a rip-and-replace, its success depends on a more strategic approach to choosing and applying controls. Successful organizations are being deliberate in creating an ecosystem of controls that interoperate and reduce data silos and visibility gaps. Zero Trust. Central to any modern security strategy should be a Zero Trust approach to user and network access, not only for people but also for the growing number of internet-of-things (IoT) devices that exchange enterprise data. Zero Trust means that organizations no longer implicitly trust any user or device inside or outside the corporate perimeters — nor should they. Rather, a company must verify that attempts to connect to a network or application are authorized before granting access. Zero Trust replaces the perimeter security model between a trusted internal network and an untrusted external network – including virtual private networks (VPNs) used to access corporate data remotely. Unlike a traditional perimeter model in which a network could become compromised if a hacker breached the organization or if a malicious insider attempts to steal a company’s sensitive data, a Zero Trust approach helps ensure users only have access to the specific resources they need at a point in time.Growing supply chain networks. As organizations expand their supply chains to increase resilience and efficiency, they need a way for vendors, customers, and other third parties to securely access the data and applications necessary to conduct business. A Zero Trust approach to access can provide a scalable solution to meet this need. Enterprise security solutions with the speed, intelligence, and scale of GoogleCybersecurity is ever-evolving as new threats arise daily. Google Cloud’s approach takes advantage of Google’s experience securing more than 5 billion devices and keeping more people safe online than any other organization. Google Cloud brings our pioneering approaches to cloud-first security to enterprises everywhere they operate, leveraging the unmatched scale of Google’s data processing, novel analytics approaches with artificial intelligence and machine learning, as well as a focus on eliminating entire classes of threats. By combining Google’s security capabilities with those of our ecosystem and alliance partners — including Cybereason, IPNet, ForgeRock, Palo Alto Networks, and SADA — we’re bringing businesses a full stack of powerful and effective solutions for managing data access, verifying identity, sharing signal information, and gaining visibility into vulnerabilities and threats. In concert with our ecosystem of partners, we will be working with Mandiant and its partners to deliver an end-to-end security operations suite with even greater capabilities to help you address the ever changing threat landscape across your cloud and on-premise environments. In sum, Google Cloud brings you the tools, insight, and partnerships that can transform your security to meet the requirements of our rapidly transforming world. To get a deeper dive into the trends and research driving this change, watch the “Cloud Makes it Better: What’s New and Next for Data Security” webinar with Forrester and Google Cloud.
Quelle: Google Cloud Platform
Published by