Strengthening cybersecurity in the era of edge computing
The blistering pace of digital transformation has ushered in an era of heightened complexity and cybersecurity vulnerabilities. As businesses digitise to meet rising customer expectations, this in turn necessitates faster digital transformations with increased stakes around risk mitigation and ecosystem consolidation. An example is the growing use by businesses of edge computing devices across distributed locations. McKinsey predicts double-digit growth in edge computing globally over the next five years, with over 400 use cases identified across various industries.
While such advancements empower employees and external stakeholders to do more faster, they also significantly expand a business's attack surface. Add to this the growing sophistication of malicious actors, which at times outstrips that of defender organisations, and digital transformation initiatives today are in an extremely explosive situation. In response, companies are placing an increasing focus on building a comprehensive and adaptable cybersecurity strategy that stays ahead of evolving threats.
The approach of Zero Trust Edge is increasingly finding a place in these proactive strategies. While Zero Trust refers to ‘trust no one, verify everyone’ as opposed to the earlier cybersecurity approach of assuming users of your systems within the security parameter can always be trusted, Zero Trust Edge takes this up a notch. It recognises that the traditional network perimeter no longer exists and combines networking and cybersecurity to create a secure environment. This allows users located anywhere and operating within or outside the companyto access the company systems they need, web-based or otherwise, without worry to themselves or the company.
However, for any business looking to set up a modern Zero Trust Edge environment, there are challenges. The first is the relative absence of a clear understanding and appreciation of cybersecurity risks in many organisations. The budget comes second.
Given the lack of appreciation, decision-makers do not always recognize the urgency of spending money on upgrading the security infrastructure. Another predicament is bringing complex landscapes comprising the cloud, edge computing, and legacy on-prem systems under this safe umbrella. Vendor identification and consolidation is the last and possibly the most important issue that has to be tackled.
Here is a simple framework that, when executed with persistence, can overcome these challenges. Start by making cybersecurity an integral part of company culture. Reinforce its importance to all stakeholders, cutting across customers, vendors, contractors, and employees, and going right up to the board. Once the need for prioritising cybersecurity is well-embedded in your immediate ecosystem, it is time for the company’s top management and the IT and cybersecurity leaders to craft a cybersecurity strategy. This should be a roadmap that aligns with the company’s business and strategic goals, the sector and geographies it operates in, and its vision for digital transformation.
Once this is done, formulate a Zero Trust strategy that will serve as a robust underpinning to your larger cybersecurity strategy. Engaging in risk-based conversations with the organisational leadership and the board will help the CISO garner the necessary support for this critical initiative.
Finally, pick suitable cybersecurity partners with a large portfolio of technologies that address Zero Trust. This will help you travel the path of consolidating your tech stack and security landscape much more efficiently and optimally. Remember, consolidation is crucial for Zero Trust. Vendor consolidation will help streamline integrations and improve security posture in comparison to building interconnectivity between multiple-point solutions from disparate vendors. It is important to select vendors who have strong growth, a good track record, an experienced leadership team, and a well-defined product roadmap.
Navigating the complexities of crafting and implementing a Zero Trust strategy requires a comprehensive approach that addresses cultural, budgetary, technical, and partnership considerations. It might seem daunting, but the time for this is now. By fostering a cybersecurity-aware culture, aligning cybersecurity strategy and Zero Trust with business objectives, and selecting suitable partners, organizations can effectively mitigate cybersecurity risks and reap the rewards of a secure and sustainably resilient digital infrastructure.
Manoj Kuruvanthody
Manoj Kuruvanthody is CISO & DPO at Tredence.