How can CISOs adapt to the security risks caused by digital transformation? Microsoft have been working on an answer…
CISOs wear many hats, but perhaps the main challenge they face is knowing how they can support the organisation on its digital transformation journey – enabling ever higher levels of productivity, while maintaining the highest possible security posture.
It’s not a productivity vs. security trade-off equation anymore. It’s about mitigating risk and achieving both; by balancing the security tools you need, integrated with the productivity tools you want.
At our most recent Identity and Security Summit, Sian John, Microsoft’s Chief Security Advisor for EMEA and APAC, outlined the affect digital transformation is having on our traditional security processes. She also highlighted the key new Microsoft tools and security innovations that will help organisations boost cyber defence across the entire kill-chain.
Let’s take a closer look at what she had to say…
“86% of CEOs believe technology will transform their business more than any other global trend.” – PwC’s 22nd Annual Global CEO Survey
The world we live in is becoming increasingly complex and this complexity filters down into all organisations. Examples of how evolving technologies and changing consumer behaviours drive the need for digital transformation include:
It’s important to think about the knock-on effect that a rapidly transforming enterprise can have on the IT team and its ability to properly protect all assets. It’s getting harder and harder by the day it seems.
As Sian told us: “If you want to determine the threat landscape, what you need to do is look at the current technology landscape and how that’s evolving – when we unlock a new capability then you can expect exploits and risks to come with that.”
The challenge security teams need to tackle is how to evolve their security services to keep pace with both the organisation and the evolving threat landscape to avoid stifling productivity. And how can they speed-up the development of new security controls to mitigate risks caused by digital transformation.
The graphic below captures it all nicely. For CISOs, the first two arrows are unavoidable, but you’ll want to find ways to move the third arrow over to the left as much as possible, so you can close that security gap and reduce the threat impact from adopting new technology.
Looking at a typical digital transformation scenario in a modern enterprise-level organisation can help you put that idea into context.
There is a knock-on effect from digital transformation that CISOs and security professionals need to be aware of and keep up with.
Microsoft understand this issue and they’ve been working hard on agile and intelligent solutions for the ‘secure productive enterprise’, based on three key principles:
The premise of this principle is simple. Identity is the new control plane, now that the traditional security perimeter is gone. You have to set security measures at the point of user access. Playing it safe and locking down all users and devices to the highest security level has too great an impact on productivity – and gives CISOs a massive headache.
In reality, security teams need to be much more granular when it comes to securing access. They need to start scoring access requests based on individual user risks, such as:
Microsoft have developed conditional access as the solution to scoring user risk level. It’s a clever tool that looks at how, where, when, what and why a user is requesting access – and then sets a level of risk accordingly.
If the login scores medium to high risk (you can control these levels within your Azure Portal) then the access request triggers a range of “controls” that are predetermined by your organisation. It can mean access is blocked entirely, the user may be prompted to reset their password, or a second level of authentication (such as MFA) might be triggered to prove the legitimacy of the user.
View 'Safeguard your data and applications with conditional access controls and multi-factor authentication' and discover:
Perhaps the area where digital transformation has had the biggest impact on cyber security controls is inside your SOCs and SIEMs.
There’s a big data problem that’s been generated out of digital transformation. If organisations have a traditional SOC in place, CISOs are now coming to Microsoft’s saying that it’s becoming harder and harder to root out the false positives and cut through the noise of alerts.
With the rise of cloud apps and multiple cloud tenants, mobile devices and external threat intelligence data, SOCs are simply struggling to deal with the sheer volume of data and logs. How can you identify the real threats? You can’t simply choose to monitor all logs.
For example, choosing to monitor Azure logs alone, in a large organisation, would mean petabytes of data – a good SOC might last 2-3 hours at best before it falls over.
Many SOCs and SIEMs have not evolved to help solve the big data problem yet. There are two common practices within SOCs and SIEMs that make this worse.
All this extra data can be extremely costly both in terms of data consumption and lost productivity. With the big data issue, you get an increase in the amount of ‘noise’ you have to sift through in order to find ‘real’ threats, and there are latency and throughput issues with processing such vast amounts of data.
An additional challenge lies in identifying how you can best use your highly skilled security professionals – eliminating repetitive work that can be automated by a machine, freeing your team up for real investigative and response work.
As digital transformation fundamentally changes an organisation’s operations, the traditional SOC must also adapt to keep up.
Microsoft have invested heavily in intelligent threat detection and response solutions over the last two years.
They have used their vast array of telemetry data to build machine learning and artificial intelligence (AI) into their own security systems. This allows them to use probability, correlation and a range of other techniques to root out and act quickly on the real threats – ignoring the noise.
Microsoft’s latest security tool allows ‘connections’ into all your apps and systems, so you can get insights and call up data only when you need it. You don’t need to bring all the logs into your SIEM – the data is held within the original app (not duplicated / hoarded) and you can just call on it as and when.
This tool is called Azure Sentinel – a next generation SIEM solution that combines orchestration and automation to support your security goals. Think of it as a SIEM and a SOAR in one!
“With this machine learning and AI in place, Sentinel provides an effective method of rooting through logs to help you surface and act on only the most important threats.”
Sentinel sits within your Azure portal. It focuses on enabling you to consume security related data from almost any source, removing the need to manage complex and costly infrastructure components – whilst providing a highly scalable platform as organisations grow and digitally transform.
Sentinel uses machine learning and AI to surface important insights based on the data your organisation is consuming – through a wide catalogue of available connectors.
Native connectors exist for all key Microsoft sources, together with a range of native third party connectors, which include technologies from AWS, Symantec, Barracuda, Cisco and others.
With this machine learning and AI in place, Sentinel provides an effective method of rooting through logs to help you surface and act on only the most important threats.
See how Sentinel can help you identify and stop threats before they have the opportunity to cause damage. You'll learn:
Comprehensive hunting and investigative capabilities are also provided in Azure Sentinel to help you automate and expedite your response to potential attacks.
This helps CISOs also deal with the cyber security skills gap. Automating the response to common threats saves time for your security pros and it allows them more quality time to get on with investigating and responding to more complex threats.
If you can train a machine to do a lot of these repetitive processes, then you absolutely should be doing so, both to save your security pros the stress of constantly trawling through logs and to provide a little more job satisfaction.
The challenge here, however, will be around balance, as the CISO asks themselves, “How do I optimise my SOC and reduce alert fatigue without running the risk of missing important threats?”
Security needs to evolve to deal with increasing digital transformation. It needs to find a way to proactively engage with all areas of the business whilst becoming more agile through utilising identity as the new control plane, intelligent risk-based access controls, machine learning, automation and AI.
Sian summarised, “As organisations go through more and more digital transformation it gets faster – the problem [with security teams playing catch-up] is only going to get worse. So [security teams] need to look at how they can be agile enough to keep up with a world that is moving much quicker now.”
For a more in depth look at the pressures digital transformation is putting onto modern security approaches you can watch Sian’s entire keynote video on-demand now.
Send us your questions or feedback.
Friendly folks are standing by!
Eight-time winner of the Microsoft Partner of the Year Award for Identity Management, Enterprise Mobility, and Security and Compliance.
You are seeing this because you are using a browser that is not supported. The ThirdSpace website is built using modern technology and standards. We recommend upgrading your browser with one of the following to properly view our website:Windows
Please note that this is not an exhaustive list of browsers. We also do not intend to recommend a particular manufacturer's browser over another's; only to suggest upgrading to a browser version that is compliant with current standards to give you the best and most secure browsing experience.