- COVID-19 has changed how people work, and cybersecurity needs to reflect this new normal.
- As networks and cloud environments stretch to accommodate the new reality, edge security strategies must be extended.
- The challenge here is not new technology, but old mindsets.
For businesses all over the world, adjusting to the new realities created by COVID-19 has been an incredible challenge. From a technology perspective, the crisis has forced companies to make massive changes - from meeting the needs served by suddenly shuttered workspaces, to scaling the tools required to connect entire workforces now isolated at home.
For IT teams that are already stretched thin, just getting the tactical tools and techniques needed for business continuity up and running has been a massive undertaking complicated by intense time pressures. But all of that was just the beginning. To protect and strengthen those efforts, we must now go beyond initial tactical approaches to adjust underlying security strategies and workplace philosophies as well.
For many companies, the biggest obstacle will not be the technology; it will be the ability to recognize that these short-term disruptions are here for the long-term, if not actually permanent. It is also critical that we begin now to seize the opportunity presented by these cultural and technological shifts to embrace a more strategic approach to security. Just as it has been very difficult for some companies to embrace the principles and practices of working remotely, some organizations may still attempt to cling to a network model that doesn’t really reflect the form or function of how their cloud and networks must now operate.
But the fact is, the primary organizing concept in many organizations’ network strategy — that there is a centre, and then there is everything else — is gone. To adjust, the principles and practices we use to secure what we once called the edge must now be adapted to and scaled across the entire network.
For many of us, this is not a new necessity. For years, security professionals have advised companies to adjust their security strategy to secure the remote edge, not just the traditional core network perimeter, and to employ security-driven networking. Even so, nobody could have predicted just how quickly and fundamentally those changes would be forced on us in the wake of COVID-19. We may never entirely go back to what we knew as normal. And perhaps the most dangerous thing we could do now is to leave our expanded edge strategy out on the edge.
Moving forward, edge security, cloud security and network security must be synonymous. A security-driven networking strategy that blends the entire distributed network into a single, coherent solution is no longer optional – it will be an imperative. Fusing networking, the cloud and security must be the foundational structure of not only what is done now, but also of any innovations to come.
We have already begun to see solutions designed to define and secure networks with software, enabling organizations to approach security, the cloud and networking with a single, unified strategy for all edge computing. Many companies that had already invested in integrating their software-defined networking in a wide area network (SD-WAN), next-generation firewall (NGFW) technology and multi-cloud deployments into a unified system were in a much better position to pivot to the demands of a totally restructured workplace. But now that remote networks have taken a primary position, organizations must extend that strategic edge approach throughout the network and out to the cloud to make sure it is consistent, integrated and secure.
These changes may seem painfully sudden and sweeping. But the truth is we were already rapidly running out of runway. It was inevitable that security would have to follow data, and data has been moving to the edge and being distributed across an expanding network for some time now. Even without a global lockdown separating us physically, the proliferation of IoT — which includes billions of highly vulnerable access points with code not developed with security-first in mind — was always going to blow a gaping hole in networks eventually. Suddenly, eventually is now.
What is the World Economic Forum doing on cybersecurity
The World Economic Forum's Centre for Cybersecurity is leading the global response to address systemic cybersecurity challenges and improve digital trust. We are an independent and impartial global platform committed to fostering international dialogues and collaboration on cybersecurity in the public and private sectors. We bridge the gap between cybersecurity experts and decision makers at the highest levels to reinforce the importance of cybersecurity as a key strategic priority.
Our community has three key priorities:
Strengthening Global Cooperation - to increase global cooperation between public and private stakeholders to foster a collective response to cybercrime and address key security challenges posed by barriers to cooperation.
Understanding Future Networks and Technology - to identify cybersecurity challenges and opportunities posed by new technologies, and accelerate forward-looking solutions.
Building Cyber Resilience - to develop and amplify scalable solutions to accelerate the adoption of best practices and increase cyber resilience.
Initiatives include building a partnership to address the global cyber enforcement gap through improving the efficiency and effectiveness of public-private collaboration in cybercrime investigations; equipping business decision makers and cybersecurity leaders with the tools necessary to govern cyber risks, protect business assets and investments from the impact of cyber-attacks; and enhancing cyber resilience across key industry sectors such as electricity, aviation and oil & gas. We also promote mission aligned initiatives championed by our partner organizations.
The Forum is also a signatory of the Paris Call for Trust and Security in Cyberspace which aims to ensure digital peace and security which encourages signatories to protect individuals and infrastructure, to protect intellectual property, to cooperate in defense, and refrain from doing harm.
For more information, please contact us.
There is no choice now but to move forward. Though challenging, we are being given an opportunity to create the type of connectivity and security we have long known we would need, but have been avoiding. That may be one bright outcome from this terrible crisis, but only if organizations can focus quickly and execute this strategy thoroughly.
Thankfully, the technology to achieve these solutions is available. Security-driven networking that utilizes AI to drive efficient, integrated solutions that span remote access and across dynamically distributed networking and cloud environments allows companies to maintain the pace of business. But it will also enable IT teams to focus on higher priority challenges, such as segmentation and authentication, to protect organizations as well as prepare for the opportunities of 5G, ultra-rich media and smart solutions, including smart vehicles, buildings and cities.
We know that we must rely on digital connections more than ever, it is critical that we ensure that those connections are safe, fast, scalable, and strong throughout our networks. Whether we like it or not, whether we are ready or not, we have been pushed to the edge. The only question now is how quickly organizations can extend their networking strategy so they can remain safe there.