The Digital Big Bang. Phil Quade

Читать онлайн книгу.

The Digital Big Bang - Phil Quade


Скачать книгу

      The resulting architecture was designed around rich and resilient connectivity. As it matured, the Internet fulfilled deep needs for speed and connectivity—organizational, financial, physical, mental, and even emotional—which catalyzed its unprecedented proliferation.

      But that highly desired connectivity also opened the door to attacks. Attackers soon learned that they could use connectivity to their advantage to achieve a malicious effect without being near their actual target. Adversaries now can launch attacks from multiple places, focusing their multifaceted barrage on points of weakness. Perhaps it is the central dilemma of cybersecurity: if you can connect with everybody, you can be reached by anybody.

      Defenders should take the same architectural approach: design security that leverages connectivity.

      HARNESSING SPEED AND CONNECTIVITY

      Just as the cosmic big bang's fundamental forces of energy and matter must be carefully managed to achieve intended results, so too must speed and connectivity in the digital universe. For example, a split atom can do one of these two things:

       Blast and heat whole cities—Generate cool air in the summer and heated air in the winter via clean electricity from nuclear power plants

       Heat and blast whole cities—Generate fire and concussion via a nuclear weapon

      Cybersecurity implementations must be efficient enough to enable both the highest possible safe speed at all times and the maximum reach and scope of connectivity.

      “Speed is at the nucleus of the cyberfrontier.”

       Roland Cloutier, ADP

Diagrammatic representation of a rocket, which symbolizes the speed.

      “Greater connectivity, faster transmission and processing speeds, and machine algorithms result in faster and potentially more accurate decisions.”

       Scott Charney, Microsoft

      Speed must be viewed and treated like the fundamental element it is. But by its very nature, security slows things down. When you're in the security business, you're fundamentally in the business of slowing people down, and that's a horrible business to be in. Security must harness the power of speed to secure information while protecting against cyberattacks at the same rates.

      Simply put, all cybersecurity must be extremely fast.

      Security without speed is a losing proposition. In fact, slow security is often no security. Good security strategy must be based on leveraging speed, specifically

       Raw speed to detect and mitigate attacks in real time

       Processing capacity with more sensors, more data, and more insights to parse data more efficiently and find the smallest anomalies in system functionality

       Forward compatibility to create the headroom to implement future solutions that could involve even greater speed

      Good security strategy must achieve these goals with as little impact as possible on the speed users have come to expect and demand. That's because in addition to the operational reason for speed, there is a practical reason: Users aren't willing to wait.

      A consistent consequence results from that user impatience paired with cybersecurity techniques that don't feature speed as a fundamental component: Slow security solutions get shut off, either because they are too cumbersome or because they simply can't keep up. A security solution that lacks speed and thus is turned off provides zero benefit. Thus, slow cybersecurity techniques become greater impediments than benefits.

      If organizations are forced to adopt tools that do not meet the needs and standards of fast data transfer, the odds are that not only will those organizations become less safe, but they will carry that lack of safety to every point of connectivity they share, endangering other organizations.

      Acknowledging the inherent conflict between security and speed requires us to strategically design how, where, and when to slow things down, while maintaining and preserving as much velocity and efficiency as possible.

      When it comes to cybersecurity, without speed, there is nothing. Users will, however, embrace a solution with speed as its key component.

       Roland Cloutier, ADP

      Context is king when providing tangible models of reference to complex issues like cybersecurity. Even as security practitioners, we are faced with an onslaught of information, intelligence, data points, and other exceptional information with a need for action or decision, but we often lack the availability of context to make sense of the environmental settings that help us make great decisions.

      WHAT DO WE MEAN BY SPEED?

      As we begin to discuss speed as a binding strategy and guiding principle for approaching cybersecurity, we must take the time to truly understand the implications and context of the meaning of speed as a multifaceted component of the threat, of what we are protecting, of how we protect, and of the impact on our ability to be successful.

      Speed is in fact at the nucleus of the cyberfrontier. As a term, it can be considered a noun (the rate at which something is measured for movement) or a verb (describing an action of movement). In either case, when linked to the defense of technology, it is speed that dictates our plans, actions, and, often, outcomes. It is speed that supports measures of priority along with residual risk measures. And it is speed that impacts basic program considerations such as cost, services, and urgency.

      We'll now explore key areas of speed as a binding strategy and the key strategic elements that you can focus on to help you make better decisions, deliver better results, and have a greater impact in protecting your charge.

      HOW SPEED IMPACTS SECURITY

      Speed is also a critical element in the pace of change. Technology from a pure business asset perspective is often measured in years. Today, however, through the adaptation of advanced technology for criminal means, some cyberdefensive technologies may have a realistic effectiveness of only


Скачать книгу