By Byron V. Acohido
The deepening of the interoperability of artificial intelligence-infused systems – in our buildings, transportation networks, communication systems and medical equipment – heralds incredible breakthroughs for the human race.
Related: The coming of optical infrastructure
But first businesses must deal with the accelerating convergence of their internal and external computing resources. And this is no small task.
I had a chance to discuss this with Shinichi Yokohama, NTT Global CISO and John Petrie, consultant to NTT Global CISO, b RSA Conference 2023. It was a rare opportunity to get the perspective of senior executives responsible for protecting a Fortune 100 global enterprise.
We discussed how the boundaries between internal and external IT infrastructure have become increasingly blurred, making network security more challenging than ever. For a full exercise, please watch the attached video broadcast. Here are some takeaway points:
A converging ecosystem
Cloud migration and rapid software development were both on the rise when Covid-19 hit and the global economy suddenly shut down in 2020. As companies adapted to the post-pandemic operating environment, web-centric services came to the fore.
This has accelerated the convergence of on-premises and cloud-hosted IT infrastructure. Today, storage power and data processing are prominent Powered by Amazon Web Services, Microsoft Azure, and Google Public Cloud; And everything from software development to supply chain management happens on the fly across interconnected servers, endpoints and mobile devices between cloud-hosted and on-premises data centers.
Yokohama observed that clearly defined network boundaries have all but disappeared, making network security a very difficult challenge. “From a security perspective, the definition of network security has become very blurred,” he told me.
Petrie explained how digital convergence is happening at a deeper level through increased cross-coupling of traditional IT operations and network security responsibilities. “From a technical point of view, what we’re seeing is the dissolution of the scope itself – it no longer exists,” Petrie says. “Now we have to start thinking about security as a converging ecosystem. We have to protect the cloud, and in some cases, we also have to protect local systems that will never be in the cloud. The big changes have come in the convergence and digitalization of the ecosystem, especially in the last three years.”
Towards zero trust
So how should CISOs navigate their organizations? Yokohama and Petri emphasized the importance of moving towards a Zero trust framework. In today’s hyper-connected operating environment, this comes down to analyzing and integrating multiple legacy and next-generation security technologies tailored to the unique needs of the organization.
“What we’ve seen is that most companies are now moving toward a zero-trust framework and they’re finding that you really don’t have one solution; it’s got to be multiple solutions to get you there,” Petrie says.
Yokohama added that the first step that CISOs must take is to establish a significant security architecture, one that will respond to the unique needs of the organization and also take into account operations and governance.
“Traditionally most corporations have had a perimeter-based security architecture, but in the era of cloud and mobile, etc., an organization needs to have a north star,” says Yokohama. “Once the CISO has defined this North Star security architecture, then decisions can be made, piece by piece, about the technology solutions needed. . . . The architecture has to come first, and then they can decide which product options they prefer.”
The larger role of MSSPs
The security principles that these senior security executives presented to me clearly work for Fortune 100 corporations. However, it can be argued that in a post-Covid operating environment, these principles are equally valid for medium-sized enterprises and even SMEs, as well.
After all, companies of all sizes and in all sectors are increasing their reliance on cloud-hosted IT infrastructure and SaaS tools and services.
And this is where security service providers are managed (MSSPs) enter the picture.
The demand for richer MSSP services was already gaining momentum before Covid-19; This demand arose as the global pandemic spread across the planet. According to one estimate, companies are on track to spend $77 billion on MSSP services by 2030, up from $22 billion in 2020.
NTT Global is a veteran player in the MSSP field; It maintains a large MSSP unit that coordinates the protection of its myriad operating divisions, and it also launches MSSP services to its customers and partners.
“The task is, first, to ensure internal security, then, second, to leverage that knowledge for our external customer service,” says Yokohama. “We are happy to bring our knowledge and experience as a holistic solution to the client.”
It wasn’t too long ago that MSSPs were mostly helping their customers monitor traffic logs as part of filtering out anything suspicious, Petrie says. Today, MSSPs are increasingly helping companies perform much more sophisticated analysis, such as detecting known attack sequences or monitoring user behavior patterns to catch any unusual activity, he says.
Innovative use of the product
It’s worth noting that new technologies and richer services are only part of the equation when it comes to securing digital convergence. An equally important variable is how human users end up putting new tools and services to work, claims Yokohama. It emphasizes the importance of not only product innovation, but also inspired use of new technologies and emerging best practices.
For example, he pointed out how a disruptive AI tool, like ChatGPT, embodies a technological breakthrough that is currently waiting for a breakthrough in human use, with regard to network security. “Somehow, someone has to figure out how to use this new technology in a smart and safe way,” Yokohama notes. “When people say innovation, they usually refer to product innovation or product development. Further, I think that the way we use products in a smart and safe way, in itself, also becomes innovation.”
The mainstreaming of zero-trust frameworks, an increasing role for MSSPs, smarter use of new technology – these are all part of the digital convergence that is still in the early stages of convergence; Hoping we get better.
“I’m a super optimist, so I see a very promising opportunity,” says Yokohama. “Security, as well as trust, is the foundation of a successful digital society and NTT wants to be part of such a journey.”
What will happen next? I will keep following and keep reporting.
Akido
Pulitzer Prize-winning business journalist Byron V. Acohido is dedicated to fostering public awareness about how to make the Internet as private and secure as it should be.
(LW provides consulting services to the vendors we cover.)
