Jeff Schwartz, VP, North America Engineering, Check Point Software Technologies (NASDAQ: CHKP)
As an industry, it’s perhaps a statement of the obvious to express that our security problems are getting worse. Depending on your analyst of choice, security incidents are up year over year by anywhere from 40-60 percent or more. One such report, published by Help Net Security, reports that compared to the last six months of 2016, the number of lost, stolen or compromised records increased by 164 percent in the first half of 2017. This does not even reflect the increase in quality or sophistication of each incident. Partly attributable to the Shadow Brokers leaks, it has become a trivial exercise for low level malicious actors to initiate attacks with the highest levels of state-sponsored sophistication. In parallel, we continue to spend more on security than other segments of IT. According to IDC, security spending is up 8 percent and continued to remain between 7-10 percent growth through 2020. Taking these two data points together, each dollar we spend on security this year will result in reduced security effectiveness in reducing the number of incidents within our organizations. Assuming that these hard trends continue, next year, the gap will be even wider. The more we spend, the less return we can expect from that investment.
So, why are our problems getting worse? We continue down this path, because we continue to invest in point solutions stacked on top of each. In addition, this increased volume of point solutions, decreases the velocity with which we can deliver solutions to our end users. Each one requiring its own care and feeding, we are slower to identify problems, maintain and upgrade these products and ultimately, slower to deliver “agile” to our consumers.
Certainly, there is a clear need for leveraging the vast increase in innovations, both in enablement technologies as well as security controls
As most security incidents are rooted in configuration gaps or maintenance issues, our continued investment in point solutions remain one of the largest factors in our inability to move quickly, while at the same time increasing our security exposure.
These point solutions also create another issue as organizations adopt an increasing diversity of SaaS, IaaS, and PaaS implementations. These large, expensive, maintenance-heavy robust security stacks that we’ve built at the perimeters of our networks lack the portability to support the heterogeneous environments we use and will use in the future. As a result of the fact that it is not practical and very often possible to leverage these solutions in cloud implementations, many organizations default to “native” security offerings. So, while an email server in our datacenters would fundamentally require mature, robust inline security technologies, providing thorough inspection of all traffic to and from that mailserver, in the Cloud, whatever the cloud provider offers (SaaS or IaaS) is “good enough”. So, we accept lack of thorough logging, lack of real-time data and inspection controls. We accept “good enough” in the name of simplicity. We are left with a potpourri of independent security controls from dozens of different cloud providers all with differing levels of controls and capabilities. Predictably, our visibility is reduced; incidence of account takeovers increase substantially (among many other security incidents) and our Operations teams struggle to manage these offerings in an effective way.
Certainly, there is a clear need for leveraging the vast increase in innovations, both in enablement technologies as well as security controls. However, a predominant focus on point solutions that solve a very narrow set of problems, will only serve to increase our operational and security issues over the longer term. What is necessary to address these issues in a more thorough way, is an increase in collaboration with existing vendors. Align with vendors that have a differentiated level of focus in the following areas: quality of security, portability of solutions between cloud (IaaS, SaaS, PaaS) and traditional datacenters, simplicity of management. In terms of quality of security, there has been a dangerous perception of commoditization among many products. These assumptions have led to real-world exposures such as full access to internet facing firewalls. These are not anecdotal, as previous years research supports meaningful differences in CVE’s among firewall vendors. Additionally, not all vendors have an equivalent level of portability and feature consistency across various cloud platforms. As this diversity will certainly increase, it is important to align with vendors that support this portability in a thorough way. Finally, focus on solutions that provide operational simplicity. If it cannot be easily managed and automated, then it will not support the scale that you will need to move quickly.