April 01, 2019
Rethinking the Systems of Cyber Security
By RJ Bardsley, Chief Strategist, Global Technology Practice
There is an old adage in the telecommunications world that the only truly safe network is one that is turned off. While this is a somewhat pessimistic view, it highlights the fact that security is about the entire system – not a single point in the system – and this perspective is extremely valuable.
Cyber security has always been important, but with the advances in 5G networks, autonomous vehicles, the cloud, and the IoT, it has taken on new dimensions. With the sheer volumes of data now part of our everyday lives, we must think of protecting networks and processing nodes as matters of national or personal security. In fact, the term cyber security may cease to exist someday, becoming instead just security, and that way of thinking will help us all.
The challenge we’re facing today is that while the nature of security has evolved, for many people, the way we think about it has not. Many of us – especially Gen Xers and older Millennials who grew up with laptops and desktops – tend to think about cyber security as a set of programs or filters that sit on a computer and slow things down. How many of you in this age bracket remember opting for extra McAfee services while setting up a PC? Or how about the warnings around a particular piece of spam email? We have extrapolated this way of thinking onto the security issues of today – securing a 5G network or a system for autonomous vehicles requires us to think in terms of systems and visibility.
Darren Anstee, chief technology officer at NETSCOUT, which provides software for networks, was quoted in a recent article saying "Security is about visibility, when you can't see everything on your network, this is when you have a problem.”
Visibility across a set of systems, showing us where and how data is being transmitted, needs to be the foundation for how we think about cyber security moving forward. This applies in both personal cyber security and much larger instances of security.
In terms of individual cyber security, newer mobile security solutions are focusing on identifying and reporting data use, rather than simply blocking specific things. Take the DTEK mobile software, for example. This Android-based security suite from Blackberry provides mobile users with a dashboard and details on what apps are accessing data and where they are sending it. Users get alerts when sensitive data is accessed, the state of encryption software, and an analysis of hardware and software components.
On a more comprehensive, public stage, those responsible for 5G networks are also taking a similar approach. Operators are moving to a virtualized software network in place of traditional hardware and routers. This enables those operators to see what is taking place in data transmission and adjust security in different parts of the network depending on what is happening.
Approaching cyber security as a set of systems focused on enhanced visibility is the
way forward. Gone are the days when we can download a security patch and relax.
Is this more complicated that we would like? Perhaps. But in balance with the
incredible leaps forward we’re taking in technology, it needs to be part of the way
we think about innovation.