The security stack: an essential approach to data protection
Encryption ABC's
Multi-layered defense for your cybersecurity
In the cybersecurity world, there’s no miracle software that will protect you from every attack. Security must be provided by a series of solutions that each protect against well-defined risks. These solutions can be considered as a Security Stack. And encryption has a key role in that ecosystem.
EVERY ORGANIZATION WILL BE ATTACKED
No cybersecurity expert can guarantee 100% cybersecurity on the entire IT perimeter. Every business has been or will be trapped one day, whether they’re a small business without any protection, a large city authority or… Google.
The attack may come from a phishing campaign, ransomware sent randomly to a public company address or from data theft organized by a group of experienced hackers.
Every operating system, every firewall, every enterprise software has vulnerabilities that can be exploited by a hacker if they aren’t corrected in time. From then on, the hackers will access the company’s internal data.
Faced with such cyber insecurity, the last bastion that will prevent the attacker from using the data is encryption.
THE LIMITS OF PERIMETER PROTECTION
A very popular security model in the early days of the Internet, perimeter protection, makes little sense today.
A firewall alone is no longer enough to protect a company’s internal data. Indeed, all companies must be connected to the Internet, and must let their applications exchange data with the outside world. In parallel, the cloud phenomenon has pushed companies to adopt hybrid architectures, with computing resources consumed in the company’s datacenter, but also from cloud providers often located in another country.
IT resources are hosted both in house and in the public cloud, i.e. outside the scope of the firewall. Furthermore, many employees access their applications outside company premises.
In such an environment, perimeter protection is still needed, but is now part of a much broader protection system.
WHY DID THE SECURITY STACK CONCEPT BECOME MAINSTREAM SO QUICKLY?
Multi-layer defense, in-depth defense, are the concepts that have become mainstream in recent years. These approaches have made it possible to share certain IT resources with the outside world.
The cyber ecosystem has gradually become more complex to counter all the risks inherent to this opening up.
Faced with this inevitable expansion of the attack surface, CISOs have implemented a range of technical solutions that complement each other.
The firewall which, at the dawn of the Internet, was the essential link in the company’s protection, now coexists with a large number of security solutions.
The 2020 edition of the Oracle and KPMG Cloud Threat Report showed that 78% of the 750 surveyed companies had more than 50 different security solutions in their information systems. For 37% of them, over 100 products work together!
Experts have called this ecosystem the Cybersecurity Stack.
Every device or software provides a specific part of security and must coexist with the others.
SIEM type (Security Information & Event Management) software has even been created to collect all the events emitted by these solutions and allow a security analyst to correlate all this information to intercept attacks.
This software is now the core of security operations centers, the so-called SOCs.
THE BASIC COMPONENTS OF A MODERN SECURITY STACK
Securing a modern information system means taking action at multiple levels.
Of course, datacenters must be protected from external access with a firewall, but cloud applications also need to be protected with a WAF (Web Application Firewall).
- To detect the possible lateral movements of an attacker on the network, intrusion detectors, probes that analyze all the traffic in real time, need to be set up. Email servers are very often used by attackers to compromise user accounts: anti-phishing and anti-spam solutions need to be implemented.
- Workstations and servers, categories that are grouped under the term “Endpoint”, must especially be protected. Antivirus software is probably the best-known Endpoint protection software, but it’s starting to be replaced by EDR (Endpoint Detection and Response) solutions that implement behavioral AI algorithms to enhance attack detection.
- Encryption solutions are a key component of a cyber stack, because encryption is used both to secure data stored on the machines, which is what we call “data at rest” encryption, but also to encrypt communications. At least all personal or confidential data must be encrypted. Good practice dictates encrypting absolutely all data by default. This must be the case for production servers, storage and backup hardware, but also client workstations, in particular all laptops that might be taken off company premises and fall into the wrong hands.
DIGITIZATION PUSHES TOWARDS STRENGTHENING THE SECURITY STACK
In this cyber stack, the digitization of companies has reinforced the role of data encryption. To increase competitiveness and agility, companies have opened up their information systems even more and interconnected their applications with those of their partners. All these exchanges must be secured using end-to-end encryption, which means that only the people communicating with each other can understand the data.
This requirement is fully in line with ” Zero Trust “, the new approach that is imposing itself in the security sector. Its principle is simple: to guarantee the security of data, you should trust neither the storage hardware and providers, nor the application, nor the network that will send the data.
Encryption is one of the main ways to store, process and exchange data in a “Zero Trust” approach.
Besides this fundamental change in cybersecurity, the rise of telecommuting has put encryption
back on the map, with millions of employees using VPNs to remotely access their company’s resources.
This acceleration in the transformation of IT uses has democratized encryption for all companies and all their employees. The generalization of encryption also means a general awareness of the need to secure data. Only an effort in terms of change management will let the security stack show its everyday effectiveness.