Moore's Law is the observation that processing power for computers doubles every 18-24 months. The microchips that power technology have improved at an exponential rate, making compute power and storage exponentially more powerful and less expensive.
This exponential growth has resulted in tremendous leaps forward in how the Internet is used by individuals, organisations and businesses. The current problem, however, is that while IT has scaled and made tremendous advancements over the last decade, security continues to lag behind.
Alex Stamos, CISO for Yahoo, recently wrote that he believes that the security industry is failing. The issue is that most of the security industry still wants to sell 'solutions'that don't meet the modern demands of scale, automation and efficiency. IT creation and development is now virtualised. Compute power and storage is a commodity. But hardware security devices, agent-based solutions and manual processes aren't practical at scale, Stamos points out.
For the most part, many security vendors believe that IT departments want to run another agent on their Windows laptops, that production engineers are willing to put a cheap Lintel 1U security device in their critical path, and that every company's security team is staffed like a Top-5 bank. These assumptions are not true. Companies across the world are waking up to the fact that their security posture is insufficient to fend off the threats that breached Sony, Anthem and JP Morgan Chase, and we can no longer build products like it's 2005.
The fact is that many security vendors have built technologies around a defensive perimeter. But times have changed; businesses now operate across the Internet and data doesn't sit nicely behind a walled garden anymore. The next generation of security solutions needs to address problems being created today, not yesterday.
Online channels between businesses and their consumers are operational pillars. Losing the channel could have devastating consequences, but so could compromised security. The Internet has scaled so rapidly that many security controls are well behind the threats.
So what do you do as a business? How do you prevent malware from turning your websites against you? How can you ensure the client-facing code on your website isn't flashing like a beacon out to the bad guys or redirecting visitors to malware-infected infrastructure? How many infected URLs are interconnected with your website right now? Are you sure the digital ads running on your websites are safe?
The technology revolution continues to scale at exponential rates. Businesses have become forward-thinking and agile when it comes to the internet but have lost focus on the security risks. The very channels your business uses to interact with its customers are under attack, and this is all happening outside of your control. It's time to do something before it’s too late.
It's safe to say that if your budget is devoted to 10-year-old technologies designed to fix the same flaws they have been addressing for years, then you're in trouble and something needs to change. New technology designed to operate at the scale of the internet provides clear visibility into the areas where customers are at risk.
By enabling organisations to build controls outside of their walled fortress, it will make meaningful improvements in the security of not only the company, but its employees and customers too.
Ben Harknett, Head of EMEA, RiskIQ
Image credit: Shutterstock/Tashatuvango