BlogCybersecurity Risk & StrategySecurity Transformation
Blog4 minute read

The Time Is Now for Holistic Security

Organizations, including those in the public sector, face an increasingly fragmented and dispersed workplace, accelerated by the COVID-driven work from home phenomenon. As a result, data lives everywhere: at the edge, in the data center and in the cloud — or in motion from one location to another.

In this blog

This circumstance poses a series of interesting security challenges, as the volumes and kinds of data proliferate, the number of locations where it might reside grows and the speed and frequency at which it moves around increases. In this dynamic and complex environment, security becomes even more essential to protect valuable and sensitive data, and to provide proper permissions and access controls.

 Data at the edge

To get a sense of this tectonic shift, look at the numbers. Today, 70 percent of all data never sees a data center. Just three short years ago, data from outside the data center accounted for only 10 percent. In other words, public sector data increasingly gets generated at the edge. This might be from a hardened laptop in the field, a remote weather station or a surveillance drone. Or it could be sensor data from medical devices in a bedside instrument in a VA hospital room.

Because data is generated or acquired at the network edge, analysis must be available there, too. And it must arrive seamlessly and instantaneously, with no room for delay, friction or data losses or discrepancies. This contributes to mounting complexity, with increasing needs for security and data protection.

From an IT perspective, increasing complexity also encompasses data centers and the cloud. All equipment and devices must be secured, along with the data constantly traversing the networks that connect them.

This leads to an inescapable conclusion – security is essential to mission success and effective return on investment in people, processes, technology and data. Unless the data is sound and protected, it simply cannot provide the insights and intelligence it's meant to deliver.

 Wherever data goes, security must go, too 

Consider where modern data comes from and how it's gathered in the public sector. Intelligent devices increasingly act as data sources for all kinds of uses and applications, from vehicle monitoring and tracking systems to sensor networks in public buildings and manufacturing facilities.

From a security perspective, identifying, classifying and assessing the exposure inherent to sources of risk makes security policy and risk management possible. But too often, the focus is limited to just the devices. It's essential to account for the data they produce as well. Data compromise can lead to fines, penalties, damaged reputations and even jail time for those who mistakenly warrant compliance with various privacy, confidentiality or data protection laws and regulations.

That said, seizing control of a device could be much more threatening and dangerous than extracting its data. Think of every device like a server – it must be protected from exposure and exploits. It's no longer possible to build a wall and hunker down behind it for protection and relief from attack.

 An active, changing threat landscape requires a different approach 

The stakes are rising. Threats are escalating from theft of information to loss of function. The key is to understand the threat landscape and the precise array of active risks. Any device can provide a point of intrusion and entry. Now consider the cloud, where virtualization means one physical device can be home to thousands of virtual devices.

The economic impact of cybercrime could reach $6 trillion this year, according to the Herjavec Group's 2020 Official Annual Cybercrime Report. Because threats can target any and all devices, safeguards require a holistic approach to security.

 Build security into everything

Companies like Hewlett Packard Enterprise understand the stakes and build security into everything they produce. This mindset has become imperative, because security at the edge doesn't protect the core, and vice versa. Communication security must account for every port, socket and interface (both physical and virtual, including APIs and frameworks) for all devices involved.

Security plays a role at each layer of the protocol and application stacks, extending from silicon to apps, applications and services. It also applies everywhere, from the edge to the cloud to the data centers and all the links that bind them. People and processes must be in place to manage and react to security threats when, and as, they occur.

"We use secure product development tools and tech­niques and perform security assessments throughout our entire product and platform lifecycle processes," said Tim Ferrell, Distinguished Technologist in the Security, Risk and Compliance Practice at Hewlett Packard Enterprise. "This approach lets us make sure security is baked in and vali­dated throughout entire infrastructures and networks."

Security cannot be an afterthought or infrastructure add-on. The entire continuum of public sector operations, from on-premises to the cloud, must be secure. Holistic security is both relevant and essential, and its time has come.