Cisco told how to protect cloud users, how “engineering chaos” is useful and what we can expect from 2022.
On December 20, Cisco organized an online briefing for journalists on the results of 2021 and the prospects for 2022.
Cisco regularly conducts customer surveys and prepares analytical materials based on the results obtained. Most recently, the company released two new big reports: Security Outcomes Study Volume 2 and 2021 Global Networking Trends. The first analyzes what happened during 2021 in the field of information security, the second describes global trends in networks.
“Once upon a time, we had huge reports of over 100 pages. Then it became clear that many people are not very comfortable using such reports, so a couple of years ago we switched to topics that reveal a specific issue or task, – says Honored Cisco Systems Engineer Mikhail Kader. – At the same time, a lot of approaches and technologies in providing information security are being discussed. But if you look at them carefully, we will see that some of them are purely marketing, while others really work. ” According to him, the Cisco survey was conducted among those who are actually responsible for the operation of information security systems in their organizations. More than 5 thousand respondents from 27 countries took part in this survey, and there was no division by industry; specialists from government agencies and industrial enterprises, the oil and gas sector and education were interviewed. There was also no special sampling by the size of the organization: there were both huge global world corporations and small organizations operating only in their own region. Cisco was tasked with preparing the most independent study and drawing conclusions from its results.
Security Outcomes Study Volume 2 focuses on five core practices in information security, including proactive systems management, efficient solution integration, timely response, rapid recovery and accurate threat detection. The combination of all five elements, according to the survey, significantly increases the level of security in the enterprise.
Cloudy future
Today, more and more companies are migrating to the cloud. A prime example is the ubiquitous use of Office 365 or hosting custom directories in Microsoft cloud services. Accordingly, information security is gradually beginning to move into the cloud. A platform approach is being formed that can provide a unified management of all information security systems. According to Cisco, the platform strategy creates closer integration and interoperability of information security solutions. The survey found that if a customer is targeting a single platform-based security vendor, the chances of a successful implementation of a fully-featured, integrated solution are dramatically increased. The platform approach seven times increases the likelihood of effective automation of information security processes. Mikhail recalled that quite recently there was a flurry of problems related to the discovered vulnerability in the Apache web server, which is used by a huge number of different organizations around the world, and many companies, naturally, began to quickly eliminate vulnerabilities. But the fastest way to eliminate them was in cloud services, which means that all users of these services were protected. While dozens and hundreds of on-premise solutions have faced significant challenges, cloud technologies have provided an opportunity to defend against threats faster and more successfully.
Threat analytics
In order for information security at an enterprise to work more efficiently, integration between people, processes and technologies is needed. According to the report, such a combination increases the level of information security by 3.5 times.
Companies using threat intelligence, such as Cisco and other vendors, are twice as likely to talk about effective detection and response systems. Let us add that those who do not use analytics, nevertheless, are confident in their safety, acting on the analogy “the less you know, you sleep better.” However, according to Mikhail, as a result, such customers in the event of an incident cannot understand what happened. Mikhail is sure that the level of awareness allows increasing not only the level of anxiety of information security specialists, but also the level of security of enterprises.
Different approaches
Both in IT and information security, there are great difficulties with qualified personnel: there is a sorely lack of specialists in the market. Therefore, while some companies can afford to maintain a staff of specialists, others turn to external contractors to offer security management services, and still others use a mixed approach. According to the report, those who do it all are 75% satisfied with the result, those who outsource are 89% happy with the solution, and the mixed approach scored just 56%. Why? According to Mikhail, this may be due to the latter’s misunderstanding of their tasks and the wrong distribution of responsibilities.
Cisco gained interesting insights by investigating the speed and response to incidents using all three approaches. Nobody succeeds quickly. On average, companies with their own information security staff detect threats within 6 days, with a mixed approach, the time increases to 7.5 days, and outsourcing firms respond only after 13 days. And it makes sense to take these data into account when choosing an information security management model. Mikhail believes that automation helps to avoid outsourcing: programs that combine automated processes and skilled personnel ensure the successful detection and reflection of threats by 95%.
Recovery and resilience of IT systems
Cisco recommends that you regularly conduct and test various failure scenarios, taking into account all possible consequences before testing. Regular rehearsals, according to a Cisco study, increase recovery efficiency by 2.5 times. Another point that may be of interest to security personnel is the creation of an accidental failure, the so-called “engineering chaos”. There are many failures, and it is not always possible to calculate them, so organizations that use the “engineering chaos” standard are twice as likely to achieve a high level of security.
World security
America, Asia, Europe, the Middle East and Africa were selected for the study. According to the Cisco report, the results are more or less the same for different countries, but there are also differences. All regions are beginning to actively use consolidated cloud technologies, all enterprises are updating and increasing their IT infrastructure. However, the single-source approach is more advanced in North America, with 70% of companies using it. The figures are about the same in Europe and Asia, and the Middle East is not far from them. But Europe, Africa and the Middle East lag behind America and Asia in terms of the implementation of integrated information security solutions.
A significant disadvantage is that with a lack of qualified personnel, the ability to ensure maximum security of systems is reduced. If in America and Asia the security indicators reach 82%, then in Europe they fluctuate around 67%.
At the same time, companies that have implemented Zero Trust (a “zero trust” model) or SASE (cloud-based information security services) rate the effectiveness of information security management more highly. Asia is leading in the use of Zero Trust and SASE, with Indonesia, India, Singapore and Saudi Arabia topping the list. Russia is at the bottom of the list, and this may be due to the fact that companies offering Zero Trust and SASE solutions are locating their data centers outside the Russian Federation.
In general, judging by the answers of the respondents, Saudi Arabia, China and Indonesia rate the general level of their security the highest. Russia is in fifth place, and cybersecurity specialists from Germany consider themselves the most vulnerable. Perhaps this is due to the growing level of threats and high demands on their competencies.
The future of networking
In the second part of the briefing, the Director of Digital Architectures for Cisco in Russia and the CIS, presented the Cisco Global Network Trends in 2022 report. Like the 2019-2020 research, it is based on surveys of IT leaders and professionals around the world. Previous reports have focused on the evolving role of network infrastructure and its capabilities for business continuity. According to Dmitry, it is now moving towards the cloud, and therefore the current study, which interviewed 20 CIOs of large companies and 1,500 IT professionals from dozens of countries, is looking at the growing relevance of NaaS (Network as a Service). Naas is a logical continuation of Platform as a Service (PaaS), Infrastructure as a Service (IaaS) and provides the ability to manage network services for business applications without owning and maintaining your own network infrastructure. Such a service can be provided by both cloud storage operators and those who provide access to them.
The most common network problems were cited as responding to disruptions (45%) and adapting to new business needs (40%). One of the ways to increase the resilience and flexibility of the network infrastructure is to implement Naas. It becomes easier and more understandable for companies to work with such a solution, it frees up resources of IT departments to implement innovations, 46% of respondents support the transition to such a model. In addition, Naas allows for faster response to disruptions and increases the level of adaptability.
But the main advantage of the architecture is faster access to the latest technologies. “It is easier and easier for an operator providing NaaS to innovate than for a single company,” Dmitry Shuster is convinced.
However, every coin has two sides. NaaS is effective when it helps maintain the level of network services, so the operator must be able to meet the customer’s needs in the required network infrastructure. Since the market will soon expect a lot of offers from different companies, Dmitry recommends a very balanced approach to the choice of your operator. In addition, customer representatives have concerns about the potential cost of the service and the loss of control over security (26%). The respondents are also worried about the threat of potential disruptions when switching to NaaS (28%).
So, on the one hand, network as a service opens up interesting horizons, on the other, it requires IT professionals to have a high level of understanding of business processes. At the same time, 75% of companies believe that NaaS will provide IT departments with the opportunity to increase their competencies.
According to Dmitry, there are different ways to start implementing the network as a service architecture, but the logical step at the first stage will be the implementation of the Secure Access Service Edge (SASE), since the end devices in the customer’s network must be correctly configured in terms of information security.
Technological forecast
What awaits us in 2022? The first key trend is hybrid work, which is becoming the new norm for employee interaction in the organization. It is predicted that 98% of meetings will include at least one remote participant. And to make this interaction effective, you need the appropriate tools – both those that serve to connect remote people, and those that provide them with the necessary comfort. We add that Cisco offers a wide selection of such devices.
The second trend is the growth of data and the associated role of analytics. The classical approach to working with data is becoming outdated, it does not allow to quickly analyze constantly updated information, therefore, it is being replaced by the reform of the network border. New network boundaries must preprocess the received data in order to speed up the response towards applications. At the same time, the applications themselves will change towards edge services to speed up their work.
The third trend is related to the growing role of artificial intelligence. Its work must comply with the norms and policies of organizations and governments around the world. “It is important that clients understand how the information they send will be processed and what conclusions will be drawn from it,” says Dmitry Shuster. In this vein, information security is of great importance.