The challenges of securing the modern enterprise [Q&A]

In recent months there have been many high profile attacks using ransomware and other techniques, against businesses.

But why has there been an apparent upsurge in attacks and what should enterprises be doing to keep them selves safe? We talked to Lynx Software Technologies' vice president of product management, Pavan Singh to find out.

BN: Why are we hearing so much about security breaches right now?

PS: In his recent post on BD Techtalks, Deepak Gupta provides an excellent review of good practice in relation to maintaining the security of endpoints. However, much of this relies on staff following the training and advice they have been given when they are working unsupervised out of the office environment. The global pandemic forced organizations to quickly quarantine workforces and scramble to create work-from-home models. I believe that cybercriminals see a remote, distracted and vulnerable workforce as opportune targets.

According to a survey we ran in Q1 of 2021, nearly four in 10 people had, or knew someone who had, been impacted by a cybersecurity attack since the start of COVID-19. These attacks have become more sophisticated, and the impact and ramifications of each are becoming more pronounced.

BN: Clearly traditional approaches to security are failing. What is needed beyond this?

PS: Traditional operating systems such as Windows, MacOS or Linux/Android are inherently vulnerable to cyberattacks. The combination of security updates, anti-virus software and good practice are not sufficient to protect the endpoint, especially in a high threat environment. Traditional IT endpoint security solutions rely on either patching the endpoint OS or anti-virus applications that run on the endpoint OS. Either way, a compromised OS allows the threats to gain full access to the endpoint. This limits the usefulness of laptops and tablets, as the sensitive information could be compromised as soon as the endpoint is connected to the outside world. An enterprise must ensure that its data is protected wherever its employees are working from. VPN functionality and, potentially, the inability to copy sensitive files onto USB sticks should be unchangeable by the user. Yet, the employee should be able to do personal work using the same system without those restrictions being in place.

BN: Is this challenge limited only to traditional IT equipment?

PS: No. Critical infrastructure is one area being targeted. February's hack of a water treatment plant in Florida -- where a hacker was able to adjust the level of sodium hydroxide being added to the water supply -- was discovered by a worker who noticed his cursor had been moved without him doing anything. While some people argued that the company's security policies had worked, to me this feels like a bullet was dodged.

The Colonial Pipeline breach in May is another example. One of my primary mantras over the past decade has been that just because devices can connect, it doesn't mean they should. The benefits of having a device connected, versus any potential risks incurred if and when the network gets breached, have to be seriously weighed. In my opinion, there will be times where the value of the assets and the IT capabilities of the organization are such that the cons of connectivity outweigh the pros. I believe that the cybersecurity situation will get worse before it gets better. This is due In part because of the shift to a hybrid environment for many workers.

BN: So how should businesses approach things differently?

PS: What is needed is a software architecture that offers an isolation environment that prevents threats from accessing the sensitive data even when the endpoint has been compromised. Secure systems should be conceived as distributed systems in which security is achieved partly through the physical separation of their individual components and partly through the mediation of trusted functions performed within some of those components. Effectively, secure virtual enclaves, established using virtualization, need to be created in which operating systems, applications and security functions can execute. Simply put, the control of how a machine's resources are allocated and secured, is separated from the operating system. This turns the endpoint from a point of vulnerability to a point of protection.

The choice of hypervisor technology is important. Some of the embedded ones are still founded on an underlying operating system, which means if they fail, then the whole system can crash. We have also seen variants which allow root log-ins. The minimally configured hypervisors that effectively assign resources to the various VMs immutably (i.e. so they cannot be changed after the system has booted) and then get out of the way, is really the path forward.

BN: Is there something we should be doing today to ensure a more secure enterprise in the future?

PS: In order for us to ensure a more secure enterprise tomorrow, we must enable organizations to combine traditional operating system experiences with strict security measures required for remote work today.

Technologies such as laptops, phones and tablets should be able support these configurations to give corporate IT users broad choices. As these technologies evolve and the organization scales, it'll be important that it will still be able to take advantage of these enhanced security configurations. For government agencies, it'll be paramount that these technologies follow Commercial Solutions for Classified (CSfC) strategy and other regulations to provide the security levels needed for handling highly classified information.

Image credit: Wavebreakmedia / depositphotos.com