In its latest security report, “Managing cyber risks in an interconnected world,” PricewaterhouseCoopers (PwC) states that “Cybersecurity is now a persistent business risk,” making it a top priority for many enterprises. The number of security breaches is climbing, with PwC’s survey of more than 9,700 security, IT and business executives reporting 42.8 million security incidents detected in 2014, an increase of 48% over 2013. And cyber-crime comes at a high price, with a recent study by the Center for Strategic and International Studies estimating that the annual cost of cybercrime to the global economy ranges from $375 billion to $575 billion, not including non-financial indicators, such as loss of intellectual property.
And where is all of this cyber-crime originating? PwC reports that in the U.S., almost one-third of the “inside” attacks come from current employees, with another third coming from disgruntled former employees. Topping the list of “outside” attackers are faceless hackers from whom no one is really immune. The Obama administration recently reported a massive breach to its government computer systems that affected 2.15 million people, including possibly every person given a government background check for the last 15 years.
These well-publicized security breaches are putting a lot of FUD (fear, uncertainty and doubt) into the minds of businesses and individuals alike. Can a high-profile brand live down losing all of its customer data, including personal credit card information? Can an individual afford the cost and time of recovering from identity theft (an estimated average of six months and 200 hours of work)? These are all questions that haunt IT operations managers who are making critical business decisions around where to house and how to interconnect with their companies’ valuable digital assets.
Today’s enterprises need to lay a foundation for cybersecurity from the very start to create the safe infrastructures needed for digital business. Planning for this secure foundation begins with an Interconnection Oriented Architecture™ that will enable private, direct connectivity out to the edge of the corporate network, where most users are and where the majority of data is being created and accessed. By not backhauling all corporate traffic back to a central data center and eliminating the number of hops that data travels between interconnection points, you are reducing your “attack surface,” and closing down many of the openings for data to be compromised along the way.
By becoming an interconnected enterprise and putting your security services proximate to users and data, you can achieve greater protection on multiple fronts. In addition, by keeping data close to where it is being accessed by the most users, applications and analytics, your company can more easily provide private connectivity for the “last mile” and maintain country- and industry-specific data residency and compliance requirements.
When using an Interconnected Oriented Architecture approach, external attacks are localized and contained at the edge. All flows can be compartmentalized and traffic policy inspected at all interconnection points bi-directionally, capturing internal attacks as well (essentially a trust nothing model). This way, the right size and level of security controls are in the most effective places to embed security end-to-end. With an Interconnection Oriented Architecture, information security adopts an interconnection view rather than just a perimeter view – with security embedded in all communication streams at scale, over private dedicated networks. This is not only more secure overall, but also more easily extensible when the enterprise adds more cloud providers and or interconnects with new partners.
Enterprises have become heavily dependent on the public Internet as the way to pass corporate traffic back and forth between employees, partners and customers. In particular, it has become the most common path for accessing cloud services today. However, the extremely open, public Internet is typically where most hackers gain access to sensitive or private data, and how many of the most publicized breaches have occurred. Bypassing that unsecure route and directly and privately connecting to cloud services can remove the entry point for many digital breaches.
By adopting a more direct and secure interconnection strategy, organizations can proactively thwart many harmful security attacks. For example:
- North Cumberland Country managers secured their most sensitive data, including individual information and records that are subject to strict privacy laws (i.e., HIPAA), in a private storage infrastructure and directly connected that data to a secure, replicated disaster recovery environment in the cloud.
- In the Netherlands, a consortium of Internet service providers developed a nationwide denial of service (DDoS) solution based on an interconnected, hybrid solution from various security vendors.
Laying a solid foundation for cybersecurity based on an Interconnection Oriented Architecture enables you to maximize and optimize the protection of your digital business from the inside out.
Why become an Interconnected Enterprise? Learn more:
Growth Through Digital Transformation and Interconnection