Gary brings to his role over 22 years in the security sector. He grew up in Scotland, lived in Australia, and is now based in Singapore. In his free time, he can be found out running the humid streets of Singapore or climbing a mountain somewhere around the world.
In this interview, Gary Gardiner discusses everything from how business risk profiles have changed, to opportunities for security simplification, to achieving security success in an evolving threat landscape. This interview provides premium cyber security insights.
In the last year, how have businesses’ cyber risk profiles changed?
Over the last year, we have seen a dramatic shift in the way that organizations have had to look at their risk profiles. What we have seen is that organizations have moved to remote working and did so at a very quick pace. This transition meant that organizations implemented new systems at lightning speed and outside of their normal change process. We are seeing organizations now looking back and reviewing what went well, what can be changed, and we’re seeing that organizations are looking to change policy and guidelines to meet this new risk profile.
What kinds of discussions are organizations having around security?
Firstly, organizations are looking at remote work as a long-term prospect; not just a temporary solution to handle pandemic-related problems. Secondly, and as a result, we have seen more organizations engage in discussion around zero trust and how it can be implemented in the new work environment. Organizations are looking at how security was implemented in the data center; how and if this can be directly translated.
How can organizations simplify their ecosystems to make risk more manageable?
Implementing unified solutions is key to making the security ecosystem more manageable. Many organizations have multiple security vendors in place within their environments. Most security tools, if not all, will not interact with each other. When I talk to customers, I have discussions around cyber resiliency. Typically, when they introduce a new security platform or service, I discuss how this adds to their security capabilities. I not only discuss the initial problem the new security platform or service solves, but also how it interacts with their security ecosystem and strengthens it.
Organizations tend to add to security when an event happens and when it’s a quick fix for a specific problem; new tools or platforms aren’t necessarily part of a larger strategic approach. Using systems that talk to one another, share information, and take action to mitigate risk as a whole via a single policy can simplify and increase an organization’s capability to mange risk well.
How can automation offer new opportunities to simplify security?
We are seeing the development of automation in the security space. Looking at what has been done so far, we are looking at the classification of assets on the network tied with their function to provide an agile security policy that allows for a system to make automated decisions based on a defined policy. However, this does depend on an organization understanding the function of the asset and what it needs to access. In the cloud, this is far easier, as workloads and containers are, by definition, more agile, and security has adapted to this DevOps environment. Scanning of code in development, looking at cloud communication, and an understanding based on risk and threat analysis to discover threats, is now a reality in the agile cloud environment.
Anything else that you wish to share with the Cyber Talk audience?
I would add that, despite the changes we have seen over the last 20 months, the fundamentals still stay the same; the way that we have to address them has changed. Focus on strong authentication, zero trust and data security. Focus on your cyber resiliency, ask yourself the question ‘When doing this, what and how does it increase my security overall?‘
Discover more cutting-edge business and cyber security insights when you sign up for the Cyber Talk newsletter.