Now Is the Time for Radically Simple SecurityTaking Complexity Out of Tools, Working From Home, and Passwords
Security is too complex. We've heard that for some time, and the events of the last year have made it more relevant. Suddenly, we have employees working from anywhere, connecting to unsanctioned cloud applications and using personal devices to access the network. All this has made it difficult for security teams to secure the enterprise. At the same time, employees are feeling the burden of security, with technology that creates friction and slows down business productivity.
The security industry charged with protecting customers' most important assets must evolve to meet the demands of this new world while providing security that is radically simple to use for both the people who manage it and the end users.
Complexity Itself Is a Vulnerability
At a time when the security industry continues to expand and companies are spending a larger portion of their IT budget on security, not a day goes by without another news story of a company being breached.
For a long time, security has largely been piecemeal, with companies introducing new point products into their environments to address every new threat category that arises. As a result, security teams that are already stretched thin have found themselves managing massive security infrastructures and pivoting between dozens of products that don’t work together and generate thousands of often conflicting alerts. In the absence of automation and staff, half of all legitimate alerts are not remediated.
This is driving the need for massive simplification in which customers move from point products to a platform approach. In doing so, products share intelligence and work together. Customers can also realize the benefits of automation by investigating and remediating with the click of a button instead of spending hours or days trying to determine if there is a real threat and what action needs to be taken.
We found that when organizations adopt our Cisco SecureX platform, teams can save an average of 100 hours by enabling better team collaboration. SecureX also reduces the dwell time for attackers by 72% by automating the investigation tasks and shortening the amount of time spent on threat hunting and compliance.
Simplifying Networking and Security
The pandemic ushered in a new way of working. While we will eventually return to the office, the reality is that the hybrid work environment is here to stay. People will continue to work from home some days, use devices that are both personally owned and corporate issued, and use apps that reside in the cloud. While greater flexibility is a net positive for employees and increases productivity for organizations, it also expands the attack surface and adds complexity across IT, security and networking teams.
To address these challenges, the concept of Secure Access Service Edge (SASE) has emerged. This approach converges networking and security functions in the cloud to deliver seamless, secure access to applications, anywhere users work. But moving to the cloud is not a panacea, and a lot of models just shift the complexity there. For a truly simple experience, a SASE architecture must completely integrate networking, client connectivity, security and observability capabilities into a single subscription service.
With such a unified solution, customers gain operational efficiencies by simplifying deployment, management, and policy enforcement across all environments.
Simplifying Passwords by Eliminating Them
Finally, it is no secret that passwords can be a real headache. Over time, we have created hundreds of them, which are hard to remember and can be easily compromised. Furthermore, passwords are cumbersome and costly for the people who manage them. Each year, U.S.-based enterprises allocate over $1 million to password-related support costs.
Fortunately, there is a better way forward by using a solution referred to as passwordless. This method of authentication does not rely on passwords but instead uses biometrics such as Touch ID, Face ID, security keys or specialized mobile apps such as Cisco Duo to verify identity. This type of verification fits seamlessly into the way employees work, and a 2020 Duo Trusted Access Report found that 80% of mobile devices used for work have biometrics configured.
While it is still the early days for passwordless, the future is bright. Organizations that employ it can provide their employees with a frictionless login experience while reducing administrative burden and overall security risks for the enterprise.
Complexity is a vulnerability that must be solved if security teams are going to be successful. Simplicity is the key to improving security outcomes in a dynamic world in which change is always right around the corner.