The ever-evolving cyber threats are causing agencies to more than just change their defense strategies. The move to zero trust requires a whole new level of thinking.
That change of thinking revolves around people, process and technology.
Agencies are moving away from one and done type products and toward a more holistic approach to cybersecurity.
Gone are the days where agencies are buying tools to solve a single challenge. Zero trust and advanced cyber approaches require agencies to use integrated platforms to improve their ability to beat back the bad actors.
Drew Epperson, the vice president of federal engineering at Palo Alto Networks Federal, said the broader use of cloud services is opening the door wider for agencies to rationalize and consolidate cybersecurity tools across their ecosystem.
“We all realize that the attack service keeps changing and the adversaries keep evolving. So we keep creating things in the industry to close out those gaps. Eventually, you hit this inflection point where people don’t want to have 15 agents on an endpoint or 35 network security vendors sitting at the perimeter or internal in their data center,” Epperson said on the Innovation in Government show, sponsored by Carahsoft. “I think Gartner and Forrester, whichever one you want to follow, all are recognizing that, especially in cloud, instead of launching all these different cloud security focused platforms, they now just have seen an app as the super set of capabilities that are there. They’re essentially taking vendors and saying, ‘if you want to compete in the cloud space, you really need to have a complete offering around a platform that secures all things cloud.’”
Epperson said agencies have spent years building their security toolsets, both inside their network and security operations center, but also now through disparate cloud instances.
Turning on cyber capabilities
Now many agencies, and really all organizations, are spending a lot of money on disparate products that struggle to integrate and are inconsistent in applying policy rules across the network and applications.
Epperson said the move to cloud-native platforms that can work across all cloud platforms will bring a plethora of capabilities from container security to data governance to infrastructure-as-code.
“Now it’s how fast can you turn on those features on the platform to address those new security concerns compared to the 15 to 18 different startups spinning up at any one time and buying all of them so that they each individually do their one niche thing,” he said. “I just don’t think that’s going to be the way that the industry moves going forward, and we can see that by Gartner qualifying what a cloud native application protection (CNAPP) is, which is all things you need for cloud, and then rating people on their ability to deliver all of them, not just one portion of them.”
There are several benefits to moving toward a cyber platform approach.
Epperson said agencies will save money, both because they will not have to buy and maintain an assortment of tools and around training employees to manage and use the tools. He said with the zero trust mandate, agencies will get a consistent enforcement all the way through the digital transaction.
“That becomes increasingly hard when you have five or six things on the endpoint or 10, 15 or 20 things on the network,” he said. “I think we’re getting to the point where people just want consistent policy enforcement, regardless of who the user is, what device they’re on, where they’re going or what application they’re engaging with in order to deliver on platforms that provide a more efficient and a more streamlined and consistent way to do it.”
For example, Epperson said agencies are spending $15 or $20 a month for a subscription for many of these tools that they are using only occasionally. If they pivot toward a platform approach, the capabilities are turned on or off as the threat changes and new capabilities are added to address emerging threats or risks.
Opportunities to modernize more than just cyber
“I think that tool rationalization is not only something that naturally happens, but it’s also something that I think is appropriate and probably good for organizations to consider on a regular basis. What are we spending? What are we getting out of it? And then how do we convert that if there’s a better way to optimize that spend into something that can provide us more at a lower cost?” Epperson said. “Over the years, we’ve found ourselves in scenarios where we’ll be talking to customers and partners, and they’ll say something like, ‘we know we need to get off this platform, but that platform is integrated into these mission-critical applications. And there’s a little bit of concern and risk about migrating away from it just because we don’t necessarily know all the ties into it that we might even have.’ I think one of the things that we’ve tried to articulate to people is that anytime you have a modernization or a transformation project where you’re building something new, creating new applications, migrating legacy systems to the cloud or a hybrid data center, those are usually good times to reevaluate instead of bringing the legacy security infrastructure with it.”
He added agencies can pivot some of their current security investments into platform-centric tools where over time, they dial one side up and the other one down.
Agencies also can accelerate the use of automation and orchestration tools through the platform approach.
Epperson said by enabling simple policy configurations, they could protect 60% to 70% of the threats that agencies face every day.
“I think the guidance to anyone who has an investment in a platform is look to that platform to tell you how it should be used best because most of them have data and telemetry in them that will tell you exactly what you are using and what you’re not using, and how the gap between the two could be activated at low to no cost and then drive a better security outcome,” he said.