Here’s how we fix the broken IT security industry

Posted on 05/09/2019 by charlene
DISCLAIMER: this article is older than one year and may not be up to date with recent events or newly available information.

By Sylvain Cazard , VP EMEA, Software Defined Datacenter, Networking & Security.

Despite the rapidly accelerating focus on IT security in the industry, our recent study with Forbes Insights found that only a quarter of business leaders across EMEA are confident in their current cyber security, and less than a fifth (18%) are confident in the readiness of their people and talent to address security concerns.

This is most certainly not down to a lack of investment – 83% of businesses are increasing the purchase or installation of new security products in the next three years. IDC forecasts worldwide spending on security-related hardware, software, and services will reach $103.1 billion in 2019, an increase of 9.4% over 2018. Yet, we are seeing more security breaches with ever more serious consequences. According to the EU, the economic impact of cybercrime rose fivefold from 2013 to 2017.

So, this questions whether people are investing in the right IT security.  Given the increasing sophistication and complexity of modern infrastructure, the movement of data across multiple clouds, and the connections of billions of devices, the issue is that security strategies have largely remained the same.  What enterprises really need in a digitally transformed world is a radical rethink of the way we approach securing our data, applications, networks and ultimately our organisations as a whole.

So, what needs to happen?

Moving away from a reliance on reactive threat detection only

Historically, this is where security spend has always been. Our own analysis suggests 80% of enterprise IT’s investment in security goes on purely reactive measures, and it’s also where 72% of VC funding[i] in security start-ups goes. More than half (54%) of respondents to the study plan to spend more on detecting and identifying attacks trying to use the same old legacy technologies.

If you’re continually trying to chase the next threat, then you’ve almost certainly already lost the battle. Cyber threats are evolving so rapidly that trying to recognize what the next one looks like out of an almost infinite set of possibilities is like looking for a needle in a haystack. There needs to be a shift away from trying to prevent breaches at all costs as the sole tactic. With the inevitability of perimeter security breaches a reality, we need a more pragmatic approach: in the modern world, what matters more is how quickly we can detect breaches and then how fast and how effectively we can take mitigating action to prevent business-damaging consequences. There needs to be more focus on those measures that reduce the attack surface area in this way.

In short, continue to invest in detection but invest much more in prevention.

Increase the focus on applications

You’d be hard pressed to find a security product that doesn’t claim to be ‘application aware’, but what does that actually mean?

Knowing more about the known good of application behaviour becomes critical. You can better understand the 50 things that should be happening rather than trying to protect against the infinite number of things that shouldn’t be. Security is about understanding how applications do and are supposed to work, so that they can operate effectively.

Make security intrinsic

Our research found that over 55% of businesses have 11 or more security products, with nearly half of them having products delivered from 11+ vendors.

To avoid the complexity of having to manage and integrate too many products and vendors, what if, instead of bolting on more products, we took a step back and looked at how we use what we already have in our operations to secure the organisation?

This approach isn’t about another product you buy, install or operate, or an agent you have to install and manage. It’s foundational software that you are already using, common across apps and data, wherever they reside.

By making the network itself secure – the single common element that touches everything in the infrastructure – it opens up the intriguing possibility of bestowing security upon all other elements in the infrastructure. In other words, we make the infrastructure ‘intrinsically secure’. IT security and the network are converging rapidly. Deploying ‘virtual cloud networks’ built on this principle gives enterprises a universal, secure networking fabric that’s more efficient and easier to manage. As it’s implemented in software, it’s also possible to automate its operation, freeing up your people to focus on tasks that add greater value to the business.

A multi-layered approach

What these three strategies do is to introduce a new, multi-layered approach to IT security – one that puts proactive prevention alongside threat detection, that puts the lens on the known good of application behaviour, and that uses the benefits of cloud infrastructure to protect the organisation.

Unfortunately, in today’s increasingly connected world, security breaches are a fact of life – when, not if. We need to frame the new security around this inevitability, and in doing so, we can improve confidence in our security policies and procedures, cut down on unnecessary spending, and greatly reduce the damage that cyber-threats can cause.

To discover the full EMEA executive summary from the VMware/Forbes Insights survey, download the executive summary here.


[i] 2018 Cyber Defenders Report and 2017 Cyber Defenders Report, CB Insights (2019 and 2018)

Category: News

Tags: , , , ,

Related Articles

Posted on 15/01/2020 by charlene

Deutsche Telekom’s Dirk Eckert Harnesses Digital Disruption

VMware’s Agents of Change initiative celebrates technology leaders who challenge the status quo. By harnessing the power of digital transformation, they create unlimited possibilities for their businesses. Here’s the next technology leader in the Agents of Change series: Dirk Eckert, managing director of Deutsche Telekom individual solutions and products.   Deutsche Telekom is Europe’s leading […]

Posted on 05/09/2019 by charlene

Ten reasons why you shouldn’t go to VMworld this year

VMworld is fast approaching. In just over two months VMworld 2019 Europe will be returning to Barcelona on 4th to 7th November. It’s our eleventh VMworld, and it promises to be the biggest yet. Tens of thousands of experts, thought leaders, partners, practitioners and employees, all together learning, sharing and connecting. It just sounds awful, doesn’t it? […]

Posted on 05/09/2019 by charlene

Cloud and Security Insights from Tesco

This year Tesco is celebrating its 100-year anniversary. Having begun life as a Hackney market stall in  1919, Tesco has grown to over 6,800 shops across the globe, becoming much more than the grocery chain that most of us know. As well as expanding into clothing, electronics and software, Tesco also offers financial services (Tesco […]


No comments yet

Add a comment

Your email address will not be published.

This site uses cookies to improve the user experience. By using this site you agree to the privacy policy