Support 110 years of independent journalism.

Advertorial feature by VMware
  1. Spotlight
  2. Cybersecurity
3 May 2019updated 08 Sep 2021 11:08am

An intrinsic approach to cyber security.

If you want cyber security to work, it needs to be about fewer products delivering more value.    

By Jordi Ferrer

The government’s recent Cyber Governance Health Check revealed that boards at some of the United Kingdom’s biggest companies still don’t fully understand the potential impact of a cyberattack. That’s a huge problem and in many ways surprising considering the air time and column inches given to hacks in recent years.

With over £100bn forecast to be spent on security platforms globally by 2022, the challenge is to ensure money is spent well and not just on adding more products to an already complex security infrastructure. Between 30 and 80 different security tools are typically used by companies each day. This is in stark contrast with other IT priorities where consolidation has driven efficiency and value.

Over the past decade the security market and its customers have focused on reacting to a sophisticated threat landscape, with little done to help companies reduce their attack surface. Rather than enforcing “known good” behaviours, organisations are chasing threats, adding more needless tools and focusing on the “bad” in a battle they can never win.

There is also an issue in the way organisations build infrastructure, without regard for the types of applications it will support, the architecture and means of user access. Cyber security is too often an afterthought, involving many products, tools and interfaces, and the associated management complexity.

With the ubiquity of web and cloud applications, and services now used, businesses are also struggling to fill positions that require security expertise. With 3.5m open security positions globally, the gap between the demand and the supply of suitably skilled workers is vast.

Select and enter your email address Your new guide to the best writing on ideas, politics, books and culture each weekend - from the New Statesman. A quick and essential guide to domestic politics from the New Statesman's Westminster team. A weekly newsletter helping you understand the global economic slowdown. The New Statesman’s weekly environment email. Stay up to date with NS events, subscription offers & updates.
  • Administration / Office
  • Arts and Culture
  • Board Member
  • Business / Corporate Services
  • Client / Customer Services
  • Communications
  • Construction, Works, Engineering
  • Education, Curriculum and Teaching
  • Environment, Conservation and NRM
  • Facility / Grounds Management and Maintenance
  • Finance Management
  • Health - Medical and Nursing Management
  • HR, Training and Organisational Development
  • Information and Communications Technology
  • Information Services, Statistics, Records, Archives
  • Infrastructure Management - Transport, Utilities
  • Legal Officers and Practitioners
  • Librarians and Library Management
  • Management
  • Marketing
  • OH&S, Risk Management
  • Operations Management
  • Planning, Policy, Strategy
  • Printing, Design, Publishing, Web
  • Projects, Programs and Advisors
  • Property, Assets and Fleet Management
  • Public Relations and Media
  • Purchasing and Procurement
  • Quality Management
  • Science and Technical Research and Development
  • Security and Law Enforcement
  • Service Delivery
  • Sport and Recreation
  • Travel, Accommodation, Tourism
  • Wellbeing, Community / Social Services
Visit our privacy Policy for more information about our services, how New Statesman Media Group may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications.

Enforcing “known good”

Companies should look to shift their cyber security strategy from reactive to preventative, an approach that enforces the “known good” of application behaviour – known network traffic, what systems should talk to each other, how application code is behaving. It is far easier to identify the “abnormal” if you know what “normal” looks like.

Companies also should align their cyber security strategy to applications and data, rather than tethering it to infrastructure and endpoints, changing the focus to what matters most, and drastically simplifying security efforts.

The only way to effectively do this, and continue to allow innovation to thrive, is to make security intrinsic, being built in not built on, from endpoint to the cloud, with complete visibility of applications, users and devices to shrink the attack surface. This can be done using intelligent automation, which adapts policy as needed and optimises resources, allowing cyber security experts to focus on delivering value.

Being proactive

Security in its current form is simply not working. To take the advantage back from the attackers, companies must take an intrinsic approach to cyber security. Only by locking down the “known good” can business leaders hope to traverse the security silos haunting their operations today and gain the upper hand.

Jordi Ferrer is vice president and general manager for UK and Ireland at VMware.

Topics in this article :