IBM recently reported in its fifth annual Cyber Resilient Organization Report 2020 that the average enterprise deploys 45 cybersecurity tools. Additionally, enterprises using over 50 tools ranked themselves 8% lower in their ability to detect threats and 7% lower in their defensive capabilities. Having more tools is not helping. It is causing more harm.
Enterprises often deploy multiple tools in the same category because one tool handles specific use cases the other cannot.
The idea of a converged solution is Gartner's Secure Access Service Edge (SASE). SASE aims to offer four benefits to organizations that
· Reduce IT cost and complexity
· Deliver a great user experience and high productivity
· Reduce risk and fewer data breaches
· Improve compliance with broader visibility and control
SASE replaces point products such as DLP (data loss prevention), SWG (secure web gateway), NGFW (next-generation firewall), VPN (virtual private network), CASB (cloud access security broker), and Routers with services:
· Web Security
· Cloud Security
· Network Security
· Data Security
· Advanced Threat Protection
· Zero Trust Network Access
So if 50 and 45 are not the right amount of tools, how many are needed? Let's focus on one of the critical tenets of SASE or any similar architecture, data security. Let's define data security as sensitive data that should never leave the organization.
Data security has failed because it monitors data only within the deployed environments, such as network, endpoints, and cloud. Legacy solutions relied on technology designed for on-premise perimeters and later extended and adapted to cloud use cases and loaded with features, disjointed policies, configurations, and workarounds. Data security has become very complex, difficult to deploy and manage at scale, and too expensive.
SecureCircle is a cloud-delivered solution based on the data itself. Policies are applied uniformly to protected data at rest, in transit, and in use regardless of location. SecureCircle deploys many of the principles of SASE.
· Intrusion protection - SecuerCircle logs all data access attempts for SOAR (security orchestration automated response). Rich metadata is available, including user, application, device, location, and much more.
· Content inspection - Unknown data is scanned to determine the digital DNA (dDNA) within the file. If dDNA is similar to other protected data, SecureCircle protects the new data with the same permissions as the original data. Additionally, SecureCircle can monitor data patterns and automatically protect PII, PCI, and other pattern identifiable data.
· Malware protection & application access - Applications policies determine which applications are allowed to access protected data. Block unauthorized or unknown processes from touching data. SecureCircle automatically protects all data from critical applications such as finance tools or design software like Git or AutoCAD.
· URL filtering & firewalling - Firewall policies to allow or reject data transfers. Policies are granular to the application level. Automatically protect data transferred from specific URLs such as HR data from Workday.com or sales data from Salesforce.com.
Benefits of SecureCircle
· Transparent to end-users. Authorized users will not even notice SecureCircle is protecting data in the background. Users follow their existing workflows. SecureCircle supports any application and file type without changing the file name or extension or modifying the application.
· Reduce operational overhead compared to legacy solutions. All policies are managed by exception, not by rule. Removes any security tasks such as discovery and classification, which was required by legacy solutions.
· Cost savings. SecureCircle focuses on protecting data in today's distributed environment. Licensing cost is much lower than legacy tools, and there is no dependency on discovery or classification tools. Reduction in operational overhead saves hundreds of hours used to create and maintain policies and classification states.
· Zero trust approach. SecureCircle verifies user, device, application, network, and other factors for authorization and automatically protects data based on workflow, content, pattern, and context. For example, ransomware applications will not be able to read the contents of protected data.
· Visibility and orchestration. SecureCircle provides unparalleled visibility to data access as well as data modification patterns. The comprehensive monitoring allows for automated orchestration tools to disable suspicious devices or notify administrators of potential ransomware applications trying to access data.
SecureCircle's Zero Trust data security allows enterprises to deploy a data security solution that relies on a scalable and straightforward architecture that enables lower operational overhead and a transparent end-user experience.