October is Cybersecurity Awareness Month. Initiated in 2004 with the participation of the Department of Homeland Security and the National Cyber Security Alliance, its goal is to spread the word that each of us has a role to play in making the Internet safer and more secure. With that in mind, here’s a look at what Infoblox is doing internally to protect its employees and customers and make the internet a safer place.
I recently joined Infoblox as CISO. My initial priorities here at Infoblox include strengthening our security posture and supporting the FedRAMP certification initiative.
To kick off Cybersecurity Awareness Month, here are a few topics which are top of mind for not only Infoblox but also enterprises in terms of the cybersecurity arena.
What should be top of mind for enterprises regarding cybersecurity for 2019?
Focus effort around your critical data. Locate your key data and deploy controls there for maximum effect. Assume attackers will be able to bypass some of your defenses, so build in redundancy and layer your defenses. Defense is great, but also have the ability to detect and respond.
Data is moving into the cloud, and information security controls must follow. Many organizations are not moving fast enough. There are still plenty of companies out there running obsolete security technologies and wasting effort looking in the wrong places. If all your data has migrated into the cloud, then you better be looking at the cloud. This requires investment in different tools and talent, which is essential.
Compliance is a big priority for most enterprises, especially with the current rate of cloud adoption. For example, one area that’s getting a lot of attention is SOC-2 compliance. [Ed. note: Service Organization Control (SOC) is a reporting platform. SOC 2 is relevant to organizations, such as SaaS companies, which store customer data in the cloud.] SOC-2 is a commercial certification attesting that you’re doing the right things from a security perspective, that the product you’re offering to customers in the cloud is a secure one. Infoblox is working toward both SOC-2 certification as well as FedRamp, which is a government-grade security certification.
Internet of Things (IoT) and the impact on cybersecurity
At a high level, the challenge with IoT is that everything is becoming an Internet-connected device and there are security challenges that come with that. IoT has been happening in the enterprise for quite a while to a certain extent. For example, the phone on your desk is not an analog device connected to a phone switch anymore, it’s an IP-connected device. And that iPad in this room that’s running the Zoom meeting, that’s an Internet-connected device and so are the printers and video cameras in this building. They’re all connected to IP.
The connectivity trends that started in the enterprise are now occurring commercially and the complexities are mounting. I was thinking the other day about just how many different Bluetooth, WLAN and Cellular connections my phone has. At least seven. And that’s just one phone.
How secure will all those devices be? Take cars for example, almost all new cars now have data connections. Do you know everything that’s happening over those links? Can you trust them? There’s a huge need for security in that space. At Infoblox, we provide solutions that can address some of this risk. When an IP device attempts to resolve a DNS name, our product provides only the correct, safe results. Often on a small IOT device, there’s no way to run a firewall on that device, so this is an effective way to scale out protection for these devices.
Trends around cloud/cloud transformation impacting cybersecurity for organizations
With the speed and agility that comes from the cloud, enterprises have been enabled to launch new product features on a weekly or even daily basis. This is a key feature of the new DevOps trend. However, along with continuous development and continuous releases, we must also integrate continuous security into this process to ensure the end product is a secure one.
Many don’t think about security at this level. They are only focused instead on deploying products or features as soon as possible. The bottom line is that too often, features are going out into the world without adequate security testing. That’s part of reason why there are so many bugs and vulnerabilities out there. Companies like Infoblox are addressing this by moving to a continuous testing model so products we deploy can be deployed both in an agile and secure way.
[Ed. note: According to Gartner projections, there will be more than 20 billion connected devices worldwide by 2020.]