One big reason for the meteoric rise of security as a design criteria is certainly the accelerating pace and impact of security incidents across the globe. Where we used to see a major breach or new threat only a few times a year, these days it seems like there is some unfortunate news hitting the wire every couple of weeks. Worse than that, the magnitude of the impact is increasing.
A few years ago, a company could hope to emerge from an event having only lost some productivity. Today? An event that grabs headlines can shave billions of dollars in market capitalization from public companies. In the recent Equifax breach, the company saw a 30% drop in stock price resulting in a more than $4B shift in market cap.
For private companies, security incidents can spell the end of the business. In 2016, the US National Cyber Security Alliance found that 60 percent of small companies are out of business entirely within six months of a security breach incident.
When the stakes are this high, it’s no surprise that security is now a board-level discussion at companies across all sectors. Put simply, those at the helm cannot afford to delegate their security postures while maintaining zero visibility.
This means that IT leaders are increasingly finding themselves in the crosshairs, as the most senior executives inspect some of the most vulnerable parts of the business. It’s not enough to have a plan. The efficacy of that plan has to be demonstrated frequently through internal reviews and third-party audits.
All hands on deck
The result of this added scrutiny is that security is now an all-hands-on-deck issue. If you are not part of the solution, you are part of the problem. And that means that it’s not just the CISO or the security team that has to deliver.
Recent research is clear on this point: security is a networking problem, too. The lines between security and networking have been narrowing for years, but this study suggests that they have actually merged to some extent. While the security team is not responsible for connectivity, the networking team certainly carries some of the security burden.
Security as a top-tier networking consideration has two major implications. First, the network has to play an active role in surfacing threat intelligence. This puts a greater emphasis on streaming telemetry and integration with threat monitoring solutions. Second, the network must play an integral role in the isolation of threats, using dynamic policy enforcement to quarantine bad actors.
The bottom line
Networking is no longer just an exercise in increasing capacity. The network has so much more to give than merely connecting devices and users. There is a rich set of information that can be pulled from the network to better identify what is happening within the infrastructure. These insights simply must be part of an expanded security umbrella. And the network makes for a logical enforcement point as bad actors are identified and quarantined. The dynamic enforcement of policy in response to real-time threats is an absolute must for enterprise IT.
Of course, the threats to IT are only getting worse. As IoT and cloud continue to evolve, it means that the nature and source of threats will evolve, leaving enterprises that are unprepared particularly vulnerable. Assuming that security is going to be handled by someone else simply isn’t good enough—everyone bears responsibility.