Five security trends shaping the future
What do the next few years hold for us? Here are five emerging trends that DXC CISO Mike Baker identified as transforming how we defend against cyber threats.
Growth Drivers | October 31, 2024
Picture this: A castle surrounded by a massive wall, complete with watchtowers and a moat. Anything inside the wall is considered safe, while anything outside is potentially harmful. This is how traditional security models used to operate, treating the internal network as a safe zone.
The problem with this approach is that castles can been breached, walls can be scaled, and internal threats exist. And once an attacker gets inside, they have free rein over everything inside.
In the zero-trust model, there is no inside or outside the castle. Everyone and everything is considered a potential threat until verified.
Zero trust operates on the principle of “never trust, always verify,” rather than granting implicit trust to all users inside a network. It's a strategy that organisations of all sizes are implementing to protect users, devices, networks, applications and data. This helps address the cybersecurity risks posed by remote workers, hybrid cloud services, personally owned devices and other elements of today’s corporate networks.
Think of a zero-trust model as a watchful security guard who meticulously and repeatedly checks your credentials before granting you entrance to the office building where you work, even if they are familiar with you. They, then, constantly repeat this process to confirm your identity.
Without this kind of robust solution in place, it can be challenging for organisations to have a clear picture of who has access to data and what they are doing with that data. And companies can unnecessarily expose themselves to costly data breaches and other security incidents.
A Gartner survey revealed that while 63% of organisations worldwide have fully or partially implemented a zero-trust strategy, the scope and impact of these initiatives remained limited.
When DXC examined the future of its own business over four years ago, it became clear that taking a virtual-first approach would require a fundamental shift in mindset. DXC knew it needed to leave behind the traditional location-centric model and adopt an identity-centric approach that controls access based on user identity and other attributes.
With that goal in mind, DXC began to migrate away from its traditional perimeter-based security architecture consisting of firewalls and multiple VPNs used by employees to connect to customer systems. To support our hybrid environment and boost our security posture, we decided to adopt a zero-trust architecture and roadmap.
One thing we learned is that when embarking on the zero-trust journey, it’s imperative to be fully aware of what one’s technical landscape encompasses and how best to protect those assets. This means creating a full log of users, devices, programs and services so that IT teams can allocate who has access to which parts of the network.
Simply put, holes in the inventory infrastructure could result in security risks for our organization.
To scale our business in a secure way, DXC needed a way to manage access across our entire IT estate. For that we used a zero-trust network access service that verifies users and grants access to specific applications based on identity and context policies.
For example, employees on the accounting team can work on payroll applications and have the same user experience from the home or office, as long as they and their devices are automatically authenticated each time they access these systems via constant secure state revalidation.
The team also used a cloud-based platform that securely connects users, devices and applications across different networks, including in any of our six global data centres. And advanced logging and reporting capabilities provided us with the necessary visibility into data access events, while also supporting compliance efforts.
For industries that handle sensitive information, zero trust offers an extra layer of protection.
For example, a global manufacturer needed to maintain continuous, secure data exchange with customers and increase cyber resiliency across its on-site and remote workforces. DXC helped move the company to a cloud-native, zero-trust security strategy that increased control and improved visibility of the security landscape and made the business more resilient to inner and outer threats.
A European utility company struggled to manage fast-emerging cyber threats and increased regulatory requirements to protect the essential services they provide. DXC deployed a cloud-based secure service edge solution that provided safe access to applications, ensured adequate malware threat identification and prevention, met regulatory requirements and simplified ongoing operations.
A multinational energy and petrochemical company required simplified, secure connectivity for its global workforce logging in from offices, coffee shops, offshore and a range of other locations. DXC’s integrated solution provided rich intelligence and constant security validation and gave employees secure access to critical applications from anywhere.
What do the next few years hold for us? Here are five emerging trends that DXC CISO Mike Baker identified as transforming how we defend against cyber threats.
The number of digital identity verification checks is expected to surpass 70 billion during 2024. And no wonder. Digital identity has become crucial in safeguarding user security.
As AI and emerging technologies reshape the business landscape, companies with outdated systems and approaches must evolve or risk getting left behind. Here’s how.