Question: What we mean by an attack surface?
David Ellis: So, when we're talking about attack surfaces, we are talking a whole myriad of different devices. It could be mobile workers with their laptops, through to IoT sensors; any kind of connected device that hooks up to the Internet. I think we've seen the network evolve and change massively over the past few years, and certainly since I entered the cyber security market number of years ago. Back then we tended to find that companies had all the data behind the perimeter firewall, which is very easy to manage.
These days, of course, we're dealing with a much more porous environment, with lots of different types of devices storing data in many different places. That, of course, creates a challenge.
It also creates an opportunity for the channel, of course, because they can help the end customers go through the process of understanding what devices are connected to the network what data is being used, where that data is stored and therefore what the risks are. So, with these challenges, we see lots of opportunities.
Question: How do you find out about vulnerabilities and how do you prioritize these?
Meg Hargrove: Yeah that's a great question. Thankfully, there are many ways to find out about what vulnerabilities might be impacting your organization or are within your organization already.
Namely, there are many vulnerability management tools that will scan your assets for you and identify what vulnerabilities are actually applicable. You also have to consider that there are many threat intelligence platforms. One of the top things I also recommend, is that the members of the cyber security team keep up to date with the news around what's going on in the cyber security world. If they have this knowledge in the back of their minds, when they are working day-to-day, they can be looking for vulnerabilities within their organization.
Now, as for prioritizing them, this is generally going to be considered by the C levels, usually a CISO or some senior level management within cybersecurity. You're going to want to assess the impact, as well as the likelihood of that vulnerability being exploited. You're going to need to consider the financial impact the threat has. That could embrace the reputational impact as well, plus anything else that could negatively impact your company.
Question: David I guess we also need to factor in that organizations today have so many more stakeholders?
David Ellis: Yes, that's true. Organisations have many more stakeholders, as part of their digital transformation. That creates a number of threats, as you mentioned. There is a potential for a broader attack surface and a broader opportunity for bad actors to get access to that data. This is where we're starting to see companies adopting a zero trust approach, which essentially takes a very different view of security. If implemented correctly, it can be very successful in terms of raising the level of security within that customer.
Question: How do you know if an attack surface has been compromised by a bad actor and how do you identify it?
Meg Hargrove: Yes, this is another instance where we're going to heavily rely on a lot of our tools and technologies that we have implemented to help us defend our organization. So, whether it's an IDS, an intrusion detection solution or your SIM is monitoring and alerting, If your environment is being compromised, generally you're going to want to rely on your tools to let you know about it. Also, besides that, you're going to rely a lot on your user base. The colleagues around you are going to have much more insight and knowledge about the heuristic kind of incidents that are going on, which might not be caught necessarily by a technology.
Question: I guess we've got to consider that organizational data is hiding everywhere these days?
David Ellis: As I mentioned before, organisations have a much more of a porous perimeter, with data stored in lots of different locations. Shadow IT has been a real problem over the past years, whether that’s people within the business deploying AWSworkloads services, or whether it's individuals, creating their own cloud storage systems and putting company data within that. That's been really hard to manage for the central IT teams. Gartner themselves found shadow IT is around 30 to 40% of IT spending. They also go on to say that a third of successful attacks are on the shadow IT resources. So, this is a real problem, because, of course, many of those users are not considering security when deploying or activating new services. Cisco also say a similar thing. They report the average large enterprise has over 1200 cloud services and over 98% of it is shadow IT, so that's a real issue.
As companies evolve and change as well, things such as mergers and acquisitions happen, leaving companies exposed as quite often they don't have the visibility of these sources of data or where the data is stored. It's a real issue that needs to be thought about and, of course, as I said before, this is something that the Channel can help with.
Question: What practical things can you do to track down shadow IT, or at least keep your organizational data safe?
Meg Hargrove: So, there's three main things that I think are really practical. One, is having a top down approach to it, meaning that security is usually most successful when you have the support of your C levels; so, ensuring that your C levels or senior security management are all on board for creating strong security policies.
The second thing is going to be having strong security standards. That way, when such as what David was referencing - if a business or a non IT entity of the organization is going to spin up an AWS workload, they at least have direction and guidance on what needs to be implemented in that AWS workload, to ensure that it's up to par with the organization’s security standards.
The number three thing that I’d like to mention, is having a strong asset management programme that is accurately tracking what's being spun up, what new outsourcing is occurring, what new IT projects are going on outside of the IT organization itself; this all really helps us keep track of what we actually need to be securing and monitoring.
Question: What's Tech Data doing to help partners improve their own customers’ cybersecurity posture?
David Ellis: We have a number of initiatives to help our partners really maximize the opportunities within this space. We have digital the Practice Builder programme designed to help partners go through that transformation, to be able to sell cybersecurity products and services. This digital version that contains over 30 hours of content and assets that are really useful for partners.
We also have a number of technologies and vendors we're working with to help our partners reduce some of the complexity and fragmentation in the market. To help our partners deliver services, we also have our RECON security services, which are a range of managed services. mentioned our, for example, management entity. Partners can work with Tech Data and deliver out services to their customers very quickly, with a very low level of upfront investment.
Last but not least, we offer Finance Solutions. These are particularly useful for service providers, if they want to take away some of the high upfront costs involved in building a service. It helps ease that burden until they start to get their first sale.
Close: Thank you very much for your time and sharing your insights with us. Until next time . . .