(by Francesco Pagano) This is nothing new: technology is evolving extremely quickly and those who have the task of maintaining security systems have always had to adapt strategies and tools to be able to keep up with them. The digitization phenomenon that has affected the production fabric and the entire society in recent years, however, represents a real leap in quality and has completely changed the cards on the table even for those involved in cyber security.
In its traditional declination, in fact, cyber security focused on the concept of "perimeter", through a logic that clearly distinguished between resources inside the networks and external resources. Schematically, the logic was to consider the activity inside the perimeter as reliable and subject to controls (and blocks) everything that came from the outside. However, this approach is no longer adequate to protect new IT infrastructures.
Two factors that now characterize the methods of delivery and use of digital services have contributed to a real “evaporation” of the perimeter. The first is represented by the massive adoption of tools based on cloud platforms, which have led companies and organizations to outsource services in data centers far from their physical structures, broadening the concept of network and radically changing its characteristics.
A change that is not only physical, but functional. The static vision of services provided on premise has been replaced by an extremely dynamic and versatile ecosystem, which allows you to take advantage of virtualization to create new services, duplicate or modify them and adapt them to the needs of the company in real time. Something that cannot be controlled and protected through the use of firewall-level rules as was the case in the logic of perimeter defense. In terms of use and access to the services themselves, the panorama has been completely distorted by mobile tools, which in turn have undermined the logic of "internal" and "external" forcing the security experts to completely change their approach.
Attention, in today's panorama, can no longer be directed to the “where” but to the “who” accesses resources and services. The authentication of the accesses and the management of the relative privileges, consequently, becomes one of the pillars of the new cyber security. The declination of this new perspective, in addition to a cultural evolution, requires the adoption of new tools The implementation of access verification systems requires the use of systems based on user behavior (the analysis of user registered on the basis of a history of his activity in terms of times, geolocation and identification of the devices used) and multi-factor authentication systems that guarantee identity verification in each session.
The control of the services provided through the cloud platform, on the other hand, requires a security event monitoring system (SIEM) and a team of cyber security personnel who are able to manage their operation.
With one problem: talent in this industry is terribly rare.
Francesco Pagano - Director of Aidr and Head of IT services at Ales spa and Scuderie del Quirinale