Cybersecurity has never been more important or challenging. A worldwide shortage of people with the necessary cybersecurity skills is coinciding with increasing complexity of business IT environments and the further industrialization of the cybercrime industry alongside an increase in state-sponsored cyber threats.
Cyber-attacks have continued to intensify and diversify as the attack surface has expanded with organizations increasingly adopting cloud-based services, mobile and home working, and internet-connected devices (IoT and IIoT) as part of accelerated digital transformation programs.
The need to secure complex, hybrid IT environments, hybrid working patterns, and comply with an ever-increasing number of data protection, privacy, and cybersecurity regulations has driven many organisations to attempt to increase their resilience to cyber-attack by investing in more cybersecurity infrastructure and tools.
Unfortunately, this strategy is not really working. Many organizations are still being negatively impacted by cyber-attacks because their cyber security investments are not working effectively together, the company has no central overview of which services, devices, and applications are used and for what purpose, and there is no effective way to identify potential security gaps that can be exploited by bad actors.
Last week we looked at the concept of Identity Fabrics, which has been developed by KuppingerCole to enable a comprehensive Identity and Access Management (IAM) for the digital era that is built on a modern, modular architecture that supports an integrated set of identity services that deliver the required capabilities.
Similarly, KuppingerCole has developed the concept of a Security Fabric that is designed to enable organizations to find the right balance between complexity and over-simplification to achieve effective cyber resilience through the ability to continually enhance the organization’s risk posture.
Because this model of cybersecurity involves the combination of multiple isolated but corresponding elements that are “woven” into an integrated, seamless whole, we use the shorthand term of “Security Fabrics” when talking about this paradigm for architecting cybersecurity within enterprises to deliver the full range of security services required by an organization.
So, like the Identity Fabric, the Security Fabric is not any single product or service. Instead, it is a toolset and paradigm to define the right security building blocks, to bundle them into capabilities, and to define services that form the foundation of an organization’s IT security.
Applications must integrate into the Security Fabric to benefit from advanced, central, and modern security concepts. This method also helps security organizations to have a central approach and overview.
A key benefit of the Security Fabric is to maintain an overview of the plethora of applications and services that run within an organization. The fabric helps to structure the existing services, show the gaps, and reveal the existence of duplicated services. This helps to improve the general portfolio, to optimize technology investments, and to improve security on a continual basis.
A Security Fabric should be designed to ensure an organization’s ability to:
- Ensure governance and security management.
- Protect key data, systems, and networks.
- Detect potential attacks using various monitoring and security intelligence mechanisms.
- Respond effectively to all security incidents.
- Recover from incidents and have operational resilience.
An open, integrated, and extendable architecture is the standard for the Security Fabric to meet current and future requirements. It should support different deployment models with identical capabilities, whether on-premises or as a service.
With dynamic orchestration and intelligence capabilities at the core, a Security Fabric should provide the flexibility and agility needed to build new digital services or integrate with legacy systems.
Pay attention to building up a reliable toolset that can be fully integrated and easily extended by new services to fulfill future requirements.
Having a Security Fabric in place helps organizations improve their portfolio, their spending, and their cybersecurity because it takes a business-centric view of the things you really need to be as resilient to cyber attack as possible.
Setting up a Security Fabric requires defining a comprehensive “big picture” target state that is based on a phased implementation. The later commonly starts with delivering security services for new applications that are created in the Digital Transformation, and subsequently migrating legacy security applications and integrating existing applications.
— Christopher Schütze, Cybersecurity Practice Director & CISO, KuppingerCole
Because we understand the importance of an effective cybersecurity infrastructure, and because we are committed to helping your business succeed, KuppingerCole has a great deal of content available in a variety of formats, including online events such as the free KC Live event entitled: Managing Complexity: How to Define an Enterprise Cybersecurity Fabric That Delivers, which is taking place at 13h00 CEST on Wednesday, June 22, 2022.
Setting up a security architecture with the concept of a Security Fabric, helps to structure, optimize, and improve the corporate cybersecurity approach. A good place to find out how and why to do this, have a look this Leadership Brief entitled: Security Fabric: A Methodology for Architecting a Secure Future.
If you would prefer to hear what our analyst have to say on the topic of Security Fabrics, choose from the following Analyst Chats.
For an introduction to this new architectural approach to cybersecurity with the goal of achieving consistent and fully-managed security across the whole corporate IT environment, listen this this discussion entitled: A Holistic View of Cybersecurity - Introducing the Security Fabric.
A more detailed discussion of a security architecture blueprint that implements the concept of a Security Fabric, listen to this discussion on: A Cybersecurity Reference Architecture for Your Security Fabric.
And for a wider discussion on the security challenges for enterprises moving to the cloud with reference to security fabrics, listen to this discussion on: Questions to Ask Your Cloud Provider About Security.
If you would like to have a short, incisive view from one of our analysts on this week’s topic, have a look at this blog post entitled: Security Fabric: Investing in the Right Architecture for a Secure Future.
To find out more about the foundational role of security and identity fabrics in the context of DevSecOps, have a look at this blog post entitled: Making DevSecOps a Reality and Going Beyond – Introducing SODAS (Secure Operations & Development of Agile Services) and the related blog post entitled: Managing Access and Entitlements in Multi-Cloud Multi-Hybrid IT.
Security fabrics have been the topic of discussion in a couple of webinars. Meeting the IT security requirements so that users with different roles and rights can access the various endpoints and networks necessary to do their jobs can be challenging. To learn how the security fabric concept can help, have a look at his webinar entitled: Security Fabric: Building a Secure Future With a Flexible IT Architecture.
Many organizations struggle or even fail because they overcomplicate the implementation and extension of their cybersecurity toolset. Most do not have a central approach on security, and often use a set of tools that are not well-integrated with each other. Have a look at this webinar to find out How Security and Identity Fabrics Work to Help Improve Security.
As modern businesses across all verticals continue their rapid digitalization, the need to store, process and exchange data securely is becoming an essential factor for any company. Have a look at this webinar to find out about The Role of Data-Centric Security in the Cloud and the relevance of the Security Fabric concept in this context.
Organizations investing in technologies to create a security fabric, can have a look at some of the related technology solutions that we have evaluated: