Enterprises need a new security architecture: Graeme Beardsell3 min read . Updated: 28 Feb 2018, 06:41 AM IST
Graeme Beardsell, Akamai Technologies MD of Asia Pacific and Japan, on the challenges of keeping businesses online round-the-clock
New Delhi: Graeme Beardsell is the managing director of Asia Pacific and Japan at Akamai Technologies Inc.—a firm that pioneered content delivery networks (CDNs) to speed up the Internet.
A 25-year industry veteran with experience in start-ups as well as marque firms such as International Business Machines Corp. (IBM) and Salesforce.com Inc., Beardsell will be speaking at EmTech India 2018—a two-day emerging technology conference organized by Mint and MIT Technology Review to be held in Gurgaon on 8 March.
In an email interview, he talks about the challenges of keeping businesses online round-the-clock, the need for a new security architecture and how the Internet of Things (IoT) is complicating matters. Edited excerpts:
In the digital age, what challenges do firms face in keeping their businesses up and running 24x7?
The first challenge is an explosion of network and device types—by the end of 2018, close to 11.2 billion devices are projected to be connected worldwide—a number expected to nearly double by 2020—and the Internet needs to support an increasingly diverse set of interactions that range from web and mobile to machine-to-machine communications and wearable tech.
With the uneven adoption of new protocols, meanwhile, content delivery is being hindered and this causes inconsistent customer experiences.
The second challenge is an extension of the first. Today, there’s richer and far more sophisticated content—in an attempt to meet ever-growing expectations of engagement, businesses employ complex underlying code, imagery, and video on websites.
The final challenge is that of increasing scale and sophistication of cyberattacks.
How should CXOs deal with these challenges?
Businesses are faced with a new age in information security. Earlier, a ‘moats and castles’ model existed, wherein the ‘castle’ of applications, enterprise data, and networks was surrounded by a ‘moat’ that consisted of a secure perimeter and firewalls.
Today, data, applications, and users are outside the firewall and on the cloud, where they traverse the public Internet. To paraphrase, traditional security systems are guarding a largely empty castle. This means that enterprises need new approaches in their concept of security and to build new security architecture.
Essentially, security should be designed to take advantage of the shape of the Internet and not try to defy it.
The other challenge that is perhaps ‘invisible’ is the large number of vendors and solutions that each organization needs to manage. Analysts now advocate rationalizing multiple solutions by different vendors into suites of solutions by a single vendor to provide greater efficiency in productivity, and also towards solutions that share an integrated platform to facilitate data exchange and analysis.
Do you see firms gearing up to take advantage of the IoT phenomenon?
IoT is going to operate at an enormous scale churning massive amounts of data. The real value will be in how we are able to process and use this data to create new experiences for our end users. Domestic devices, be it thermostats, lights, or any number of smart appliances, guarantee that our homes will be as connected as our cars.
Coming to the industrial side, locomotives, sensor-equipped jet engines, and wind farms maximize performance and optimize maintenance. Be it buildings or transportation or energy delivery, all of these aspects of industry are getting smarter by capturing and analysing vast quantities of data in real time.
Introducing standards for the security engineering and automated reprogramming of IoT devices could improve the threat landscape. However, there is little market incentive today to create devices with strong security.
Several types of IoT appliances were never meant to be updated, resulting in recall or replacement to combat newly discovered vulnerabilities. Additionally, there are several instances of IoT devices that are no longer supported by their manufacturers.
Akamai evolved from speeding up the Internet to providing security solutions. What’s next?
At Akamai, we are focusing on a model for our customers that embraces cloud security. A cloud security architecture embraces ‘verify and never trust’ (i.e., the Zero Trust security model) as its guiding principle. Furthermore, with predictive analytics and behavioural analysis, businesses can effectively enforce compliance, apply security policy, and reduce risk.
Preventing ‘credential abuse’ is another focus area. Today, websites give business unprecedented levels of contact with their customers—which means sensitive data can be easily accessed with malicious intent, through the use of bots. Bot (both good and bad ones) traffic can represent almost 60% of overall web traffic.