Cybersecurity: Why companies need a "defense in depth" mentality

Margaret Arakawa, CMO of edge cloud provider Fastly, explains how companies can and should respond to new security challenges. 

Experts predict that the damage caused by cyberattacks could rise to $10.5 trillion by 2025. While some companies are already well positioned in the area of cybersecurity, others are still taking the threat situation lightly. Whether in retail, entertainment, gaming, healthcare or finance - companies that operate digitally are particularly affected. Every organization utilizes web apps and APIs to enable their customers to transact business or exchange data with partners—and if data is the lifeblood of any organization, then those same apps and APIs are all that stands between a threat actor and that valuable data. So it’s no wonder that over 70% of all breaches involve exploiting a web app or API, making them the top means by which companies are breached. Web attack methods include the abuse of stolen credentials, SQL injection, remote command execution among other tactics that take advantage of vulnerabilities and misconfiguration of web applications and their underlying servers.

Effective “Defense-in-Depth” Must Include Security at the Edge  

Threats are constantly changing as attackers continuously evolve their tactics and techniques. To keep up with this, security-conscious companies must therefore regularly examine their own infrastructure and applications for vulnerabilities and take the necessary steps to shore up these gaps. A typical response by decision-makers to the increasing complexity of their technology environments is to deploy new and (too) many different security solutions. But no tool can provide 100 percent effectiveness against new types of threats. Companies therefore need what’s known as a "defense in depth" mentality: they need to put up so many obstacles and layers that attackers cannot easily penetrage systems or compromise their applications.

A "defense in depth" strategy means investing in tools that are capable of automatically sensing, detecting, reacting, and responding to access requests, authentication needs, and outside and inside threats. These tools can prevent intrusion at multiple points where an organization's infrastructure can be compromised. They include endpoint protection, cloud workload protection, vulnerability management, network firewalls, and web application and API protection. Fastly offers the latter with its next-generation WAF (Web Application Firewall), which can be deployed in the cloud, at the network edge, in data centers, or a hybrid of these.

Protection by Edge Cloud Platform Providers

As they have for the last five years, the Verizon security team that authors their annual data breach report, cite web applications as the number one threat vector that results in a breach. And web app attacks are often used in conjunction with a high number of DDoS attacks. So it’s imperative that enterprises take a hard look at how they are defending their apps in production as part of any overall defense-in-depth security posture: if they currently have no web app or API protection solution in place, they need to factor that into their security plan and make the necessary investments going forward. In the long term, we see enterprise cyber boundaries becoming more ambiguous as they continue to shift from on-premise data centers to cloud or hybrid environments. Gartner predicted recently that by 2025, 85% of infrastructure strategies will integrate on-premises, cloud and edge delivery options, compared with 20% in 2020. While most internal private clouds are single-tenant or serve a specific internal use case or business unit, they are difficult to scale. Edge cloud platform providers can help enterprises protect all their apps wherever they operate due to multiple deployment options. A flexible software agent-module pair can deploy as a module at the web server or application or agentlessly on an edge cloud network.  

Prevention Technology: Easy to activate & in an “always-on” Operation Manner

Organizations that rely on cloud for efficiencies of scale can also realize cost savings when consolidating multiple vendors down to one that can provide both application delivery and security capabilities. Edge cloud platform providers are ideally suited for meeting both requirements. From a security standpoint, leveraging a platform that has security embedded at the edge is ideal for orgs that have embraced DevOps and rapid release cycles yet want to stay secure: having protection at the edge means detecting and blocking malicious traffic farther away from the app origin while making it easy for developers or security teams to enforce policy easily since the detection and prevention technology is easy to activate and operates in an “always-on” manner.

As technology advances and organizations gain the means to develop and deploy high-performance applications and process and transmit even greater volumes of data, new attack tactics and vulnerabilities will emerge. Knowledge, experience and a strategic approach to securing the enterprise, its people and its data are key to overcoming the challenges posed by evolving methods of cyberattack.

Read the full article on the DMEXCO website.

Margaret Arakawa holds significant experience building brands, growing businesses, and delivering revenue growth. Most recently, she was CMO at Outreach where she tripled lead generation and solidified the SaaS startup's category leadership in Sales Engagement. Margaret spent almost 20 years at Microsoft leading business strategy, product planning and product marketing and growing the global Windows, Security, and Azure businesses. She also launched the US Microsoft Surface business and grew it from inception to billions in revenue. Margaret has also been named to the Top 50 Women Leaders in SaaS in 2020, and as one of 2020's 50 Influential Marketing Leaders Changing the Industry.