For decades, businesses have ensured their physical assets were protected from unforeseen events such as fire or flood. Protecting digital assets – and the networks they rely on – became an especially urgent commercial imperative as the pandemic took hold. With the threat perimeter moving from the office to distributed households, too, defending digital property, and securing network access became paramount.
The focus on pre-pandemic IT resilience centred on securing in-office systems and protecting data as it travelled over networks to cloud services. The immediate need to decentralise and deliver IT services to remote workforces meant, in many cases, a less-than-robust and comprehensive approach to security.
Many enterprises found their security systems lacking in the face of new risks, and IT estates exposed their shortcomings. Two years on, there’s doubt over whether businesses appreciate how resilient their IT estates should be, in order to protect against future threats. COVID-19 came out of nowhere, and there are plenty of further disruptions that could be right around the corner.
Your digital immune system
The permanent changes to working practices will influence IT security and contingency planning for the next few years, says SVP EMEA at CyberArk, Rich Turner. “Major socioeconomic events have always led to a sharp uptick in cyber incidents,” he tells IT Pro. “With the accelerated use of collaboration tools and home networks for professional purposes, best-practice security is struggling to keep pace with the need for convenience, which, in turn, is leaving businesses vulnerable.”
Protecting current IT systems and services is clearly paramount, but what of future threats? “For contingency planning to improve, businesses need to focus more on radical and significant impacts that may seem low in likelihood,” Tim Ebenezer, chief operating officer at consultancy firm FSP, adds, as he urges for continued diligence.
“These would include the impact of significant cyber crime and total loss of IT infrastructure and access, impact on power and power generation, and the impact on the loss of communications infrastructure at multiple levels, from local networks up to national networks.”
Resilience in the tech space needs a multifaceted approach, too. The pandemic laid bare the security shortcomings of many enterprises. Moving forward into a post-pandemic, organisations must pay close attention to how work has changed. Understanding the new threat perimeters, and how operations have evolved, should form the foundation of the digital antibodies all businesses can create.
Fragile architectures
Minimising downtime risk with resilient edge computing
Add value with on-premise edge computing
How businesses use technology, and the infrastructures that support them, is rapidly changing as a direct consequence of the pandemic. In its report painting a vision of IT infrastructure in 2030, Telehouse concludes nine in ten (89%) respondents believe edge computing will be a critical component of their organisation’s IT. There’s a clear trend towards more colocation and the top five focus areas over the next ten years are cloud (44%); cyber security (40%); 5G (29%); AI and machine learning (27%) and big data (27%).
“Our Connected Future research shows some of the top concerns continue to be resilience, legacy IT and security and compliance,” says senior director of customer services at Telehouse Europe, Mark Pestridge. “The biggest fears we see from companies are some form of attack which takes down the Internet, the physical breakdown of major physical cable systems or most recently, escalating energy costs which in turn will lead to increased cost of running IT systems and reduces profitability.”
Unsurprisingly, the adoption of cloud services expanded massively as the pandemic took hold. Mass remote working required mass remote network access – hosted services being the obvious choice. Pulsant research shows two-thirds of respondents to their survey are revisiting their IT infrastructure strategies to ensure full compliance with impacting regulations.
Lee Wrall, Director of the managed services provider Everything Tech, highlights the importance of understanding where information is located as the basis of great IT resilience. “I don’t think many companies knew how and where their data was stored,” he says. “When they had to move it to a more flexible location it was a learning curve. Questions like: Is it on a secure server? On a member of staff’s laptop? Is it encrypted? Many businesses didn’t know the answer, so it potentially opened them up to a cyber attack. I think all businesses had to re-evaluate their systems and how they serviced clients.”
The digital antibodies any business can develop to protect itself are manifold. Cyber security will be a focus, of course, as the digital assets a business uses and the networks they connect to, will be potential points of access for threat actors. Organsations also need to examine the wider business environment, such as the IT systems supply chains are dependent on. The human component of a network architecture, too, must also be resilient in the face of social engineering attacks. Here, better security education is imperative.
Hybrid protection
Can your business develop digital antibodies to protect its systems from future attacks? Organisations certainly must be more proactive; as practical steps are taken to protect physical assets, a similar approach to digital services will ensure a contingency for their potential failure has been planned for.
Resilient IT systems will have autonomous security that will be self-healing, according to Ebenezer. “AI is already being used in several monitoring scenarios to ensure that platforms that in the past would simply present information to a human operator to act on, are learning from how operators are reacting to situations,” he explains. “This will be the fastest area of development in this area – the increasing link of monitoring to ‘self-healing’ systems powered by AI.”
The post-COVID IT estates that emerged from the pandemic are decentralised, delivering a threat perimeter that’s open to attack. The use of more automated systems that watch over a network and its users is fast becoming the norm as business strive to protect all their IT assets. Organisations have become hybrid in nature and, moving forward, the IT antibodies every business needs will likely also take a hybrid approach.
