Cybersecurity: Now and then
René Huizinga, Sr. Network Solutions Architect
For theorists and those unfamiliar with the business, but with a little knowledge and an outside perspective, it can seem so simple and straightforward: Networking. Connecting machines and devices with switches to create inter-connectivity - via a cable or indirectly via a wireless connection. Just plug in cables, perhaps with a couple of routers for larger networks, internet connectivity, or a separate segment for servers, and everything should be up and running.
The development of network security
Security? Just add one or more firewalls, or maybe even one of those mysterious black boxes that IT people are always talking about... IDS, IPS or whatever it's called, and that should be it! And the classic, "How hard can it be...?"
Those who have been in IT for considerably longer than a decade often still know about 'the old days'. Small and medium-sized companies, especially those without manufacturing facilities or the like, have a relatively 'manageable' IT landscape in terms of network and security here. Many times it resembled the above a bit, although one quickly became aware - already since the 90s - that there were more aspects and complexity in the matter than one would think.
But networking was still usually covered by a single department and one, maybe two suppliers, depending on the used equipment.
For security, endpoint security was usually handled by the department or people within IT responsible for end-user and server equipment. More advanced devices such as firewalls were mainly taken care of by those responsible for the network. Since the late 1990s/early 2000s the first security departments or at least specialised people started to appear. This is still the case in many companies, only the focus and the number of people involved has grown significantly, sometimes leading to the formation of separate teams or departments.
In today's world, IT has evolved a lot. In many aspects, both the market, the solutions but also the perspective to solve (new) demands and our general way of working. To give an example: Who would have thought back in the day that life without the internet would be almost unthinkable? It evolved from a "practical source of information" and "nice marketing opportunity" to an "essential infrastructure component" (e.g. VPN services) and even to an essential part of our business model. It even hosts large parts of our IT and data e.g. via "PaaS" (Platform as a Service) and "SaaS" (Software as a Service) solutions, mostly in so-called "public clouds", where previously islands of 19" racks with servers were used for the same. Even local, standard Office suites are now partly replaced by cloud solutions.
And if the data is too sensitive and/or newer regulatory authorities have decided on restrictions for handling data, we can also go so far as to set up servers again either in our own data centre space or sometimes in national 3rd party data centres and create our own "private cloud". This can in turn be mixed with a public component or have a public component to prevent having to host e.g. front-ends ourselves. This leads to so-called 'hybrid cloud' solutions. Not to mention possibilities for virtualisation or orchestration. Or as a second example, networking with SDN/SD-WAN, DC-networking, edge-security, etc. There is too much to mention. And of course, as everyone can imagine, such exciting, big and new possibilities and solutions have "a price ", so to speak.
Compared to previous generations, as already mentioned, this is much more than an evolution, but a revolution.
Challenges in the security world of today
New challenges have also arisen, not only because of the huge amount of newer and younger, less mature technologies, but also topics such as security. Especially with the associated dependence on the internet and connectivity, the importance of security has risen to unimagined heights. Just think of the many security breaches, (D)DoS attacks and even blackmail of companies! Almost all aspects need to be reviewed, requirements redefined, solutions created, evaluated and so on and so forth...
For some smaller organisations or those with very strict, limited requirements and a correspondingly strict IT policy, this may not matter. Or at least not at the moment. But in almost all cases, they will still have no choice but to use at least some of these revolutionary technologies. If not by their own choice, then because of requirements from suppliers, customers, parent companies, etc. Even if it is only the internet connectivity for infrastructure solutions, software and general IT requirements. This in turn dictates the use of security solutions.
Management must put IT security on the agenda
Regardless of the direction, in every organisation, there has been and continues to be a constant increase in existing and new IT requirements. This is of importance to the IT of the organisation, regardless of their complexity and diversity. All this requires additional resources, including knowledge and personnel.
The times when a single IT department with a limited number of staff could cover everything are thus slowly coming to an end. It is important that this is seen and accepted by management. Because if no action is taken, no matter what form it takes, the set-up including all new components and technology will just barely be kept alive despite the best intentions. This is often done with the help of third parties such as suppliers or internet forums, with varying results. Until at some point "the damage is done". Problems lead to more problems or the solution no longer works as it should. This leads to annoyance and ultimately to more costs, or even much more costs than one has tried to save...
Challenges of suppliers
Organisations often have several suppliers they have to deal with, because of specific business software and solutions. So for the more general issues, they would like to stick with as few as possible. If only because of the idea of having the one supplier who knows their entire environment and can therefore help with almost everything. In addition, a relationship of trust has been built up over time, expectations have usually been met in the past and there is a good track record of the supplier with the customer.
Just as organisations are overwhelmed with the complexity and diversity of IT security, as well as the increased demands on resources, knowledge and personnel, the suppliers experience this as well. If they want to maintain a high level of competence in most IT topics for their customers, as in the past, they have to grow very strongly and intensify training or accept that the status of "covering almost everything" or "being able to do most things" has to be sacrificed.
Often, the supplier, if he has not gone through the necessary growth and increase in staff, is persuaded to keep everything alive for the customer. Not necessarily out of bad intentions, but to help his customer. However, here too, sooner or later the point will be reached when it becomes clear that the supplier is not up to the task. Not to be confused with product problems for which the supplier and its support are responsible.
It seems that suppliers want to offer an all-in-one solution, they want to be able to do everything. Again the statement and question, "How hard can it be?". Well, whatever the answer to that was in the past, nowadays it is just 'too hard to continue in the traditional way'.
For this, a change is necessary. Not only in the setup and the technology, but also in the handling, the mindset and the expectations around it.
Our experience with cybersecurity changes
At Nomios, we repeatedly receive enquiries from customers who state that they have requested offers and information due to the fact that they want to change their IT provider - for the aforementioned reasons. Either an old, good relationship was broken off due to the example of "keeping it alive", or because an existing supplier could no longer keep up with growth and training requirements, specific technologies or otherwise. Often enough a bitter story where you only find losers in the end. Therefore, not only the expectations and handling should be adjusted, but also the realisation that with the immense growth of technologies, complexity, etc., the times of 'a few jack of all trades and a few vendors' are simply over!
Our transformation to stay relevant
The Nomios Group is one of the providers that has undergone this transformation over the years. It has grown significantly from a company with double-digit employees to currently around 400, of which over 300 are technicians. We have acquired several companies and are now present in 7 countries. We have a large portfolio with numerous brands and solutions in the group, with which we represent the bulk for classic network and cybersecurity solutions on the market. The Nomios Group sees itself as cross-continental: if a specialist for a topic is not available in your country, we fall back on our resources in the other countries. In addition, we offer several services, including a "24x7" NOC and SOC, managed service solutions, network and security assessments, general and specialised consulting, and more.
We see that many organisations are unwilling to let their IT department grow to unreasonable heights, we understand this. If only because of the limited working time for certain technologies and the lack of specialists for numerous technologies. And it is even more difficult than before to find one's "jack of all trades", while the risk that they are not deeply enough rooted in the subject matter increases! For them, outsourcing certain technologies can make a lot of sense. For many small and medium-sized enterprises, a "sweet spot" is often reached by having sufficient in-house knowledge, including some redundancy, in core technologies and components, while adding consultancy or managed services for the issues that require less time means too much complexity for existing staff.
Do you want to get started on your cybersecurity?
Are you curious about solutions that fit your organisation and, most importantly, how they could be managed? Feel free to contact us for an appointment.