RSAC Videocast: As network perimeters shift and ecosystems blend, the role of MSSPs solidifies

By Byron V. Acohido

Deepening interoperability of AI-infused systems – in our buildings, transportation grids, communications systems and medical equipment — portend amazing breakthroughs for humankind.

Related: The coming of optical infrastructure

But first businesses must come to grips with the quickening convergence of their internal and external computing resources. And that’s no small task.

I had the chance to discuss this with Shinichi Yokohama, NTT Global CISO and John Petrie, Counselor to the NTT Global CISO, at RSA Conference 2023. It was a rare opportunity to get the perspective of senior executives responsible for protecting a Fortune 100 global enterprise.

We discussed how the boundaries between in-company and out-of-company IT infrastructure have become increasingly blurred making network security more challenging than ever. For a full drill, please view the accompanying videocast. Here are a few takeaways:

A converged ecosystem

Cloud migration and rapid software development were both on a rising curve when Covid 19 hit and the global economy suddenly shut down in 2020. As companies adjusted in the post pandemic operating environment, Internet-centric services rose to the fore.

This accelerated the convergence of on-premises and cloud-hosted IT infrastructure. Today, data storage and processing power are prominently  supplied by Amazon Web Services, Microsoft Azure and Google Public Cloud; and everything from software development to supply chain management happens on the fly across servers, endpoints and mobile devices interconnecting across cloud-hosted and on-premises datacenters.

Yokohama observed that once clearly defined network boundaries have all but disappeared, making network security a very difficult challenge. “From the security point of view, the definition of network security has become very blurred,” he told me.

Petrie explained how digital convergence is playing out at a deeper level via the increased cross-coupling of traditional IT operations and network security responsibilities. “From a technical perspective, what we’re seeing is the dissolution of the perimeter itself — it no longer exists,” Petrie says. “We must now start thinking about security as a converged ecosystem. We must protect the cloud, and, in some cases, we must protect on-prem systems that aren’t ever going to be in the cloud, as well. The big changes have happened in the convergence and the digitalization of the ecosystem, especially over the last three years.”

Towards zero-trust

So how should CISOs steer their organizations? Yokohama and Petrie emphasized the importance of moving toward a zero-trust framework. In today’s hyper interconnected operating environment, this comes down to                 parsing and combining multiple legacy and next-gen security technologies tailored to fit the unique needs of the organization.

“What we’ve seen is that most companies are now driving towards a zero-trust framework and they’re finding that you really can’t have a single solution; it has to be multiple solutions to get you there,” Petrie says.

Yokohama added that the first step CISOs must take is to thoughtfully establish a meaningful security architecture, one that addresses the organization’s distinctive needs and also takes into account operations and governance.

“Traditionally most corporations have had a perimeter-based security architecture, but in the era of cloud and mobile, etcetera, the enterprise needs to have a North Star,” Yokohama says. “Once the CISO has defined this security architecture North Star, then decisions can be made, piece by piece, about which technology solutions are needed . . . the architecture must come first, and then they can decide which product choices they would prefer.”

MSSPs’ larger role

The security tenets these senior security executives laid out for me clearly work for Fortune 100 corporations. Yet the argument can be made that in a post-Covid operating environment, these principles are just as valid for mid-market enterprises and even small- and medium-sized companies, as well.

After all, companies of all sizes and in all sectors are intensifying their reliance on cloud-hosted IT infrastructure and SaaS tools and services.

And this is where managed security service providers (MSSPs) enter the picture.

Demand for richer MSSP services was already gaining momentum prior to Covid 19; this demand spiked as the global pandemic spread across the planet. By one estimate, companies are on track to spend $77 billion on MSSP services by 2030, up from $22 billion in 2020.

NTT Global is a longstanding player in the MSSP space; it maintains a large MSSP unit that coordinates protection of its myriad operating divisions, and it also contracts out MSSP services to its customers and partners.

“The mission is, first, ensure internal security, then, second, to leverage this knowledge to our external client service,” Yokohama says. “We’re happy to bring our knowledge and experience as a holistic solution to the client.”

It wasn’t too long ago that MSSPs mainly helped their customers monitor traffic logs as part of filtering for anything suspicious, Petrie says. Today, MSSPs increasingly help companies do much more sophisticated analysis, such as spotting known attack sequences or monitoring users’ behavior patterns to catch any anomalous activity, he says.

Innovative product usage

It’s notable that new technologies and richer services are only part of the equation when it comes to adequately securing digital convergence. An equally important variable is how humans users end up putting new tools and services to work, Yokohama argues. He emphasizes the importance of not just product innovation, but also inspired use of new technologies and emerging best practices.

For example, he pointed to how a disruptive AI tool, like ChatGPT, embodies a technology breakthrough that, at this moment, awaits a human usage breakthrough, with respect to network security. “Somehow, somebody has to work out how to use this new technology in a smart and secure way,” Yokohama observes. “When people say innovation, they’re typically referring to product innovation or product development. Going forward, I think how we use products smartly and in a secure way, in itself, also becomes an innovation.”

The mainstreaming of zero-trust frameworks, a rising role for MSSPs, smarter usage of new tech – these are all part of digital convergence that is still in an early phase of coalescing; hopefully we’ll arrive at a greater good.

“I am a super optimist, so I see a very promising opportunity,” Yokohama says. “ Security, as well as trust, are the foundation for a successful digital society and NTT wants to be a part of such journey.”

What’s to happen next? I’ll keep watch and keep reporting.

Acohido

Pulitzer Prize-winning business journalist Byron V. Acohido is dedicated to fostering public awareness about how to make the Internet as private and secure as it ought to be.


(LW provides consulting services to the vendors we cover.)

Share on FacebookShare on Google+Tweet about this on TwitterShare on LinkedInEmail this to someone