Disrupting Security – The Trusted Digital Fabric

Introduction

Over the course of the last months, I had quite a few discussions about the future of Cyber Security and in parallel I had time to think about it myself. As I feel that we are at a real turning-point, I decided to write a series of blog posts about where I feel security must head to and where the fundamental challenges are these days.

I guess it is not necessary to stress that the way people look at Cybersecurity changed over the last weeks as well – it became a key topic on a top management layer again. As dramatic as recent events are they are an opportunity to do what should have been done for a long time. The overall risks did not change, only the likelihood might have – and thus our response can not change only the focus might.

Only final point to make as an introduction: All the measures customers were taking over the last few weeks showed it clear to me that if you rely on a modern security architecture, these measures are pretty straightforward to implement, enforce and monitor. This means to me that we are all on the right track.

Talking about a modern security means starting with the company’s purpose.

The Business

When I talk about digital transformation, I often start with the company’s purpose. I am convinced that you cannot run a transformation process if you do not know the purpose of the company. I am not talking about the usual platitudes, not about shareholder value. I am talking about the reason, why people get up in the morning and go the extra mile. It is mind-blowing to me that when I work with students and ask them the simple question “Why do you get up in the morning and go to work (and don’t tell me it is because of the salary you get)” how rarely I get a satisfying answer and how often I see frustrated faces. This is about leadership!

I rarely start such discussions with us but if we do that, this is Microsoft’s Mission:

Our mission is to empower every person and every organization on the planet to achieve more.

Thinking about this mission and breaking it down to what we do as individuals every single day, it can get you going if you apply it to your work. For security, Rob Lefferts (CVP XDR) recently framed it well. Based on the Microsoft mission, this means for us in security to…

… help customers to build and run a trusted digital fabric – hybrid and multi-cloud.

The Trusted Digital Fabric

If we link that back to the customer mission: Wherever you work, these days almost all companies look into their digital transformation, and this is reflected in their mission statement (I hope). If this holds true, then you will want to build and run a trusted fabric across hybrid and multi-cloud. The term “trust” is relevant here. You want to have a platform you trust no matter where your workloads are.

I guess we can agree that a trusted fabric is absolutely needed but what does that mean? In my opinion, the trusted fabric needs to deliver three functions:

• Great User Experience: I want to simplify security. Security must be transparent and “just be there”, it needs to be easy, simple, and integrated. My mom must be able to understand it! I deliberately start with the user as this is key.
• Great Business Value: This is one of the key reasons for the digital transformation. You want better business insights and want to leverage this to drive business value. There is a huge disruptive potential here (if you know your purpose).
• Know Your Resources: The fabric shall help you to know your resources (information and devices), classify and protect them.

This is the fabric, which you then want to monitor and protect all up, surrounded by a strong Governance, Risk, and Compliance Management.

This picture summarizes this view:

To get this value out of your fabric, it must be simple, automated and integrated – and provide the needed elasticity. We need to re-think the way we build and run such environments. Integration and especially automation is a must. Today, business wants solutions to their problems in three months – not 1.5 years anymore.