Fortinet Security Fabric

Organizations need to stop thinking about networking and security as separate strategies, instead, securing digital acceleration efforts require networking and security teams to converge their visions. Fortinet Presents Securing Your Digital Journey in association with CNBC-TV18 where speakers Hitesh Mulani, Vice President and Group CISO at Mahindra & Mahindra and Vishak Raman, Vice President of Sales, India, SAARC and South East Asia at Fortinet voiced their views.

In a session moderated by Gautam Srinivasan, the conversation started with how cloud transformation journeys have evolved so quickly and exponentially. Due to this attack surfaces have also expanded. If companies need to converge networking and security where should they start?

Sharing his thoughts Mr. Vishak said, "When we look at the network transformation, we are entering the hybrid era where networking is no longer working in silos. It's getting converged with security. This convergence is essential and is being driven by applications moving away from traditional data centres and entering hybrid networks. With 5G and IT/OT integration coming to the forefront, the edge has also expanded. This presents a great opportunity to redesign your networks with security as the foundational networking feature."

From an enterprise perspective, Mr Hitesh said "If we go down to the basics, 70% of what we want to secure can be done with the IT Networking devices and at the OS layer. There's a lot that can be achieved by having IT hygiene itself. Convergence was always there; the form factor has now changed. We've moved from a traditional on-prem form factor to an unseen form factor which is managed by service providers in the cloud space. It's become a seamless journey to go to the cloud with very few layers and finding the right partner for the journey to the cloud is key."

Silos are being created and this is a problem which usually large enterprises face as compared to small or medium enterprises. Given the numerous changes in the digital economy, how can infra and security be brought together under one single vision? Sharing his thoughts Mr Hitesh said, "They have always had to be looked at collectively. Security rules have to be applied to the infra. Earlier someone set the rules, and someone followed them. Today, it's all about the convergence of those components - from management to configuration. The role of the CISO is to be the third eye and police the entire operation.”

IT and OT have merged together as industrial IoT comes into focus. What has the impact been like? How can this interconnectedness be effectively secured? Sharing his thoughts Mr Vishak said, "Today, businesses are demanding what's your production data? What's your predictive downtime? For this, you need to have your IT and OT merged. Businesses are demanding a common dashboard for data on all the production assets. But once they are integrated, the attack surfaces expand. So, you need to have the capability to segment them properly and gain proper visibility and control. You also need to ensure that what you set as an IT guideline is also applicable to your OT environment because the perils on the OT side are far more impactful if you don't look into the security posture on this side."

What happens when OT becomes the weak link? As a CISO of a leading manufacturing large enterprise Mr Hitesh said, "Cybersecurity heads in the country are usually those who have come from the IT side. OT requires a completely different approach. If you look at confidentiality, integrity, and availability to be the main pillars of IT security, in OT security you flip the entire grid. You're talking about connecting both environments without compromising the pillars at both ends which take priority. At the production end, you have to ensure no downtimes and on the other end, you've to ensure extreme data security. The journey requires rethinking of what components already exist and getting the fundamentals right.

Fine-tuning the existing components can help you gain control of almost 70-80% of these environments by effective firewalling or air-gapping the environments. Applying capabilities that are lying in the OT environment for critical infrastructure projects and organizations is extremely important because companies like manufacturing, pharma, oil, & gas need to start looking at OT very seriously and securing the environment to prevent downtime. While there can be synergies of thought a lot needs to be done differently at both the environments."

Considering the need for integration and consolidation is Cybersecurity Mesh Architecture going to be the default approach for building advance cybersecurity? Agreeing to this Vishak Raman concludes “Cybersecurity Mesh Architecture gives you the ability to detect threats faster, remediate threats faster and bring in a level of automation in responding to threats. It is a journey, and what we are seeing is the early signs of consolidation with networking and security coming together and delivering value proposition to the customers.”

To watch the full episode, click here: https://www.youtube.com/watch?v=WznY0OfcK_w

This is a Partnered Post

First Published:Mar 22, 2023 5:28 PM IST