TRENDS IN CYBERSECURITY 2022 - Secure an accelerated digital transformation - Capgemini

Page created by Annette Fuller

Society

English

Like
Share
Embed
Fullscreen
Slides
Download HTML
Download PDF
Abuse

←

→

Page content transcription

If your browser does not render page correctly, please read the page content below

TRENDS IN CYBERSECURITY 2022 - Secure an accelerated digital transformation - Capgemini

TRENDS IN
CYBERSECURITY
2022
Secure an accelerated digital transformation

Trends in Cyber securit y 2022

Secure an accelerated
digital transformation
Cybersecurity is a core business Against this backdrop, we decided we Perspective
requirement, providing a secure needed a whole new trends report:
foundation to transform your Trends in Cybersecurity. This is the To give you an idea of the scope of
enterprise and support your business. first edition. It contains the bundled cybersecurity, we felt it would be a
How do you maintain oversight and expertise of our experts, tackling good idea to put it in perspective.
control over your cyber risk program? cybersecurity from all its viewpoints. Because you might be tempted to
How fast can you go back to business Taken together, it serves as a body of think of cybersecurity as an IT-issue,
as usual when cybercrime hits your insights that will hopefully help you when in fact its impact is much
organization? And does your organization give shape to your own cybersecurity broader than that. The opening article
have a scalable approach to operating IT strategies. of this report attempts to paint this
security? canvas, through an interview with
While writing the report, we were TenneT’s Associate Director of Safety
Questions such as these are more lucky enough to compare notes with and Security Gineke van Dijk. Her
relevant than ever. COVID-19 has Mauriche Kroos, Manager Information company’s field of operation is where
permanently transformed the ways we Security & Protection at Enexis. This public sector, private sector,
do business and handle sensitive management summary’s short technological and geopolitical
information. Technology and thought introduction of the contents of this considerations meet.
are changing rapidly; we now have to report is accompanied by Mauriche’s
make sure these developments go thoughts on the different topics we
hand in hand with a continuous focus touch upon.
on cybersecurity in all its guises.
Current, unprecedented geopolitical
developments make such a renewed
focus even more critical.

Artificial Intelligence Cyber resilience as a Organizing Information
With all the talk about AI nowadays, continuous process through Cyber Threat
you might be tempted to think that Cyber resilience is a team effort. And Intelligence
AI’s the answer to everything. one that requires continuous For companies, the question often is
Including every issue of cybersecurity attention. Technology alone doesn’t not if they will get hacked, the
you might think of. And as you’ll read cut it. In this article, the authors question is when. So when you’re
in our article, the uses of AI are many propose a way to organize and targeted, you’d better be prepared.
indeed. But its authors also have a integrate cyber resilience, through And when the attack hits, do you
word of caution: treat carefully. What three foundational principles: know how to respond and stop it from
are the basic considerations for any collaboration between your teams, happening again? In this article, the
AI-driven approach? This article tells judicious automation of tasks and authors propose an analyst-centric
you all about it. In Mauriche Kroos’ processes and continuous methodology to prepare for and
words: ‘AI is very useful. For improvement of your resilience respond to cyber threats: Cyber
automation related tasks, for
Threat Intelligence. Through CTI, you
instance. And you can rest assured our Tool complexity versus can organize and secure an
adversaries are certainly trying to agility and vendor- information position that allows you
reap AI’s benefits. This alone
legitimizes investments in AI – we independence to stay on top of cybersecurity, and
ahead of bad actors.
have to keep up with the bad guys. How quickly can your organization
Along the way, though, we will have respond to outside threats? It all Dealing with
to find ways to deal with comes down to agility. And agility
organizations’ understandable mostly isn’t served by a complex IT
ransomware: it’s all about
reservations. And we’ll have to find landscape, consisting of many point being prepared
better ways to monitor AI’s solutions offered by different Ransomware is one of today’s most
performance; it can be hard to find vendors. Such an IT landscape can be harmful types of cybercrime. In the
out whether our AI strategies are hard to manage, improve or adapt to first six months of 2021 alone, the
actually working as we intend newfound threats. A platform world faced 304.7 million ransomware
them to.’ approach can be a good way to attacks; an increase of 150%
safeguard agility, integrating
The business case different process into a unified
compared to 2020. This article sheds
light on some high profile, recent
for SOC solution that is easy to manage or examples of ransomware – and the
scale. On the other hand, best of lessons that can be drawn from those
With a 50% increase of cyberattacks
breed solutions from beyond the incidents. Dealing with ransomware
in 2021 compared to the year before,
platform can still be very useful. all comes down to preparation: with
the business case for Security
There are no easy answers, in other effective crisis management plants, a
Operations Centers is basically writing
words, but this article still succeeds in clear communication strategy and an
itself. At the same time, SOCs are
providing some useful guidelines. organization-wide effort to educate
having a very hard time keeping up
Mauriche: ‘These days, big vendors and train your teams. And, just as
with threats, due to a shortage of
mostly compel us to purchase full- importantly, you should come up with
skilled staffing. It’s a paradoxical
range capabilities, not point solutions. ways to keep the business running
situation that urgently needs
And of course this has big advantages. while all the lights go out.
solutions. In the realization that labor
But on the other hand, tendering Mauriche: ‘It’s not enough to simply
market conditions aren’t going to
processes become more complex and recruit an army when someone
change any time soon, this article
more lengthy and expensive. declares war on you; you need to have
explains how we leverage technology
Choosing a platform also means tying that army in place in peacetime, too,
to increase the effectiveness and
yourself to a single vendor, which is and practice, practice, practice. It’s
scope of the Security Operations
not always the best option from a the same with ransomware.
Center. Mauriche: ‘It’s highly probable
client perspective. Integrating best of Guidelines or strategies or scripts
that the implementation of an SOC
breed solutions becomes harder, as won’t suffice. Companies need to
will become a legal requirement for
does retaining your independence. As regularly practice with all kinds of
most companies, especially for those
always: buyers beware and your cybercrisis scenarios (including
active in critical infrastructure. And
mileage may vary, YMMV!’ ransomware, data breaches and
rightly so. It should be a top priority
for all of us; technology and the right nation-state actor attacks), so that
processes and people to enable it, can they are ready to deal with any
help us make it happen.’ situation.’

2 Trends in Cyber securit y 2022

True security requires a                    landscape of rules, legislation, and       How automated cloud
                                            recent global developments can
new way of working                          provide challenges, especially when it     security can liberate the
Start-ups, medium and large                 comes to processing state-secret           business
corporations have the same security         classified data. This article gives an
                                                                                       Moving workloads to the cloud at
challenges. They must react quickly         overview of recent developments,
                                                                                       scale can enable new business
against threats and known                   and indicates the limitations of public
                                                                                       models, shorter time-to-market, and
vulnerabilities in their solutions.         cloud when it comes to classified
                                                                                       more resource flexibility. It can also
Awareness of their landscape is             data. The public sector will soon have
                                                                                       present unique challenges in being
paramount, and a complete overview          to make a choice: fully embrace public
                                                                                       secure and compliant. Nevertheless, if
of their environments and assets,           cloud, and accept the need for
                                                                                       automation is applied in cloud
threats and vulnerabilities, the            mitigating measures to counter its
                                                                                       security, resources can be focused on
resulting risks, and mitigation for         inherent vulnerabilities, or stick to
                                                                                       innovation, business development,
each risk is a must-have. Full control is   private clouds that offer more
                                                                                       and growth without compromising
only possible by having the necessary       security – but less opportunities to
                                                                                       data protection and control over
processes in place; processes               reap the potential benefits of cloud
                                                                                       information. This article goes over
supported by technology for                 technology. Mauriche: ‘We’ve been
                                                                                       areas where automation can be
automated tooling within and outside        working with cloud native architecture
                                                                                       applied and how to leverage
the CI/CD pipeline. On top of that,         since 2017. And it’s been a good
                                                                                       automation to reduce risk and
companies must maintain a balance           experience for us from a security
                                                                                       maintain a high-security posture.
between standardization and                 perspective, providing us with the
flexibility. All in all, safeguarding a     scalability we need, the cost
secure landscape may require a whole        advantages we seek and the time to
new way of working. A way of working        market/time to change advantages
that revolves around the right              we aim for. A chief piece of advice:
combination of people, processes,           don’t become dependent on one
and technology.                             single vendor.'

SAP security should be                      Securing business
approached as a                             involvement in
cybersecurity issue                         Zero Trust
SAP’s out-of-the-box cybersecurity          Most of the time, Zero Trust is strictly
capabilities primarily focus on identity    regarded from a technology
and user account protection and data        perspective. But this new standard for
encryption. These key controls              access management is far more than
provide the first line of defense, but      just an infrastructure challenge; it
blind spots still exist. The average        requires the involvement of the
SAP landscape is vulnerable to              business to work as it’s supposed to.
advanced cyber threats – and such           Artificial Intelligence can help us to
threats could potentially cause critical    create policies for effective access       Dennis de Geus,
business disruption. Therefore, in a        control, but the access control
                                                                                       Head of Cybersecurity,
highly complex SAP environment, you         decision itself should always be the
                                                                                       Capgemini Netherlands
should start approaching SAP security       business owner’s prerogative. In the
from a cybersecurity perspective. The       end, only the business has the
SAP silo and cybersecurity silo should      knowledge and the (ethical) compass
become as one. This article provides a      to make informed decisions. This is
detailed discussion of how you can          what Zero Trust allows us to realize:
realize this integration.                   secure access through technology –
                                            with a human (and humane) touch.
Navigating classified data                  Mauriche: ‘In applying Zero Trust, you
in the public cloud                         should choose an integrated
                                            approach. A purely technological           Mauriche Kroos,
The Dutch public sector is making           approach won’t do. Business
great strides in its public cloud                                                      GISO at Enexis
                                            engagement is an essential part of
journey. However, the ever-changing         its success.'

                                                                                                                            3

Content
Section                              Title                                      Author                Page
                                                                                                      No.
                                     Secure an accelerated                      Dennis de Geus        01
                                     digital transformation                     Mauriche Kroos
                                     The challenges of cybersecurity:           Gineke van Dijk       06
                                     a customer’s perspective                   Dennis de Geus

Cloud
                                     Data protection in the public cloud:       Manisha Ramsaran      10
                                     a vision on the Dutch public sector        Ruben Tienhooven

Cyber Resilience
                                     Combining colors and automation in         Alex Verbiest         16
                                     IT security

                                     Cyber resilience through platform-         Remco Vedder          21
                                     based approach, reducing tool clutter      Jeroen van Hulst
                                                                                Sarah Dil
                                                                                Sebastiaan de Vries

                                     Cyber threat intelligence: painkiller or   Saskia Kuschke        27
                                     cure for cyber incident response?          Erik van Dijk

                                     The ransomware epidemic and the            Rachel Splinters      31
                                     importance of crisis management            Manouck Schotvanger
                                                                                Fokko Dijksterhuis

                                     SOAR - a technology to improve and         Folkert Visser        35
                                     speed up phising responses                 Stef Bisschop
                                                                                Sjra Maessen

Artificial Intelligence
                                     The impact and considerations around       Laura Adelaar         40
                                     AI-driven detection and response           Max Mol
                                                                                Niels den Otter
                                                                                Sebastiaan de Vries

4   Trends in Cyber securit y 2022

Section      Title                                   Author                 Page
                                                                            No.

Automation
             Automation - a key component to         Jean de Smidt          48
             secure cloud workloads at scale         Thijs Verkuijlen
                                                     Rafik Nasiri

             Keeping your application landscape      Barry Jones            54
             continually secure in a dynamically
             changing world

             Securing the SAP landscape - Bridging   Yogita Mahajan         59
             Cybersecurity and SAP                   Rutuja Shedsale
                                                     Ankit Arya
                                                     Kriti Biswas
                                                     Sagarika Ghosh

Zero Trust

             Zero trust, a shift-up in security      Peter Hoogendoorn      66
             governance                              Paul Pelzer
                                                     Jasper van den Vaart

             Publications                                                   71

                                                                                 5

The challenges of
                                     cybersecurity:
                                     a customer’s perspective
                                     The fact that we’re, for the first time, devoting an entire trend report to
                                     cybersecurity should tell you something: that cybersecurity is one of today’s top
                                     priorities. Of course, this in itself won’t come as a surprise, but what does
                                     surprise us all every now and again is the enormous impact cybersecurity can
                                     have on our organizations. Threat-wise, of course, but also from a threat-
                                     preventive perspective.
                                     Traditionally, cybersecurity is regarded as an IT-focused field and is prioritized as
                                     such. At Capgemini, too, we come across many companies – both public and
                                     private - where cybersecurity is regarded as a technological issue. As a result, the
                                     significant impact a lack of security can have on the whole organization is often
                                     underestimated. As you’ll read in the following, the true scope of cybersecurity
                                     goes far beyond just that of IT.

6   Trends in Cyber securit y 2022

Energy transition                          Holistic
                                         Current international developments         Elsewhere in this report, the various
                                         once again show that cybersecurity         technical aspects of cybersecurity
                                         must be a top priority. This is            enhancement are discussed. But
“There’s always a risk of safety and     especially felt in the energy and          that’s not only what Gineke’s role is
security neglect, due to a lack of       utilities sector, where cybersecurity is   about. She also has to make sure that
attention or prioritization. But on      an extra aspect to be addressed in         cybersecurity remains a top priority
the other hand, there’s also a risk      already disruptive times. TenneT is a      from a more holistic viewpoint:
                                         good example. As transmission              “There’s always a risk of safety and
of hasty, bad decision making, as a
                                         system operator, the company is            security neglect, due to a lack of
result of the increasing pressures       tasked with expanding the energy           attention or prioritization. But on the
and demands of the outside world.        grid to support the energy transition,     other hand, there’s also a risk of
A lack of security costs money, but      while making sure that services to         hasty, bad decision making, as a result
bad security also costs money. I         current customers continue                 of the increasing pressures and
have to make sure we keep on             unimpeded. All against the backdrop        demands of the outside world. A lack
                                         of challenging geopolitical                of security costs money, but bad
doing the right thing, at the right
                                         circumstances, increasingly strict         security also costs money. I have to
time. It’s a responsibility we believe   rules, and regulations – and the           make sure we keep on doing the right
is or will be recognized by others       company’s own determination to do          thing, at the right time. It’s a
with an end-responsibility for           its part to safeguard the (cyber)          responsibility we believe is or will be
cybersecurity, especially in the         security of its operations, that of the    recognized by others with an end-
                                         sector as a whole, the markets it          responsibility for cybersecurity,
critical infrastructure.”
                                         operates in and the people it serves.      especially in the critical
                                         We talk to TenneT’s Director of Safety     infrastructure.”
                                         and Security and CISO Gineke van Dijk
                                         about the many ways cybersecurity
                                                                                    Rules and regulations
                                         impacts this crucial link in the           Of course, doing the right thing in
                                         electricity supply chain.                  itself is not something that’s under
                                                                                    discussion. The company isn’t blind to
                                         Heart                                      current developments, and well aware
                                         Operating at the heart of the energy       of its own role and responsibilities.
                                         transition, TenneT is a fundamental        But even if it wasn’t, regulators would
                                         part of its success. The circumstances     force the company to keep its eyes on
                                         wherein TenneT is operating are            the ball. Indeed, the European Union
                                         evolving rapidly.                          is currently in the process of
                                         Gineke: ‘Due to digitalization and         implementing a whole range of new,
                                         geopolitical developments, the             or tightened, rules and regulations.
                                         pressure on the transition process         Gineke: ‘One of the European Union’s
                                         towards a CO2-neutral energy system        responses to increased cybersecurity
                                         is growing and its scope is increasing.    threats is a new set of reinforced
                                         We have to make sure that the energy       regulations. Through NIS2 and the
                                         system stays up, with 99,999%              Network Code on Cybersecurity, the
                                         reliability – and at the same time, we     EU is really tightening its policies. The
                                         have to transform and expand the           energy sector is on a tight leash. And
                                         energy grid rapidly. It’s an enormous      we should be.’ At Capgemini, we
                                         challenge. In the physical domain, but     expect this growth in regulatory
                                         also in cybersecurity. Our sector has      requirements will drive a CISO’s
                                         been on the radar of bad actors for        agenda for the coming period.
                                         quite some time.’

                                                                                                                           7

Scope                                     with legislation, while the people we       IT domain.’ At Capgemini, we believe
                                          need are so hard to find? This is a big     that CISOs should be asking
The Network Code on Cybersecurity         worry for us right now.’                    themselves questions such as: Do we
contains rules on cybersecurity                                                       have a clear insight into the cyber
aspects of cross-border electricity       So, on the one hand, the scope of
                                                                                      risks across our value chains? What
flows. NIS2 is a revised version of the   cybersecurity is increasing. And on
                                                                                      does my cyber staffing plan look like,
existing NIS Directive on Security of     the other hand, the supply of
                                                                                      and how does it impact my decision to
Network and Information Systems.          qualified personnel is tight, and
                                                                                      do activities ourselves or to engage
One of the big changes is its increased   becoming tighter. Plus, with the new
                                                                                      partners for certain activities?
scope. Before, it was aimed at large,     legislation, it’s easy to lose oneself in
                                                                                      Governments, departments, grid
essential companies such as power         monitoring and reporting requirements.
                                                                                      operators and other chain partners
companies and water companies; NIS2       But especially for an asset-heavy
                                                                                      alike should realize that, when it
also applies to (smaller) companies       company such as TenneT, there’s
                                                                                      comes to cybersecurity, we’re in this
that are part of the same value chains.   another aspect that requires
                                                                                      together. And as far as Gineke’s
As a consequence, Third Party             attention: the physical supply chain. A
                                                                                      concerned, it is high time that
Security Risk Management                  wide range of technology can have an
                                                                                      everyone involved gets together to
increasingly requires attention. Taken    impact on the grid, including modern
                                                                                      reflect on their shared responsibility:
together, the new pieces of               (IoT-) infrastructure such as charging
                                                                                      safeguarding the cybersecurity in
legislation have higher requirements      stations operated by other
                                                                                      Europe, in the Netherlands, in every
regarding data protection,                companies. TenneT hardly has
                                                                                      company and every household:
infrastructures, and information          influence on these systems. And
                                                                                      “currently, collaboration leaves a lot
sharing, along with stricter              although most cyber attacks seem to
                                                                                      to be desired. Departments, public
monitoring (and more severe               happen on IT systems, OT systems are
                                                                                      organizations, governments – there’s
penalties) from the EU. Complying         vulnerable to the same threats.
                                                                                      a great deal of fragmentation.
with these rules and regulations takes    Gineke: ‘someone working in OT may
                                                                                      Effective information sharing
up even more valuable resources – a       find it hard to imagine that his asset’s
                                                                                      between relevant parties isn’t a given,
fact that’s exacerbated by the bigger     downtime is related to a cyber
                                                                                      and full compliance with new
role of chain responsibility.             situation. Our cyber teams, then,
                                                                                      legislation will be a big challenge –
                                          should not only be in contact with
A company like TenneT can only ever                                                   especially for companies newly added
                                          each other, but also with OT
be safe if it collaborates with and                                                   to the scope. If we are to safeguard
                                          colleagues, sharing knowledge and
supports smaller chain partners with                                                  commodities such as electricity, now
                                          information. And everyone should be
fewer resources. As always, the chain                                                 and in the future, we will have to work
                                          aware of the cybersecurity
is only as strong as its weakest link.                                                together every step of the way, under
                                          perspective. Cybersecurity has
Gineke: ‘The new legislation is                                                       the clear prioritization and direction
                                          expanded far beyond the traditional
Europe’s response to the changing                                                     of our governments.”
landscape. For TenneT, it’s becoming      About the authors:
more vital each day to avoid becoming
dependent on undesirable third
parties. Making sure of this entails
closely working together with other
companies, public organizations, and
governments. And as NIS2 points out,
we have to strengthen our
information sharing and collaborative     Gineke van Dijk
efforts with other essential              Director Safety & Security TenneT TSO BV
companies and organizations, but also
with parties beyond that scope that
are part of the same ecosystem.
Collaboration-wise, there’s a lot of
room for improvement. Public
organizations and government
departments can step up in aligning
                                                                     dennis.de.geus@capgemini.com
with each other, and with companies
such as ours, and vice versa. And apart
from this: it’s really hard to find
qualified personnel, across the board.
So how do we realize our own security     Dennis de Geus
ambitions, and secure compliance          Head of Cybersecurity Capgemini Nederland B.V.

8   Trends in Cyber securit y 2022

01
     CLOUD
             9

Cloud

Data protection in the
public Cloud: a vision on
the Dutch public sector

                                                                                      Highlights
                                                                                      • The public sector is
                                                                                        increasingly embracing
                                                                                        public cloud adoption.

                                                                                      • 2022 is a marking point.

                                                                                      • One of the biggest
                                                                                        challenges is processing
                                                                                        state secret classified data in
                                                                                        the public cloud.

                                                                                      • There are several initiatives
                                                                                        for European and national
                                                                                        private cloud solutions.

                                                                                      • It is up to the Dutch public
                                                                                        sector to decide what its
                                                                                        future will look like.

     01
                                 What are the most important data protection rules
                                 and developments regarding the use of public clouds
                                 for the Dutch public sector?
 Trends in Cybersecurit y 2022   The Dutch public sector is making great steps in its public cloud journey.
                                 However, the ever-changing landscape of rules, legislation, and recent Mondial
                                 developments can provide challenges, especially when it comes to processing
                                 state-secret classified data in the public cloud. This article gives an overview of
                                 recent developments and provides insight into the data protection dilemma that
                                 the Dutch public sector currently faces: deciding to what extent its most sensitive
                                 data should be processed in the (public) cloud.

10

that this data could be processed in
The big move towards                       Because of several (political)
                                                                                        the public cloud if several conditions
                                           developments over the years, the
the public cloud                           reluctance towards public cloud              were met to detect and prevent
In the coming years, most Dutch            services gradually transitioned into its     threats of state actors[4]. The
governmental organizations will fully      embrace by Dutch public sector               processing of state secret classified
embrace cloud services’ adoption. A        organizations. Highlights include:           data was still not permitted.
Gartner study shows that 63% of            • In 2011, Minister Donner reported        • In 2022, the Rijksoverheid will
government cloud computing                   that only a small part of cloud            publish guidelines for the Dutch
initiatives have succeeded over the          service providers and offerings            public sector to manage risks in
past years[1]. Cloud services offer          were on the right maturity level           relation to public cloud services.
many valuable opportunities, from            for the Dutch public sector[2].            This clarifies the responsibilities
working (remotely) more efficiently to       The cloud applications existing at         regarding the adoption of data
serving citizens optimally. Public           that time did not fully meet the           protection and security measures.
sector organizations are increasingly        specific wishes and data protection
opting for public cloud solutions.                                                    It can be concluded that the Dutch
                                             demands, for example, to store           governmental organizations are
Public cloud ‘hyperscalers’ offer these      sensitive data.
solutions, such as Microsoft, Google,                                                 offered more guidance and support to
and Amazon, and offer great                • In 2019, an official advisory            kickstart and continue their public
scalability/flexibility options to store     document about public cloud              cloud journey[5].
and process data.                            adoption was published[3]. This
In general, processing data in the           document explored the cloud
public cloud demands digital                 policy of the Dutch public sector.
resilience more than the ‘classic’           It elaborated on data classification
on-premise concept. In all cases,            in the public cloud, stating that the
(personal) data in the cloud must be         use of the public cloud for data on
handled securely and privacy-friendly,       the ‘departmental confidential’
especially when it comes to sensitive        level was not allowed unless specific
data.                                        conditions were met and that the
                                             processing of state secret classified
                                             data was not permitted.
                                           • In 2019, ‘Nationaal Bureau voor
                                             Verbindingsbeveiliging’ (NBV)
                                             declined to confirm whether data
                                             processing in the public cloud
                                             could meet the conditions for data
                                             classification as ‘departmental
                                             confidential’. However, in 2021, it
                                             changed its decision and advised

                                                                                                                              11

Cloud

Overview privacy &                            GDPR is applicable to all                       framework. The BIO offers various
                                              governmental organizations within               measures, based on a risk-based
security regulations                          the European Economic Area (EEA)                approach, to ensure the security of
When processing data in the public            and describes the conditions for                information. For example, the BIO
cloud, various laws and regulations           processing personal data and which              contains various measures for
apply for the Dutch public sector at          criteria they must meet. It focuses on          government agencies to maintain
both national and European levels.            several privacy principles, such as             confidentiality, integrity, and
This includes the following main              limiting the processing of (sensitive)          availability of data. The BIO uses Basic
regulations:                                  personal data and obligations in the            Security Levels (BBN’s) to keep risk
                                              context of data subject rights.                 management manageable, efficient,
Data protection                                                                               and transparent.
                                              Information Security
In terms of data privacy, the General                                                         Depending on the BBN level, certain
Data Protection Regulation (“GDPR”)           In the field of Information Security,           measures need to be implemented.
forms the baseline for protecting             the Government Information Security             See figure 1 for a complete overview.
personal data in the public cloud. The        Baseline (“BIO”) is the most important

          Data               Authentication               Authorisation               Data Security           Public Cloud Storage
Publicly accessible       None                        None                        Encrypted storage           Possible
information

Unclassified              Authentication ‘‘low’eH2    Authorisation required      Encryption during           Possible with security
                          / eIDAS: ‘low’User-ID/      (member of organization)    transport outside the       measures BIO2020-
                          Password                                                own network and             BBN2
                                                                                  encrypted storage of
                                                                                  data. Manage own keys
Departmental              Authentication              Authorisation on specific   Encryption during           Possible with security
confidential              ‘substantial’eH2 / eIDAS:   role                        transport and storage.      measures BIO2020-
information               ‘substantial’2-factor                                   Manage own keys.            BBN2
Confidential              authentication SMS/
                          token
Personal data             Authentication              Authorisation on specific   Encryption during           Consideration of type
(processing standard      ‘substantial’eH2 / eIDAS:   role                        transport outside the       of application/system
personal data)            ‘substantial’2-factor                                   own network and             DPIA and security
                          authentication SMS/                                     encrypted storage.          measures BIO2020-
                          token                                                   Manage own keys.            BBN2
Personal data             Authentication              Authorisation on specific   Encryption during           Consideration of type
(processing special       ‘substantial’eH2 / eIDAS:   role                        transport and storage.      of application/system
categories of personal    ‘substantial’2-factor                                   Manage own keys.            DPIA and security
data)                     authentication SMS/                                                                 measures BIO2020-
                          token                                                                               BBN2

Criminal and judicial     Authentication ‘high’eH2    Authorisation on specific   Encryption during           Consideration of type
(personal) data           / eIDAS: ‘high’2-factor     role                        transport and storage.      of application/system
                          authenticationPhysical                                  Manage own keys.            DPIA and security
                          identification (passport,                                                           measures BIO2020-
                          ID-card, issue reliable)                                                            BBN2
State secret              Authentication ‘very        Authorisation on ‘need to   Encryption in transit and   Not possible
confidential              high’ Physical              know basis’                 at intermediate stations
information               identification (passport,                               via message security.
                          ID-card, issue physical)                                Manage own keys.
                                                                                  Minimise data transport.
                                                                                  Only transport and
                                                                                  storage in own network
                                                                                  is permitted

Figure 1: Overview of data classification, basic security levels and security measures in relation to data
processing in a public cloud

12   Trends in Cyber securit y 2022

Specific national rules
                                           State secret classified                    The future of data
and regulations
                                           data and cloud                             protection in Europe –
In addition to data protection and         computing                                  public or private clouds?
information security laws and
regulations, governments are obliged       To fully reap the benefits of safely       Since the legal basis for international
to various other (legal) obligations. In   processing data in the public cloud,       data transfers between the EU and
practice, various laws impact the          governmental organizations must            the US was suspended in the ‘Schrems
measures that governments should           align their data protection and            II’ ruling of the European Court of
consider. For example, the Public          security measures with the                 Justice[6], there has been much
Records Act (“Archiefwet”), Personal       confidentiality level of the data.         uncertainty in the EU about the use of
Records Database (“BRP”), Police           Currently, a lot is possible, except       public cloud services for sensitive
Data Act (“WPG”), Government               when it comes to processing state-         data processing activities. The
Information (Public Access) Act            secret classified data. As described       ‘hyperscalers’ that currently provide
(“Wob”), etc.                              above, it is not yet possible to process   cloud services to the Dutch public
                                           such data in a public cloud. State         sector are all American organizations.
Public organizations need to create a      secret classified data can be defined      The ruling stated that American
clear picture of the specific              as “official information that has been     legislation gives US intelligence
obligations that are relevant to them.     determined to require, in the              agencies powers that are not
The above laws are not an exhaustive       interests of national security,            compatible with the right to privacy
list of all relevant laws and              protection against unauthorized            of European residents, as described in
regulations.                               disclosure and which has been so           the GDPR. As a result, EU member
                                           designated.” Such data is not yet          states were not only confronted with
                                           allowed in the public cloud, because       the information security risks
                                           active protection against state actors     associated with the powers of US
                                           and organized crime cannot yet be          intelligence agencies but also with
                                           sufficiently guaranteed. Special           compliance risks.
                                           attention should be paid to Advanced
                                           Persistent Threats (APTs) - targeted       These additional risks intensified the
                                           cyberattacks in which a threat actor       discussions among EU member states
                                           gains access to a network and remains      as to whether they should better
                                           undetected for an extended period of       store sensitive data in ‘sovereign’
                                           time. APTs are mainly conducted by         private clouds, as France[7] and
                                           state actors with political or economic    Germany had already planned. In
                                           motives, often aiming to steal state       response, the American hyperscalers
                                           secret classified data or shut down        immediately developed cloud services
                                           (vital) networks at a certain point.       to provide an answer to this data
                                           This is the main reason for the Dutch      sovereignty issue, with which they
                                           public sector to be cautious with          claim to technically guarantee that
                                           sensitive data processing in the public    (personal) data remains in Europe.
                                           cloud; unlike private clouds, data is      Still, uncertainty remains among EU
                                           not under the full control of an EU        member states, with states questioning
                                           member state itself. Therefore, how        whether data sovereignty also implies
                                           the Dutch public sector will process       sovereignty in the political sense;
                                           state secret classified data in a          is the data truly European if an
                                           future-proof and secure way remains        American organization is involved in
                                           an important – and as yet unanswered       these cloud processing activities?
                                           - question.

Official information that has been determined to require, in the
interests of national security, protection against unauthorized
disclosure and which has been so designated.

                                                                                                                           13

Cloud

The fear of losing full control of                   Persistent Threats’ (APTs), which can            the data. Therefore, the Dutch public
data processing activities has led                   pose a threat to national security.              sector has a decision to make about
to several European and national                     However, recent developments in the              the future of data processing: to
private cloud solutions initiatives[8].              public cloud landscape might change              either use innovative public clouds
Examples include the Capgemini                       this soon; public cloud providers seem           while embracing (mitigated) data and
initiative ‘Blue’[9] for a private cloud             to answer Europe’s call for data                 political sovereignty risks, or use
in France and the European project                   sovereignty by building national                 private clouds that are less innovative
‘Gaia-X’[10]. However, such initiatives              infrastructures and giving                       but offer full sovereignty.
are developing slowly compared to                    governments almost full control of
hyperscalers, and it has proven very
difficult to match the quality of these
US cloud services – including being                  About the authors:
innovative in information security and
data protection. The above poses a
dilemma for the public sector in The
Netherlands and other EU members,
                                                                                       manisha.ramsaran@capgemini.com
where a choice must be made
between:
• Using public clouds for sensitive
                                                     Manisha Ramsaran
  data processing while increasing
  innovative capacity and accepting                  Manisha is a privacy consultant with profound experience with privacy & data
  the additional sovereignty risks or;               protection related topics. Her law background and people-oriented focus make
                                                     Manisha a dedicated sparring-partner with an eye for detail. She advices both
• Using private clouds for sensitive
                                                     public and private organizations with privacy-related matters.
  data processing, embracing the
  (political) sovereignty to be
  completely independent but having
  less innovative capacity within the
  public sector.
Most Dutch governmental                                                            ruben.tienhooven@capgemini.com
organizations will fully embrace cloud
services’ adoption in the coming
years. The Dutch public sector can use
public cloud services to process                     Ruben Tienhooven
(personal) data up to classification                 Ruben is a senior data protection consultant with a focus on the protection of
level ‘departmental confidential’ but                digital human rights and cloud computing. As a lawyer and IT specialist, Ruben
must use other means of processing                   knows how to bring both worlds of the cyber domain together.
for state secret classified data.                    In his work, Ruben knows how to translate requirements from legislation and
Storing the most sensitive data in a                 regulations and the business into concrete actions and measures that can be
public cloud comes with ‘Advanced                    implemented in practice.

1. https://www.gartner.com/smarterwithgartner/how-can-governments-scale-up-cloud-adoption
2. https://zoek.officielebekendmakingen.nl/kst-26643-179.html
3. https://www.noraonline.nl/wiki/BIO_Thema_Clouddiensten/Standpunt_AIVD_en_beleidsverkenning_BZK
4. https://www.noraonline.nl/wiki/BIO_Thema_Clouddiensten/Standpunt_AIVD_en_beleidsverkenning_BZK
5. https://www.digitaleoverheid.nl/wp-content/uploads/sites/8/2021/09/I-Strategie-Rijk.pdf
6. https://iapp.org/news/a/the-schrems-ii-decision-eu-us-data-transfers-in-question/
7. http://www.sgdsn.gouv.fr/uploads/2017/03/plaquette-saiv-anglais.pdf https://www.bafin.de/EN/PublikationenDaten/Jahresbericht/Jahresbericht2017/
   Kapitel2/Kapitel2_7/Kapitel2_7_5/kapitel2_7_5_node_en.html
8. https://blogs.microsoft.com/eupolicy/2021/05/06/eu-data-boundary/
9. https://www.capgemini.com/news/capgemini-and-orange-announce-plan-to-create-bleu-a-company-to-provide-a-cloud-de-confiance-in-france/
10. https://www.data-infrastructure.eu/GAIAX/Navigation/EN/Home/home.html

14   Trends in Cyber securit y 2022

02       CYBER
     RESILIENCE
                  15

Cyber Resilience

                                Combining colors and
                                automation in IT Security

     02
                                How can my organization build resilience against
                                cyber-attacks, and who is responsible?
                                “Oh no, we have been hacked! How could this have happened?” – Every now and
                                then, this question is asked by organizations that have fallen victim to cyber-
Trends in Cybersecurit y 2022
                                attacks. Usually, this question is followed up by a second one; “Who within the
                                organization is to blame?”. Was it the Red Team for not finding the outdated
                                software? Or was it the IT department for forgetting to place that “old system in
                                the basement” on the inventory list? Perhaps both?

16

Building your cyber resilience                called “Defense in depth” uses an
Highlights                     effectively yet efficiently asks for          approach of implementing multiple
                               three things: collaboration between           layers of defensive controls to protect
• Resilience against cyber-    your teams, adding automation to              assets. This is also applicable to the
  attacks needs to be built    the mix, and making it a                      different teams; in case the Red team
  and maintained.              continuous process.                           fails to discover a vulnerability in an
                                                                             application, the Blue team could still
                               There are different teams responsible         monitor the application for potential
• Welcome collaboration        for attacking (testing), defending, and
  between your                                                               intrusions. If one layer fails, another
                               building when it comes to IT security.
  different teams.                                                   YELLOW one might still be able to protect
                               The “Red” team focuses on attacking,  (BUILD) the asset.
                               the “Blue” team on defending, and
• The “BAD” Pyramid.           the “Yellow” team on building. Each           Combining various teams’ expertise
                               team has its own specific topic, yet          and experience can help organizations
• Use automation to support    they have a common goal: to build             to continuously train their teams and
  your resilience.             resilienceORANGE
                                          against (cyber)attacks and         further strengthen    their resilience to
                                                                                                 GREEN
                               safeguard   business
                                BUILDERS USE ATTACKERcontinuity.             (cyber)attacks.  A  popular
                                                                                             BUILDERS USE combination
• Focus on continuous          Building  resilience against cyber-
                                       KNOWLEDGE                       Build is called “Purple
                                                                                        DEFENDERteaming”,  combining
                                                                                                   KNOWLEDGE
  improvement.                 attacks is more than just keeping Attack the skills and expertise of the “Red”
                               hackers out by performing              Defend and “Blue” teams. The “Purple” team
                               penetration tests (performed byBAD PYRAMID    is not necessarily an actual (separate)
                               “Red” teams). It is safe to say that an       physical team but is about
                               attacker with sufficient time will be         combining (see fig. 1) the red and blue
                               able to obtain
                                         RED access to your                  teams through collaboration.
                                                                                                     BLUE      The
                                      (ATTACK)
                               organization   at one point. The              “BAD Pyramid”[1] gives(DEFEND)
                                                                                                       a good visual
                                                                     PURPLE representation of the various colored
                               question then is whether you will be
                               able to respond properly to reduceDEFENDERS   teams and how they can interact with
                                                                             USE
                                                             ATTACKER
                               the impact. A well-known concept         KNOWLEDGE
                                                                             one another.[2]
                                                                AND VICE VERSA

                                                                    YELLOW
                                                                    (BUILD)

                                          ORANGE                                                GREEN
                                  BUILDERS USE ATTACKER                                BUILDERS USE DEFENDER
                                       KNOWLEDGE                     BUILD                  KNOWLEDGE
                                                                    ATTACK
                                                                    DEFEND

                                                               BAD PYRAMID
                                       RED                                                         BLUE
                                     (ATTACK)                                                    (DEFEND)

                                                                  PURPLE
                                                               DEFENDERS USE
                                                            ATTACKER KNOWLEDGE
                                                               AND VICE VERSA

                              Figure 2: The Bad Pyramid
                              Daniel Miessler 2019Based on work by April Wright

                                                                                                                   17

Cyber Resilience

A growing number of organizations         • Yellow team can implement
already spent effort on “Purple             (additional) security controls during
Teaming” by collaborating on the            the building process.
prevention (e.g. penetration testing)
                                          • Forensics & Incident Response
and detection (e.g. SOC/SIEM)
                                            team(s) can improve their incident
aspects. Some even bring in the
                                            response capabilities.
Digital Forensics & Incident Response
(DFIR) teams, which are sometimes         To defend against (cyber)attacks, you
also considered part of the “Blue         need to have insight into what needs
team”. In the end, attacker and           protection. In other words, what does
defender knowledge is valuable if you     your infrastructure look like? What
need to respond to an incident.           systems and applications do you have?
However, it is less common for Red        Which data is stored where, and is
and Blue teams to collaborate with        that data of critical importance to the
the “Yellow team”, which is               organization or not? Answering these
responsible for the “building”-part.      questions will help determine what
                                          needs protection and what security
When it comes to building systems or
                                          level might be considered “sufficient”.
applications, having knowledge about
                                          This insight might not be readily
offensive and defensive aspects in
                                          available nor updated real-time.
security is certainly valuable. The
                                          Especially highly dynamic
SecDevOps model[2] is a good
                                          organizations are facing
example of this, as it weaves security
                                          infrastructure changes daily. The
into the entire development and
                                          responsible IT department, which is
deployment process. Keeping security
                                          (part of) the Yellow team, may not
in mind while building allows ‘Security
                                          always be involved; more often than
by Design’, meaning that software
                                          not, this results in an outdated
and features have been designed
                                          overview of the infrastructure.
to be foundationally secure. This
                                          Creating and maintaining an overview
generally results in solutions with
                                          of the everchanging infrastructure
fewer weaknesses to be fixed later.
                                          aids in finding potential knowledge
In addition, Security by Design lowers
                                          gaps within the teams when it comes
the costs for remediation as fixing
                                          to infrastructure visibility. How often
issues in a later stage will generally
                                          do you hear about systems and
take more time when compared
                                          applications that the internal IT
to fixing them in the early stage.
                                          department was not aware of? It is
Other teams within the organization
                                          not difficult to imagine the security
could also have a beneficial effect
                                          risks involved when this happens. The
through collaboration. For example,
                                          IT department has not included the
organizations often have limited
                                          system in their patch management
insight in (new) risks, such as newly
                                          process, and the Blue team is not
found vulnerabilities in software.
                                          monitoring the system. Perhaps even
Collecting threat intelligence,
                                          the Red team is unaware of its
which could also be performed
                                          existence and thus has not tested
by a completely different team,
                                          (attacked) the system to identify
can provide organizations with
                                          potential vulnerabilities, leaving the
valuable (new) insight into threat
                                          organization vulnerable to (cyber)
actors, techniques, tooling, and
                                          attacks.
vulnerabilities, which can, in turn,
support the other teams:
• Red team can perform new or refine
  attacks using the threat intel data.
• Blue team can improve their
  detection capabilities.

18   Trends in Cyber securit y 2022

Improving collaboration
with automation
While creating an inventory of the
infrastructure can be done manually,
automation, such as ASM (Attack
Surface Management) solutions, can
be a supportive factor in this matter.
These solutions continuously map
your organization’s infrastructure,
including domains and networks, and
provide an external attacker’s
perspective of the organization’s
attack surface. Looking at the bigger
picture, automation can be used for
many other purposes as well. Various
tasks performed by the different
teams could be automated, whether
through simple scripts, small
applications, or even through the
introduction of machine learning (ML)
and artificial intelligence (AI). For
example, during penetration testing
engagements, certain tasks are often
performed multiple times, and
manually. Such penetration testing
tasks include enumerating systems
and applications, abusing publicly
known vulnerabilities with readily
available exploit code, and abusing
harvested credentials. By automating
these tasks, the Red Team can focus
on the more complex tasks and
improve the efficiency and quality of
the assessment. For example,
implementing a Continuous
Automated Red Teaming (CART)
solution can help building resilience
by continuously training your teams;
(automatically) find weaknesses,
actively exploit them, and further
develop your detection and response
capabilities/skills as these attacks are
performed by simulating threat
actors. Having the Red team actively
exploiting weaknesses and using new
techniques and tooling can also
benefit other teams. The assessment
details can assist the Blue team in
improving their detection capabilities,
such as by writing new detection
rules. The process could also be
automated so that the Red Team’s
attack details are sent to the Blue
team, and that new rule sets are
created and tested automatically.

                                      19

Cyber Resilience

Another example is fully automating say that automation and the wrong. In the end, everyone is
the process of mapping your knowledge of both the Red and Blue responsible for your organizations’
organization’s infrastructure and teams are valuable for the resilience. The rapid progress in
Active Directory environment to take Yellow team. (security) technology asks
place continuously. These results can organizations to explore
then be linked to fresh threat intel Resilience is built collaborations and keep themselves
data, allowing you to identify new together up to date, in order to identify new
risks more quickly. Using automated opportunities for improving the
The key words for taking the next
tooling to crawl the (dark) web, organization’s resilience. The world
steps in building resilience are
collecting leaked credentials and and technology are changing rapidly,
“collaboration”, “continuous” and
mapping them automatically to and (security) organizations should
“automated”. The necessary skillsets
enabled accounts from your Active change accordingly.
and processes need to be in place
Directory environment, and even
between the teams to continuously
resetting the password automatically,
improve the organization’s resilience
allows a fully automated detection
against cyber-attacks. Effective
and response process based on threat
collaboration between the different
intel data.
colored teams and automating as
Automation also helps during the much as possible, can help organizations
development phase. A Secure improve their resilience continuously
Development Life Cycle (SDLC) is a while remaining time and cost-
development process integrating efficient. Because of the way
security throughout all its phases. resilience works, it might not be so
This lifecycle supports the Yellow easy to answer the question who or
team in guaranteeing the solution’s what is responsible for preventing an
safety during each development incident. An incident is often the
phase. This includes determining the result of several things that went
security impact of a new feature in
the design phase, peer-reviewing
code, and performing (automated)
tests in order to identify vulnerabilities.
Tooling can assist developers to
identify vulnerabilities in their code
real-time, for example, through
plugins within their development
environment. Another example of About the author:
automation is Static Application
Security Testing (SAST) tooling. These
tools analyze source code or compiled
code to identify security flaws. Using
solutions like these can save time and alex.verbiest@capgemini.com
effort, especially when compared to
finding vulnerabilities in a later
development stage. SAST tooling may
not only help to identify vulnerabilities
Alex Verbiest
but also offer specific solutions for
vulnerability remediation. New Alex is a cybersecurity consultant and ethical hacker with over 15 years of
developments on the “Red” and experience in the field of penetration testing and Red Teaming. He performs a
“Blue” sides can be helpful to improve wide variety of security assessments, both technical and non-technical, and leads
the tooling even further. It is safe to a team of ethical hackers at Capgemini Netherlands.

1. https://danielmiessler.com/images/BAD-pyramid-miessler.png

2. https://www.capgemini.com/resources/secdevops/#:~:text=I’m%20delighted%20today%20to,processes%2C%20which%20DevOps%20makes%20possible

20 Trends in Cyber securit y 2022

Cyber resilience through
platform-based approach,
reducing tool clutter

Every organization needs tools to support its business, but when every tool
creates a new dependency, you lose the ability to adapt your landscape as
needed. This loss of resilience results in lost business opportunities and increased
security risk. So how do we escape this forest of tool clutter?
A new tool is brought to market every day, be it for patching, endpoint
protection, or executive dashboarding. Today’s tool landscape is as diverse as it
has ever been. There is, however, a downside to all this diversity: increasing
complexity, which reduces agility.
Agility is a measurement of how efficiently an organization’s IT infrastructure can
respond to external stimuli. If every new tool requires its own infrastructure,
every infrastructure requires a team, and every team has its own wants and
needs. The result is an IT landscape that is increasingly hard to adapt to new
business requirements. So how can we reduce this tool clutter without losing
much-needed capability?

                                                                                    21

Cyber Resilience

                                        Starting at the problem:                          Collaborating between tool teams
                                                                                          requires adequate translation of tool
                                        the impact of tool clutter                        output and terminology. Information
                                        With the need for capability growing,             can get lost in translation, resulting in
 Highlights.                            organizations implement more tools                long and arduous discussions on what
                                        to help drive business processes,                 the actual state of the environment is.
                                        either to automate or improve their               Making changes becomes complex
 • How tool clutter impacts your                                                          because more and more stakeholders
                                        organization. This desire makes it
   IT landscape.                                                                          need to be involved, reducing the
                                        highly enticing to implement a new
                                        tool for every challenge. Especially              speed at which change can be
 • How AI impacts detection                                                               adopted in the environment.
                                        with organizations like Gartner
   and response efforts.
                                        mapping out the current offerings of              Therein lie the two main challenges in
                                        “best of breed” tools – that is, tools            managing a tool-rich environment;
 • Specific considerations
                                        that are the best at offering a                   information uniformity and tool
   around dealing with false
                                        specialized functionality.                        alignment. Both are foundational
   positives .
                                        However, while it sounds great to                 elements of operational resilience, as
 • The role of the SOC                  possess a proverbial trunk full of                an organization cannot adapt to
   in AI-driven detection               silver bullets, in practice you’re going          change without them (see figure 3).
   and response.                        to need an even bigger trunk to keep
                                        everything organized. This lack of
 • How to find the right strategy       operational control makes the IT
   for your organization.               landscape harder to manage and can
                                        increase your organizations'
                                        security risk.

                                                  Point Solution based environment

                                                  SIEM                             CMDB

               Discovery                Software                      Detection      File Integrity   Application   Sensitive
               & Inventory   Patching   Distribution     Compliance                                                 Data
                                                                      & Response     Monitoring       Mapping
                                                                                                                    Detection

                                             Subnet 1                                       Subnet 2

                                             Figure 3: Point Solution based environment

22   Trends in Cyber securit y 2022

Enhancing operational
                                                  resilience
                                                  Being able to make reliable decisions
                                                  within IT requires reliable insight.
                                                  Insight that is trustworthy, accurate,
                                                  and complete. If you don’t have the
                                                  whole truth, your decisions will be
                                                  sub-optimal at best.
                                                  This is where most companies look
                                                  towards a ‘single source of truth’
                                                  (SSOT). SSOT aims to provide central
                                                  oversight and management of all
                                                  data; it is the practice of structuring
                                                  information models and associated
                                                  data schema so that every data
                                                  element is mastered (or edited) in
                                                  only one place. This provides you with
                                                  a single dashboard from which to
                                                  govern your environment and all the
                                                  tools therein. The SSOT approach
                                                  resolves the challenge of information
                                                  uniformity and provides you with an
                                                  accurate picture of the status of your
                                                  IT environment.
                                                  The challenge of tool alignment
                                                  remains. Even with an SSOT approach,
                                                  the problem persists; a disconnect
                                                  between the requirements of senior
                                                  management and those of IT
                                                  management. While all data might be
                                                  available from a single pane of glass,
                                                  action must still be taken through
                                                  different tools with different
                                                  requirements. That translation from
                                                  “big picture” to “key actions” is where
                                                  things go wrong, where oversight
                                                  gets lost, and where interoperability
                                                  issues suddenly arise.
                                                  While there are many solutions to this
                                                  challenge, not all are equally scalable
                                                  or future-proof. This brings us to this
                                                  article's key topic: the platform-based
                                                  approach.
Being able to make reliable decisions within IT
requires reliable insight. Insight that is
trustworthy, accurate, and complete.

                                                                                       23

Cyber Resilience

                                            Platform-based approach                  and be supported by, clearly defined
                                                                                     processes and actions. How do we
                                            Opposite the point-solution approach     store data? When do we patch? How
                                            on the tool spectrum is the platform     do we act on security incidents? While
                                            approach (see figure 4). Where point-    there might be point solutions with
                                            based solutions focus on being the       more in-depth functionality,
                                            best they can be in one specific area    platforms generally score better on
                                            like vulnerability scanning, platform-   integrating all different functionalities
                                            based tools focus on the integrated      so as to manage business processes
                                            capability to enable end-to-end          centrally (which can be crucial in
                                            delivery within a specific IT domain     getting the most out of your tool).
                                            such as vulnerability management
                                            (i.e., vulnerability scanning, risk      Using one platform centrally incentivizes
                                            classification, and vulnerability        looking at these interrelated processes
                                            remediation).                            from a holistic viewpoint. This holistic
                                                                                     view tackles our first challenge;
                                            One argument for implementing a          information uniformity. With all teams
                                            platform-based solution is the central   utilizing the same data source, you
                                            management of important business         inherently create a SSOT.
                                            processes. Ultimately, the technology
                                            an organization uses should support,     This ties in with the second benefit of
                                                                                     platforms; improved cyber resilience
                                                                                     through reduced tool clutter. The
                                                                                     clarity of central management from a
                                                                                     platform makes it easier to turn
                           Platform based environment                                management oversight into effective
                                                                                     action simply because management
                                                                                     and operations are looking at the
                                         CMDB
                                                                                     same data. In short; SSOT by design.
                                                                                     This design enables for easier alignment
                                                                                     between different stakeholders as the
                                                                                     same stake on the technology layer is
                                                                                     now shared. All players will want the
                                                                                     same platform to be well-maintained
                                                                                     and properly deployed, as this directly
                 Asset                   Patch                File Integrity
               Inventory              Management               Monitoring            impacts their own operations. With
                                                                                     this SSOT by design, we resolved our
                 Asset                  Softwere               Application           second fundamental challenge; tool
               Discovery               Distribution             Maping               alignment.

                                         Threat                Sensitive
              Compliance                Response             Data Ditection

             +3 new module            +3 new module          +3 new module
                per year                 per year               per year

                           Subnet 1                    Subnet 2

                      Figure 4: Platform based approach

24   Trends in Cyber securit y 2022

You can also read