Technology Record - Issue 27: Winter 2022

62 V I EWPO I NT To protect themselves from accelerating cyberattacks, businesses must move to a modern, cloud-native architecture that proactively protects all facets of their IT infrastructure TONY V E L L E CA : C Y B E R P ROOF Building an effective security operations centre Faced by a growing number of cyberattacks, an ever-evolving technology landscape and fast-paced digital transformation, enterprises are beginning to understand the multiple risks and consequences of falling victim to cybercrime. To ensure they are fully protected, organisations that handle critical client data or payment details – or those that are undergoing digital transformation – should modernise their security operations centre (SOC) by moving to more resilient and costeffective cloud-native security operations. However, moving critical IT infrastructure from on-premises or local data centres to the public cloud is not always simple for large, regulated enterprises. This type of modernisation and transition requires organisations to carefully rethink their entire security portfolio, starting with security solutions and methods for detection, response and recovery. In many cases, they must show parity between their old and new infrastructures. A future-proof solution When an enterprise shifts fundamental IT architecture – such as servers, hardware or firewalls – from a data centre into the public cloud, they should redesign their security architecture to ensure it is cloud-native. This is because most of the current solutions used in the SOC were designed for on-premises or local data centres and therefore fall short when it comes to addressing the issues facing modern digital organisations. For example, applications – especially those that are custom built or configured – are moving to the cloud, making them a growing target for hackers. This makes end point security or zerotrust models increasingly important. End points themselves are also becoming more complicated. It’s no longer just computers and telephones – end points are now expanding to include connected internet of things (IoT) and operational technology devices, such as smart meters, elevators and even self-driving cars. Industrial control systems and processes (and other specialised applications) are also becoming more standardised and, therefore, easier to attack. In addition, end points generally connect to applications that run in a public cloud, so businesses need to move to zero-trust models that require reliable identity verification and controlled access. “Enterprises are beginning to understand the multiple risks and consequences of falling victim to cybercrime”