Andrew William
The Covid-19 pandemic has accelerated the adoption of digital technologies across industries and regions. While lockdowns have largely been lifted in the Middle East region, employees have adopted a hybrid working model where they switch between home and the office. Maintaining business productivity therefore remains a top priority and is essential to an organisation’s success.
Cloud-based email platforms have seen a dramatic rise in adoption: Microsoft365 alone now counts a quarter of a billion monthly active users. Online collaboration tools such as Slack and Zoom have seen huge increases in user numbers, with 96 per cent of UAE respondents using them according to Mimecast’s State of Email Security 2021 report. With it has come a corresponding increase in the volume of data - including sensitive company information - exchanged over these platforms.
Add to this the escalation of cybercrime and the growing volume of targeted and untargeted attack types launched by the global cybercrime industry, and organisations have never had a more challenging time with protecting their systems and users and keeping their data safe. Cybercriminals have pivoted their attack strategies to target these cloud services and remote employees.
In the face of the growing volume and sophistication of cyberattacks, organisations may be tempted to implement more and more security products and solutions — one study found that the average enterprise now has 75 security solutions in its mix.
While adding technologies to an organisation’s infrastructure is easy, getting them to work together is not. Managing so many products can also be immensely challenging and require skills that are not always readily available.
The growing shift to the cloud, however, could hold the promise of simpler but more effective cybersecurity by enabling organisations to rethink how security and related controls are implemented, integrated and automated. However, this can bring in additional complexities with the multi-cloud environments organisations have in place today, and the differing controls each cloud platform provides.
A key to effective security integration in a cloud-enabled environment is the adoption of Application Programming Interfaces (APIs). APIs help to automate data integration and exchange across multiple security tools, such as those used for Security Information and Event Management (SIEM), Security Orchestration, Automation and Response (SOAR), endpoint security, and IT Service Management System (ITSM) solutions.
In combination with an integrated security strategy, APIs can dramatically improve the effectiveness of security infrastructure and provide consolidated management capabilities, both of which play a central role in securing hybrid working environments that rely on digitalisation.
A security strategy that integrates APIs as part of the broader security mix can deliver several benefits, including:
1. Gain visibility into the entire security ecosystem
Threat intelligence is shared and centralised, giving you greater insight into your entire security ecosystem that results in faster and more efficient threat prevention, detection, investigation and response.
2. Automate repetitive tasks
No organisation wants to waste their people’s productivity on slow, repetitive or manual threat detection and response tasks, such as combing through endless product reports for potential threats. Automating these processes via open API integrations can not only improve the efficiency of IT security teams, but also enhance the efficacy of the security tools themselves.
3. Streamline infrastructure
Integrating security tools helps organisations consolidate infrastructure management, which reduces complexity and frees IT security teams to focus on strategic initiatives, such as threat prevention, detection and response.
4. Expedite threat detection and response
Many open API platforms can generate reports on your comprehensive security ecosystem in minutes, drastically reducing the time it takes for security professionals to make important decisions about potential threats compared to the one-tool-at-a-time approach.
5. Defend against multi-vector attacks
APIs give organisations the cross-tool visibility required to detect and defend against multi-vector attacks, where cybercriminals are attacking multiple points of entry. Without this threat intelligence integration, data is so compartmentalised within each tool that organisations may not be aware of an attack of this nature until it’s too late.
6. Build a customised cyber resilient strategy
With security integration and APIs, organisations can leverage the collective power of the best solutions from a variety of vendors to build a cyber defence programme that matches their specific risk environment.
Some might argue that it’s easier to rely on one vendor for all your security needs, than to worry about integrating multiple solutions. But if you buy a bundle of solutions, you’re not necessarily buying the best of a specific solution. They’re also often acquired and not integrated, which defeats the purpose of using one multi-product vendor.
Cyber resilience strategies that integrate open APIs can help enable best-of-breed security, and help reduce the burden on overstretched IT security teams while maximising the ROI of IT security spend. More importantly, it enables organisations to more effectively manage the new, cloud-based, remote work-enabled, enterprise IT landscape.
[The author is a cyber-security expert at Mimecast]
Oman Observer is now on the WhatsApp channel. Click here
