Like technology in general, cybersecurity must constantly evolve. Whereas we used to focus on highly elaborate, targeted and dangerous manual attacks, we are now concerned about the automation and sophistication of attacks driven by advances in artificial intelligence.
For this reason, layered defence remains a key element when designing a cybersecurity strategy, but it is no longer sufficient, as we must evolve or transform the overall architecture. Some of these concepts may include:
- Automation and “autonomous” cybersecurity. Just as malware can be distributed automatically, our mission is to develop systems that also leverage this automation and are capable of responding within seconds (or milliseconds). These systems, for example, are capable of quickly scanning millions and millions of records for potential breaches, something that would be unimaginable for a human.
- Evolving and reconfigurable architecture. Thinking in terms of a static design today is a mistake. We need “blueprints” that adapt to the business model, requirements and, of course, cybersecurity. Just as attacks change, security architecture must evolve alongside them, avoiding the application of “patches” when a well-designed solution can be achieved.
- Visibility and monitoring. With the rise of remote working and the advent of the cloud, the boundaries of the enterprise are shifting radically. We no longer have all users behind the same “walls”, and the way we gather information and ensure traceability has changed completely. We need to develop a distributed design outside the organisation, where automated logging is key to information processing.
What role will artificial intelligence and machine learning play in the design of future cybersecurity architectures?
It is often said that Artificial Intelligence is a double-edged sword in our sector, and this represents a shift in cybersecurity thinking and architecture.
As I mentioned earlier, we need to use AI and machine learning to reach places where humans simply cannot go. For large-scale review and analysis, these technologies are brilliant tools because they have the ability to detect patterns and study complex structures in seconds, compared to the hours or even days required for manual analysis. Similarly, all this is combined with a high degree of intelligent automation, where the focus is no longer just on detection, but also on reacting in real time to potential attacks without the need for human intervention.
Establishing this architectural approach is essential, as Artificial Intelligence is also being used for malicious purposes, and there are increasingly more large-scale, sophisticated attacks. The need for an early response is therefore crucial, and our architecture must align with this model.
Finally, the design must also address the security of the Artificial Intelligence itself. We are talking about AI working directly with information that may be critical to the business, and in this regard, we must ensure that it does not become a point of failure or a source of information leakage.
How will security architecture change with the widespread adoption of the cloud, edge computing and hybrid environments?
This is likely to be one of the biggest changes in terms of cybersecurity architecture, as what organisations previously had clearly defined with a strictly delimited perimeter is now spread across a vast geographical area with a wide variety of solutions, manufacturers, platforms, etc.
In the past, with servers ‘on-premises’, organisations knew exactly where their network began and ended. With the advent of the cloud and edge computing, this boundary has disappeared, extending beyond corporate borders. Along these lines, organisations are delegating part of their security to external providers, in what is now known as the shared security model. The architecture’s mission is to bring all the pieces together, knowing what can and cannot be managed in the cloud, and focusing on identity and data regardless of where they are located, all without losing the agility offered by the cloud.
In a hybrid environment, organisations require full traceability of information, which necessitates understanding the flow from the moment it leaves the on-premises environment until it reaches the cloud. In this regard, data governance becomes another major challenge, as information can be located anywhere at any time. [VM1] Labelling and maintaining control over data is fundamental to ensuring that sensitive information is always identified.
Zero Trust Architecture
Zero Trust, rather than being a future concept, can be considered a reality upon which to design a comprehensive cybersecurity solution today. This type of architecture is not based on specific tools, but on a high-level model comprising different components, where we consider some of the principles discussed previously:
- Distrust by default. Perhaps the most important premise of Zero Trust is based on continuously verifying every connection. Unlike previous models based on the perimeter and ‘blind’ trust in internal connections, this new model seeks to verify, at all times and continuously, any conditions relating to users, devices or data.
- Identity. The emergence of the cloud and remote working has complicated the way we identify systems, as we used to rely on location-based criteria. Today, it is a priority to know the identity of whoever is using the system, regardless of their location.
- Lateral movement. As a concept more typically associated with cybersecurity, lateral movement occurs when an attacker gains access to a device within the network, giving them free rein to ‘jump’ between other systems. The new Zero Trust mindset prevents such actions through microsegmentation, stopping a potential malicious actor from navigating across all systems or services simply because they are on the internal network.
How should cybersecurity architecture adapt to the growth of the Internet of Things (IoT) and connected systems?
The adoption of IoT systems represents one of the greatest surges in heterogeneous devices connected to the Internet that we have seen. In this scenario, where cyberattacks number in the billions, architecture and design must be decisive given the sheer volume and diversity of devices.
One of the main strategies organisations can adopt is segmentation and defence in depth, classic principles of cybersecurity. IoT devices often do not follow security best practices, so these weaknesses must be mitigated with network solutions such as segmentation and the isolation of each system to what is strictly necessary.
Along the same lines, edge security can be achieved through gateways that act as secure ‘gateways’ between the device itself and external elements. In this way, in addition to isolation, the type of traffic can be assessed and inspected for security. Similarly, there are solutions that incorporate features such as virtual patching, which is so necessary in today’s world.
On the other hand, it is worth highlighting a non-technical strategy: common sense in design and solution implementation. In certain situations and scenarios, we do not need absolutely everything to be connected; rather, we must carry out a brief analysis to determine whether it is truly necessary and, if so, prioritise cybersecurity.
What skills and approaches should cybersecurity architects adopt to design resilient systems in the future?
With the arrival of such disruptive technologies as those discussed above, the world of cybersecurity—and, consequently, architecture—is changing rapidly. We need to think in terms of evolving, dynamic designs extending beyond the corporate perimeter.
These changes lead us to adopt a shift in mindset. We do not design an impenetrable fortress on the assumption that it cannot be breached, but rather adopt a more realistic stance: the attacker is either already inside or will eventually get in. As a result, we build airtight systems with highly automated and agile disaster recovery, enabling us to drastically reduce the exposure of customer data.
In the same vein, the architect must keep a cool head and remain consistent. It is easy to get lost amidst so many recent tools such as Artificial Intelligence, quantum computing, the Cloud, etc. We must stay up to date and use technology to our advantage, but without losing sight of the business and what we need to protect
