Outdated technology hangs around for too long. It's sneaky too—disguising security risks and higher operational costs. Today, cyber modernization is vital, and it's easier than you think.
The US Department of Agriculture doesn't rate anything "Grade D but Edible." Instead, beef grades like Prime, Choice, and Select are measures of overall quality, not food safety. But a cybersecurity program's grade encompasses quality, safety, efficiency, privacy, and much more.
However, getting an accurate report is no easy feat, and it's easy to overlook important factors. Consider the federal government, for example. The US Senate Committee on Homeland Security & Government Affairs recently published a disappointing report card on the current state of federal cybersecurity. The report gives several large departments and agencies C or D grades and provides specific examples of how they're failing to meet basic security standards.Footnote1 The report, Federal Cybersecurity: America's Data Still at Risk, is available for the whole world to read and does not exactly provide a ringing endorsement. USDA's grade is in there too.
Now imagine if the higher education community issued a similar report card, publicly grading the cybersecurity program at every college and university. What grade would your institution get? Would it make you proud?
Better Ingredients for Better Outcomes
Key findings from the Senate's report include the continued use of legacy systems that are "costly to maintain and difficult to secure." The report also mentions poor vulnerability and patch management.Footnote2 It's a predictable consequence of technology deployment: the more you install, the more you must maintain, patch, and upgrade. Additionally, the longer it's there, the longer the to-do list.
Sometimes, legacy technology sticks around for so long that its original vendor no longer supports it, just like the Senate report states. No wonder the recent Executive Order on Cybersecurity prioritizes government modernization and legacy tech retirement.Footnote3 There's little time to waste.
But what's the link between modernization and better security?
A recent double-blind study including nearly 5,000 global cyber professionals reveals that a proactive technology refresh—or modernization—shows strong correlation with achieving mission outcomes, managing risk, and operating efficiently. The report also suggests that modernization even helps organizations retain top talent.Footnote4 After all, what cyber professional doesn't want to use the latest technology?
Maybe you think your old tech runs fine. You already paid for it. It's racked and stacked, and you don't want to mess with it. Your security team already knows it, and it's baked into their playbooks. Thoughts of replacing it induces nightmares.
Outdated cyber technology increases your risk, though, even if it's still supported by the vendor. Chances are it's not optimized for today's advanced threats, and it may not be configured properly. You may even be a version or two behind, and the technology may be costing you more than you think. Refreshing old tech can be hard, but like good nutrition, it can do wonders for overall health.
Fortunately, modern cybersecurity solutions make this process simple. Today's cloud-based technologies are incredibly efficient and effective. They're easy to buy, easy to own, and easy to use.
For example, Secure Access Service Edge (SASE) is a modern approach that combines cloud-based network connectivity and advanced cybersecurity. SASE provides seamless, secure access to applications, wherever your administrators, educators, or students are located. It protects them from threats like malicious websites, ransomware, and credential theft and secures their communications from prying eyes. SASE dramatically improves your end users' experience.
SASE vendors continually and automatically deliver new enhancements, taking care of system uptime, scalability, and ongoing maintenance. It never goes out of date. By using SASE, higher education institutions benefit from reduced costs, and you benefit from reduced complexity, freeing your staff to work on more important tasks.
Go ahead, decommission some of those old security appliances. Save power in your data center. Limit VPN access to those people who truly need it. Drop your MPLS contract in favor of SD-WAN. You'll be glad you did.
Healthier Cyber Lifestyle
Zero trust. There, I said it—the latest cyber buzzword.
But zero trust isn't a fad. It's a modern security architecture approach that finally confronts the truth about security perimeters. Remember when we thought deep security moats around internal systems and data would protect them? We tried hard to keep bad guys out and eradicate insider threats, but it never worked.
Zero trust starts by assuming that everything on your network is a potential threat, like there's no perimeter security at all. It validates and revalidates every resource access request, watching constantly for suspicious or risky behavior. No one earns trust over time.
On the surface, zero trust sounds imposing, expensive, unattainable, and potentially off-putting to users, but it's none of those things. Zero trust adoption is a critical way to grow a healthier cybersecurity program, and you can take it one step at a time. For example, zero trust in your campus workplace can begin with adaptive multi-factor authentication (MFA) that validates both identity and device health before granting access and changes policy dynamically based on risk. MFA helps eliminate the pain of passwords and repeated logins and the expense of password resets. Like SASE, MFA from the right vendor is cloud-delivered with nothing to install or maintain in your data center.
The federal government is doing this now. Under the Cybersecurity Executive Order, it's modernizing by moving toward a zero trust architecture, focusing initially on MFA and accelerating investments in secure cloud services. Your institution can do it too.
- Federal Cybersecurity: America's Data Still at Risk, staff report, (Washington DC: United States Senate Committee on Homeland Security and Governmental Affairs, August 2021). Jump back to footnote 1 in the text.
- Ibid. Jump back to footnote 2 in the text.
- Exec. Order No. 14,028, 86 FR 26633, "Improving the Nation's Cybersecurity," (May 12, 2021). Jump back to footnote 3 in the text.
- "Security Outcomes Study," Cisco (website), 2021. Jump back to footnote 4 in the text.
Steve Caimi is Cyber Specialist at Cisco Systems.
© 2021 Cisco Systems.