AT&T Cybersecurity Insights Report Vol. 7: Executive Summary

An executive summary of our latest report: "Cybersecurity for today’s digital world"

by AT&T Business Editorial Team

Businesses are transforming rapidly, and they're grappling with how to protect their businesses Edge-to-Edge across endpoints, networks, and cloud services.

Far from being the exception, cloud adoption is now the rule, and software-defined networks (SDN) are becoming widespread. Combined, these technologies are creating the software-defined infrastructures (SDI) that are transforming how companies run their operations.

But there are problems as companies move toward SDI. While businesses remain committed to digital transformation, serious risks and cybersecurity management issues are often being sidelined, and sometimes even ignored.

Before shifting toward SDI, it’s important to understand what it means for enterprise-wide security. Only then can businesses get ahead of evolving risks.

“Companies must not blindly move to SDI,” says Tom Aufiero, assistant vice president of security and intelligent edge solutions art AT&T. “Instead, in parallel, they should be evaluating a multi-layered security approach.”

Digitization is good, until security goes bad

Failing to adopt new technologies – or adopting new technologies without caution – comes with risks. Businesses have more ways to protect themselves than ever, but more data breaches happen every year. These can be caused by:   

  • Mixed mindsets   
  • Rushed deployments   
  • Short-term thinking   
  • Not thoroughly evaluating cloud providers

The AT&T guide to Edge-to-Edge cybersecurity

Rolling out SDI is a challenge, but the best way to successfully transition is to split the process into two clearly defined parts: the human element and new infrastructure

The first stage of the risk management process is to make sure everyone in the organization is involved and knows what their roles are. Lack of engagement causes disaffection, and gaps in responsibility can cause security risks.

Traditionally, cybersecurity has been viewed as an IT issue. But in a digitized world, that attitude is dangerously outdated. Businesses need to instead tear down silos and prioritize collaboration, so that business operations are transformed and cybersecurity is placed front and center.

With responsibilities allocated and the change management program agreed upon, the second stage is creating and rolling out the cybersecurity strategy itself.

The biggest lesson here is that companies need to end what Kevin L. Jackson, founder of GovCloud Network, calls ‘wall and moat’ mentality. That is, network security that keeps the ‘bad guys’ out, but anyone inside the network is free to move around. This approach no longer works. Organizations need to move to a data-centric model for security.

In a data-centric model, data must be classified around its value and access levels. This change also applies to vendors and parts of an organization’s supply chain. Working closely with these groups to resolve and understand data breaches will be essential to help prevent them in the future.

Ready to roll out

With planning complete, a business can move on to the rollout phase, knowing that it has strong foundations in place. Starting with a limited pilot in a non-customer-facing department is a good way to start the rollout. Working closely with users will expose flaws in the planning or implementation of the larger transition strategy.

Due diligence demands that businesses carry out a full risk assessment of the new infrastructure. Perimeter checks should be conducted edge to edge across everything connected to the network.