cl-au logo
Story image

Fortinet: Risk and compliance in a hyperscaling world

25 Aug 2020

Cornelius Mare, Fortinet A/NZ Director, Security Solutions, explains how unified security services facilitate compliance requirements and reduce your overall risk.

Acceleration is the key to doing business in today’s hyperscaling world. More customers, more applications, more data… all at breakneck speed. And, unfortunately, more risk. Your challenge is to minimise risk whilst embracing the promise of digital transformation. To achieve your goal you’ll need accelerated security services that match the speed of your hyperscaling network.

The recent spate of ransomware, DDoS and sophisticated attacks (not to mention leaks) on both sides of the Tasman remind us that cybersecurity can never be taken for granted. Regardless of who is behind these events – state-sponsored actors, Eastern European criminal gangs or script kiddies – the fact remains that the world at large is a dangerous place. 

You cannot eliminate risk, of course, but you can ‘buy down’ your risk by investing in comprehensive and inter-connected security services. Unified security services protect mission-critical assets and facilitate compliance requirements. Those two factors - combined with ‘best practice’ security policies - help reduce risk and ensure business continuity.

Risk assessment

Risk assessment begins with assets. A register of core hardware, software and applications is a start but also include intellectual property, communications and data as well as cloud-based services. The core network contains many edges – remote workforces, mobile devices, Web Apps, SD-WANs, IoT transceivers – that all should be documented, especially in respect to cybersecurity. 

Visibility into these assets is paramount. Granular-level visibility into access, traffic, performance, etc, makes it easier to secure these assets. Visibility enables you to identify mission-critical and high-risk applications, understand the specific threats to these functions and the ramifications of a breach or service interruption. 

But your asset register is anything but static. Your network fluctuates as you deliver an ever-evolving set of services to stakeholders. Every service, user and device has to be secured. To do that, you’ll need unified security services that can accelerate to match your requirements. 

Compliance

Compliance starts with visibility, transparency and control and includes NOC (network operations centre) and SOC (security operations centre) coordination. Equally important is rigorous enforcement of legal and jurisdictional requirements including protection, reporting and disclosure.

A/NZ enterprises must comply with the European Union’s General Data Protection Regulation (GDPR). Trans-Tasman and Australian enterprises must adhere to the Australian Privacy Amendment (Notifiable Data Breaches) Bill 2016. 

In December, New Zealand’s new Privacy Act (which repeals and replaces and the Privacy Act 1993) will require enterprises to notify the Privacy Commissioner and the people affected if there has been a privacy breach that causes serious harm or is likely to do so. Any organisation, regardless of physical location, maintaining personal private information on New Zealanders will be subject to the Act.

To comply with these regulations, you’ll need complete visibility into your network and the resources to document and report on activity. And, in the background, enterprises must show that they have taken reasonable care to prevent such data breaches.

Best practices

While malicious intent is a very real threat, poor governance is equally problematic. Adhering to best practices minimises risk by reducing poor access control and cases of misconfiguration. Shared tenancies can also be risky as are vulnerabilities in the supply chain. Sound network policies and management can help ensure unimpeded network services.

Best practices start with unified protection: at the perimeter, in the core and all the edges. Interoperability is also key, especially as you deploy SOAR (security orchestration, automation and response) capabilities. Best practices also include automating workflows and deployments, staff training, thorough testing and the very latest in threat intelligence.

Fortinet’s comprehensive unified Security Fabric Services support risk minimisation, compliance and best practices. They are available from a network of Authorised Partners across A/NZ as appliances, virtual appliances and cloud-based or managed services. 

Fortinet’s Security Fabric is backed by the global constellation of FortiGuard Labs to ensure that your defences are always updated with the very latest threat intelligence. And Fortinet’s commitment to research and development means that, regardless of which way your network evolves, Fortinet will be right there with the fully-integrated security services to protect it.

About the author

Cornelius Mare is Director, Security Solutions at Fortinet A/NZ. As such, it is his business to know what’s happening in the cybersecurity world and how to help enterprises secure their transitional networks without sacrificing speed, functionality or control. In particular, Corne is an expert with hybrid cloud environments and artificial intelligence. These tools, along with other Fortinet security services, help organisations manage their digital transformations with confidence.

About Fortinet

Fortinet (NASDAQ: FTNT) secures the largest enterprises, service providers and government organisations around the world. Fortinet empowers its customers with intelligent, seamless protection across the expanding attack surface and the power to take on ever-increasing performance requirements of the borderless network - today and into the future. Only the Fortinet Security Fabric architecture can deliver security without compromise to address the most critical security challenges, whether in networked, application, cloud or mobile environments. Fortinet ranks #1 in the most security appliances shipped worldwide and more than 375,000 customers trust Fortinet to protect their businesses. Learn more at the Fortinet website, the Fortinet Blog, or FortiGuard Labs.