As businesses are confronted with more and more cyberthreats each week, the need to have an effective and robust protection offering has never been more important.
The place of security in a business is greater than ever, and top firms like Cisco are well set to act as a crucial ally for customers across the globe – especially as their priorities continue to evolve and change.
“It’s getting to the point where security is taking a different role,” TK Keanini, CTO, Security Business Group told TechRadar Pro at the recent Cisco Live 2023 event.
“In the past, it was kind of like being the bouncer in the club – it was about identifying the bad things and blocking them. But…we’ve taken a different approach, a lot more design-led, to security. It’s not only that we do well in blocking threats, but on the other side, when we have established strong trust, we’re actually more like the valet – we want to help you work, we want a frictionless experience for you.”
Security effectiveness
One of the overlying themes of Cisco Live 2023 was simplicity, balanced with effectiveness – something that Keanini agrees tallies very well with security.
“The fundamental pattern of security is highly asymmetric,” he noted, “you want a very very small amount of people to have access, and for it to be extremely simple for them, and frictionless – for everyone else, it should be extremely hard!”
In his keynote, Cisco EVP and General Manager, Security & Collaboration Jeetu Patel had described how the company wanted to “frustrate attackers, not users” – which Keanini also said fits in with the work of his team.
“If we have strong trust, we’ll make it frictionless, and as we lose trust over some anomaly, we’ll turn up trust, and bring in friction,” he said.
“The demos become very boring when you have frictionless experiences – here’s the demo, you open your laptop and you get to work!”
The possibilities for friction have increased as companies continue to move to multicloud, but Keanini says the drive for a more unified security posture can actually be beneficial.
“When you go to a particular cloud, one cloud vendor does it one way, and another cloud vendor does it another way – what the customer wants, especially when they’re both hybrid and multicloud, is to be able to provide this policy across end-to-end business,” he noted.
The biggest change is in what’s being protected, Keanini added, as it is no longer just on-prem systems, or a single cloud, but many different platforms. Multicloud defense needs to have been evolved, but stay manageable, as he describes, “(Cisco) have had to evolve the technology so…it’s manageable, even though what sits underneath it is very different.”
This is also due to the rise in AI, which Patel had also alluded to in his keynote as causing, “a massive shift” in the security space.
Keanini agreed, but did highlight that the presence of AI in some business areas is nothing new.
“AI became a necessity in security long before generative AI,” he noted, adding that the turning point in security means the company is increasingly using another part of behavioral science/AI – reinforcement.
Ultimately, however, Keanini notes that the presence of AI in security, although undoubtedly having great potential, needs oversight like anything else.
“Everybody should assume everyone is using AI,” he says, “the real question is what is the outcome, and to whom? It’s just noise, frankly, saying you use AI – what are you doing with it, and what’s the utility to whom?”