With
reports
that
more
than
half
of
US
states
have
banned
or
restricted
access
to
TikTok
on
government
devices,
many
cybersecurity
professionals
are
asking,
“How
can
you
take
a
well-intentioned
policy
from
vision
to
execution?”
The
answer
is
operational
governance.
Cybersecurity
tends
to
focus
on
preventing
ransomware
and
advanced
persistent
threats.
This
is
essential
work,
but
it
can
overshadow
the
foundation
of
an
effective
cybersecurity
program.
Fundamentally,
cybersecurity
is
about
enforcing
corporate
policies.
Yet
enforcement
falls
flat
far
too
often
because
organizations
lack
visibility
into
what
is
happening
on
their
network.
Many
policies
are
intended
to
prevent
attacks,
but
other
traditional
examples
include
preventing
access
to
gambling
websites
and
other
illicit
content.
Governance,
risk,
and
compliance
(GRC)
programs
are
intended
to
demonstrate
compliance
for
audits
or
to
assess
the
security
posture
of
another
organization
during
a
corporate
merger
or
acquisition.
TikTok
is
just
one
recent
example
of
banning
access
to
an
app.
New
York
City
public
schools
have
banned
ChatGPT.
And
there
are
ongoing
concerns
that
a
rogue
employee
could
install
cryptomining
software
on
a
corporate
network.
Of
course,
preventing
and
detecting
these
risks
and
threats
has
become
substantially
harder
since
cloud
computing,
mobile
devices,
and
the
Internet
of
Things
have
radically
transformed
the
network
perimeter.
The
network
perimeter
has
been
atomized
by
decades
of
digital
transformation,
which
means
it
has
become
dispersed,
ephemeral,
encrypted,
and
diverse.
Mobile
and
remote
workers
are
accessing
data
and
applications
scattered
across
multicloud,
hybrid-cloud,
and
on-premises
infrastructure.
Legacy
application
appliances
have
been
retrofitted
to
interoperate
with
cloud
environments.
IT/OT
convergence
is
enabling
applications
to
access
physical
environments
as
easily
as
IT
networks.
A
Paper
Tiger:
Policy
Without
Enforcement
As
organizations
have
moved
to
adopt
zero-trust
security,
network
security
and
identity-based
access
controls
have
been
lagging
behind
endpoint
and
detection
and
response
(EDR)
deployments.
Unfortunately,
identity-based
threats
can
elevate
endpoint
privileges
to
disable
EDR
agents
and
to
access
the
network,
where
threat
actors
can
hide
between
the
gaps
of
disconnected
technologies
and
the
teams
that
manage
them.
Furthermore,
many
endpoint
and
network
devices,
such
as
IoT
devices,
serverless
platforms,
routers,
switches,
and
SCADA
systems
are
incapable
of
running
EDR
agents
in
the
first
place.
And
all
of
this
assumes
that
the
cybersecurity
team
is
aware
of
every
endpoint
connected
to
the
network
and
has
a
way
to
control
them,
which
is
not
always
the
case.
Entire
classes
of
devices
may
be
left
unprotected,
so
having
an
effective
network
security
architecture
beyond
access
control
and
access
brokering
is
even
more
important.
However,
the
chaotic
nature
of
network
traffic
makes
visibility
difficult.
Traditional
solutions
usually
don’t
support
the
cloud,
and
cloud-based
approaches
tend
to
focus
on
specific
cloud
environments.
Detecting
and
stopping
attacks
is
incredibly
difficult,
given
the
opacity
and
gaps.
One
major
concern
with
TikTok
and
other
apps
is
the
potential
for
unauthorized
access
to
the
network
and
devices
through
excessive
permissions
or
embedded
spyware,
which
may
be
used
for
espionage.
To
address
these
concerns,
it
is
important
to
categorize
the
types
of
infrastructure
and
the
traffic
that
needs
to
be
monitored.
By
mapping
out
the
infrastructure
and
analyzing
real-time
data,
it
is
possible
to
identify
and
alert
on
policy
violations
and
to
integrate
these
alerts
into
existing
workflows.
Invent
the
Universe:
Comprehensive
Visibility
and
Real-Time
Verification
The
famed
astrophysicist
Carl
Sagan
once
quipped,
“If
you
wish
to
make
an
apple
pie
from
scratch,
you
must
first
invent
the
universe.”
The
same
goes
for
enforcing
cybersecurity.
Without
comprehensive
visibility
of
the
network
and
real-time
verification
of
governance
policies,
it
can
be
difficult
to
know
if
they
are
being
enforced.
This
is
especially
true
when
relying
on
outdated
technologies
or
host-based
monitoring,
which
may
not
provide
a
comprehensive
view
of
network
activity.
For
example,
I
recently
spoke
with
a
company
that
discovered
one
of
its
factory
machines
—
which
was
in
production
and
should
have
been
isolated
from
other
networks
—
was
browsing
TikTok
and
Facebook.
This
was
a
clear
indication
that
policy
enforcement
had
failed,
leaving
the
machine
compromised.
And
just
as
you
cannot
bake
without
precisely
measuring
your
ingredients
and
knowing
the
temperature
of
the
oven,
you
cannot
enforce
cybersecurity
policy
without
comprehensive
and
real-time
visibility
into
endpoint
devices
and
network
traffic.
Visibility
is
a
foundation
of
cybersecurity,
which
is
why
so
many
compliance
frameworks,
such
as
SOC
2
and
ISO
27001
include
the
creation
of
an
asset
inventory
among
their
first
requirements.
It
can
be
easy
to
be
drawn
in
by
the
allure
of
shiny
new
solutions
—
and
certainly
cybersecurity
professionals
do
need
to
monitor
emerging
risks,
threats
and
trends
like
these
recent
TikTok
bans
—
but
I
would
contend
that
the
majority
of
cybersecurity
challenges
can
be
fixed
with
a
focus
on
the
fundamentals:
enforcing
corporate
policy
with
the
visibility
needed
to
do
so.
About Author
