By Rob Greer, Vice President and General Manager, Symantec Enterprise Division\n\nAs the GM of Symantec, I had the good fortune of being able to attend both the Gartner Security & Risk Management Summit and the 2022 RSA Conference the week of June 6. While attending two conferences on different coasts in a single week gave me jet lag, it also gave me a chance to hear again the concerns of some of the smartest security practitioners around \u2013 our customers.\n\nStrolling through the hall exhibits, where so many cybersecurity vendors showcased their products and services, I could only imagine how challenging it is for an organization to break through all the white noise and conflicting messages, and zero in on the best solution for their environment. Here are key takeaways from my week at both conferences.\u00a0\n\nTools management overload is a huge problem.\n\nThis was a hot-button topic everywhere I turned. More tools require extra work to manage but don\u2019t guarantee more security. Enterprises wind up running security products from different vendors side by side that have little integration or coordination, leaving dangerous gaps in their defenses. And organizations don\u2019t have the bandwidth to act as system integrators for so many different vendors and products. As a result, CISOs are rightfully raising questions as to why they still get breached and fail audits while absorbing the high costs of purchasing and managing more and more tools.\n\nIntegration that reduces complexity will become a dominant trend.\n\nI hear the same request from customers over and over: They want out-of-the-box integration, especially when deploying multiple tools from the same vendor. As an industry, it\u2019s clear that we need to reduce the number of management consoles, reporting infrastructures, and inspection engines for our customers. That also means offering common ways to authenticate, run reports, and check for threats. Not to mention, customers should be able to perform multiple security functions without needing to deploy a large number of agents. For example, any customers deploying Symantec Endpoint Security Complete can use the same agent to redirect traffic to our Symantec Enterprise Cloud when they're exposed on the internet and not behind a proxy or firewall. All that traffic is then tunneled to our cloud where it gets inspected just as if the user was on a protected private network. We\u2019ve similarly integrated our Zero Trust Network Access, Web Isolation, and our Secure Web Gateway technologies so that our customers don't need to manage disparate solutions. Frankly, not all of our competitors have similarly grasped this message.\n\nSecurity in the post-Covid world has changed.\n\nAfter what we all went through in the last two years, customers need to treat their internal environment as if their employees all work from their local coffee shops. Forget the conventional thinking about network security. It\u2019s now all about identity, the data, the applications, and the devices that you need to protect. Traditional notions about the network no longer apply. Don\u2019t assume you can trust any packets on your network, and it\u2019s no longer reasonable to believe you\u2019re going to always stop adversaries at the front door. So, it becomes all the more critical to continuously track the behavior of every user and every system inside your environment, and immediately block anything outside the norm. This also underscores the need to embrace Zero Trust \u2013 but, as I talk about next, make sure you understand what that entails.\n\nZero Trust isn\u2019t what you might think.\n\nIt\u2019s altogether unsurprising that many security companies are hyping \u201cZero Trust solutions.\u201d That\u2019s false advertising. Zero Trust is an approach, not an outcome. It's part of a philosophy and a way of thinking about overall security. Simply put, nothing can be trusted. As a result, you need to put in the right checks and balances \u2013 based on context \u2013 to determine how you allow individuals or devices to communicate with your applications and data. And there is no real finish line. Zero Trust is a journey and not something that you'll ever be finished with.\n\nA cybersecurity skills shortage is no closer to resolution.\n\nThe biggest issue facing the industry remains the lack of qualified individuals who can work in cybersecurity. We\u2019re lucky to work in a fascinating sector but there remain too many open job slots. Fixing the problem will take time and is going to require clever solutions. Beyond the obvious need to automate more front-line security tasks, we simply need more qualified cyber defenders in the market. I spoke with one executive from a Bay Area company that is creating a fund allowing anyone going to a public community college to get cybersecurity training for free. That\u2019s a great idea. I have been in this industry for many years, and there will always be a skills shortage, so every effort to address this is a step in the right direction.\n\n\n\nHybrid cybersecurity is a real \u201cthing.\u201d\n\nThere is no doubt that we\u2019re in a world where the majority of organizations intend to move their workloads to public clouds. However, it\u2019s a mistake to believe that this decision is \u201call or nothing.\u201d It\u2019s unlikely to ever be the case that any large company moves all of their applications and data exclusively to a single cloud vendor. Enterprises still want to leverage multiple clouds, including their own. When companies operate their own data centers on-premises, they can more easily implement their own unique requirements. And even for companies moving to the public cloud, most go the multi-cloud route to give themselves more flexibility.\u00a0\n\nStabilize your identity infrastructure.\n\nCybersecurity solutions are not nearly as effective in any organization that fails to build a robust identity infrastructure with multifactor safeguards. It\u2019s still common to find organizations that haven't integrated Active Directories from multiple trees that may reside in different parts of their enterprise. That likely means that privileged credentials are spread out everywhere and not being governed effectively. Accounts that should be disabled or deleted are still active. It\u2019s hard to solve security problems when your own identity trees aren\u2019t properly managed.\u00a0\n\nThe security conversation must continue.\n\nCustomers must keep asking themselves basic questions so as not to leave themselves vulnerable to attacks. Questions such as:\n\nAny organization that ignores foundational hygiene and gets distracted by the shiny new objects marketed at cybersecurity shows like RSA exposes their company and their customers to significant risk.\n\n\n\nTo learn more about how Broadcom Software can help you modernize, optimize and protect your enterprise,\u00a0contact us here.\n\nAbout the Author:\n\nRob Greer is Vice President and General Manager of the Symantec Enterprise Division at Broadcom (SED). In this role, he is responsible for the go-to-market, product management, product development and cloud service delivery functions.