| |||||||||
| |||||||||
Current Filter: >>>>>> Frictionless security Editorial Type: Opinion Date: 09-2015 Views: 2066 Key Topics: Networking Security Key Companies: Certes Networks Key Products: Key Industries: Government Health Retail | |||
| Adam Boone, Chief Marketing Officer at Certes Networks sets out three principles for protecting applications in the modern enterprise Once upon a time, information security was much easier. Our most important information was printed on paper and locked away in filing cabinets or safes. But our new world of digitised information and networked applications has unlocked this data and set it free. It's commonly called the frictionless enterprise. Networked applications now support and drive daily business operations, yielding great gains in efficiency, competitiveness and productivity. Increasingly, organisations are:
• Permitting employees to work at home, on trains and in coffee shops While this all represents opportunity, we must consider the mounting evidence on the dark side, including:
• Shared applications are more easily hacked It's not surprising then that high-profile retailers, governments, media companies, health care entities and others have each taken their embarrassing turn in data-breach headlines. It doesn't need to be this way, and organisations can achieve the benefits of the frictionless enterprise by employing a new approach to IT security that reduces the risk of breach using three principles.
PRINCIPLE 1: NO TRUST These assumptions are no longer acceptable. Hackers have turned trusted networks into playgrounds, moving laterally from system to system and exfiltrating data with impunity. By compromising one user, even a contractor, hackers get past the firewall and enjoy access to essentially anything. A no-trust security model means that no network is trusted, inside or outside the perimeter. Additionally no user is fully trusted and equally, no device is trusted.
PRINCIPLE 2: APPLICATION SEGMENTATION
• Segmentation Fragmentation: each network hop, each siloed domain, each type of device and each application will have its own method of segregating traffic. It is very difficult to manage end-to-end security that addresses all networks and all applications simultaneously and consistently The most secure enterprises have adopted crypto-segmentation; meaning that they encrypt all sensitive application flows inside and outside the perimeter. To achieve this requires eliminating siloes and establishing a centralised method of creating and managing policies and keying for end-to-end protection across all applications and networks.
PRINCIPLE 3: ROLE-BASED ACCESS CONTROL Crypto-segmentation combined with role-based access means authorised users can access applications encrypted from server to user. If a user is compromised, hackers can access only that user's applications. Lateral movement to more sensitive applications is blocked. The breach is contained. These next-generation security principles enable a company to adopt new networked applications more rapidly, with less risk, and maximise the benefits of becoming a frictionless enterprise. NC | ||
Like this article? Click here to get the Newsletter and Magazine Free! | |||
Email The Editor! OR Forward Article | Go Top | ||
PREVIOUS | NEXT |