Management BYOD Infrastructure IoT Storage Security Privacy

Current Filter: >>>>>>

PREVIOUS

   Current Article ID:5866

NEXT



Frictionless security

Editorial Type: Opinion     Date: 09-2015    Views: 2066      







Adam Boone, Chief Marketing Officer at Certes Networks sets out three principles for protecting applications in the modern enterprise

Once upon a time, information security was much easier. Our most important information was printed on paper and locked away in filing cabinets or safes. But our new world of digitised information and networked applications has unlocked this data and set it free. It's commonly called the frictionless enterprise.

Networked applications now support and drive daily business operations, yielding great gains in efficiency, competitiveness and productivity. Increasingly, organisations are:

• Permitting employees to work at home, on trains and in coffee shops
• Allowing contractors, professional services firms and the supply chain to self-manage work orders and billing
• Managing critical operational systems remotely
• Moving data processing to the Cloud.

While this all represents opportunity, we must consider the mounting evidence on the dark side, including:

• Shared applications are more easily hacked
• Digitised data is easier to steal
• One compromised partner or employee puts all digitised assets at risk.

It's not surprising then that high-profile retailers, governments, media companies, health care entities and others have each taken their embarrassing turn in data-breach headlines.

It doesn't need to be this way, and organisations can achieve the benefits of the frictionless enterprise by employing a new approach to IT security that reduces the risk of breach using three principles.

PRINCIPLE 1: NO TRUST
For decades, IT security architectures were based on strong perimeters protected by firewalls to keep unauthorised people out. Internal networks were assumed safe and trusted as was a user being granted access.

These assumptions are no longer acceptable. Hackers have turned trusted networks into playgrounds, moving laterally from system to system and exfiltrating data with impunity. By compromising one user, even a contractor, hackers get past the firewall and enjoy access to essentially anything. A no-trust security model means that no network is trusted, inside or outside the perimeter. Additionally no user is fully trusted and equally, no device is trusted.

PRINCIPLE 2: APPLICATION SEGMENTATION
Once you accept that paranoia is healthy, the next step is to improve protection of sensitive applications wherever they are. Segmentation of networks and applications is best practice in network design, using Virtual Local Area Networks, Access Control Lists and Virtual Private Networks. For many reasons these techniques fall short, including:

• Segmentation Fragmentation: each network hop, each siloed domain, each type of device and each application will have its own method of segregating traffic. It is very difficult to manage end-to-end security that addresses all networks and all applications simultaneously and consistently
• Not Secure: Many segmentation techniques were designed for traffic management, like VLANs, but are not encrypted and easy to circumvent
• Rigid Infrastructure: Firewall throughput is cut to 20 per cent or less with encryption turned on rendering it useless. Attempting to utilise network-based devices to secure virtualised application flows is a proven path to failure.

The most secure enterprises have adopted crypto-segmentation; meaning that they encrypt all sensitive application flows inside and outside the perimeter. To achieve this requires eliminating siloes and establishing a centralised method of creating and managing policies and keying for end-to-end protection across all applications and networks.

PRINCIPLE 3: ROLE-BASED ACCESS CONTROL
Role-based access control is the preferred method for the no-trust security model because it enables users to access the applications they need based on their role. This tightly aligns networked application security with business objectives.

Crypto-segmentation combined with role-based access means authorised users can access applications encrypted from server to user. If a user is compromised, hackers can access only that user's applications. Lateral movement to more sensitive applications is blocked. The breach is contained. These next-generation security principles enable a company to adopt new networked applications more rapidly, with less risk, and maximise the benefits of becoming a frictionless enterprise. NC

Like this article? Click here to get the Newsletter and Magazine Free!

Email The Editor!         OR         Forward ArticleGo Top


PREVIOUS

                    


NEXT