| |||||||||
| |||||||||
Current Filter: Security>>>>>Masterclass> Protecting applications from Firewall failure Editorial Type: Masterclass Date: 11-2015 Views: 2118 Key Topics: Security Network Access Application Security Data Breaches Firewalls Security Policies Key Companies: Certes Networks Key Products: Key Industries: | |||
| How to protect applications, in the context of changing network access and a porous perimeter - Certes Networks provides the strategy The single common security issue in the continuing wave of data breaches around the world has been the over-reliance on firewall-based enterprise perimeters. For far too long, firewalls have been installed and abandoned, even with the advent of Next-Gen. For decades, classic IT security architectures have been built using the assumption that firewalls can be relied upon to keep out unauthorised users and that internal networks and their users can be considered as trusted and safe. However, as breach after breach continues to demonstrate, this notion is obsolete and dangerous. It can lull everyone into a false sense of security, giving rise to the inevitable finger pointing.
WHEN FIREWALLS FAIL Forming part of the frictionless-enterprise, these external parties routinely access resource planning, accounting, inventory and communications applications, conducting self-service of work orders, billing, financial transactions, patient record management and much more. Similarly, new devices including personal devices are increasingly utilised for access to corporate applications inside and outside the perimeter. Bring Your Own Device (BYOD) is a grudgingly accepted practice that has expanded beyond smartphones and tablets into a multiplicity of things. A firewall alone cannot properly police and secure all of these interactions, device and application flows. The performance requirements are too steep and the application flows too fluid for a single infrastructure element - the firewall - to keep pace. This, of course, is no secret, and firewalls are a popular attack vector that's repeatedly exploited. The vector is characterised as follows:
• An attacker compromises employee, contractor or other authorised user's credentials Firewalls, though, are not dead, and they remain an essential component of the security architecture. The question facing security architects centres instead on how to design borderless, software-defined security around the new modes of application sharing and user behaviour that firewalls cannot address.
NO TRUST NETWORKING
• No network is considered safe or trusted, inside or outside the perimeter Once accepted, these assumptions clearly direct the next steps in rethinking the security architecture:
• Networks and applications should be logically segmented to isolate sensitive applications wherever they go Using this approach, an enterprise can establish effective breach containment when the inevitable happens. The resulting security architecture is designed around logical, end-to-end application crypto-segments that provide the same level of security, regardless of where an application flows. Even if the user is compromised, the attacker cannot move laterally from application to application and gain access to sensitive data. | ||
Like this article? Click here to get the Newsletter and Magazine Free! | |||
Email The Editor! OR Forward Article | Go Top | ||
PREVIOUS | NEXT |