Security at the enterprise edge
Security at the enterprise edge
There's no doubt that doing business in this day and age is exciting.
Whether you're a start-up or a large corporation, we've entered an era where everyone feels free to discover new tools and ways of working and to put them straight into everyday use. Cloud, social media and mobile devices are laying the foundations for innovation and are liberating the workplace, which is a great prospect for businesses that want to make the most of the latest advances in technology.
Yet there is no such thing as a free lunch, and this feast of innovation must exact its price.
Security in the new business age
With new opportunities, come new challenges. Gartner recently predicted that by 2017, 40 per cent of enterprise contact information will have leaked into Facebook via employee's increased use of mobile applications.
As the latest advances in technology converge in the workplace, it's putting huge pressure on businesses across all industries to keep up with the associated shift of the enterprise edge. The first crucial step for industry leaders is to understand the transition from a network-based ‘boundary' approach to security to one hinged on the enterprise ‘edge.'
To put it simply, the classical approach to controlling the flow of data is now extinct. Back channels and side channels that are harder to regulate, irrespective of an organisation's attempt to limit or control mobile devices, have been established, pushing mission critical data into places that didn't exist before. Consequently, we're continuously attempting to monitor, analyse and protect data outside our direct sphere of control.
Getting up to speed on edge security
For businesses to succeed, they need to be aware of and respond to the specific security requirements that apply to the edge of their enterprise. Breaches of data privacy and potential cyber attacks can bring with them serious brand damage, exposure to corporate information and hefty fines from regulators or governing bodies.
By adjusting and preparing for new security risks, organisations can focus their efforts on getting the most out of their corporate data and enjoy the benefits of the cloud, mobile and social without fear.
Two major trends have caught my eye over the past few months that are at the forefront of security strategies for the enterprise edge. The first is identity management. We all experience very personally the hassle of keeping track of dozens of different pins and passwords, and typically our personal management practices are abysmal. But in a corporate context, strengthening password policies or authentication technologies can backfire and actually weaken security unless accompanied by federation and consolidation.
There are some fantastic new technologies available, driven by new standards development and their adoption in the public internet world by the likes of Facebook and Twitter, which have great potential to be applied to corporate data protection.
The second trend is a shrinking of the concept of a network zone, even a DMZ, down to more specific precision controls over data and applications. New centralised management tools have realty expanded the scale and complexity of ‘edge' networks that can be efficiently and correctly administered, making broader layered strategies like DMZs somewhat primitive by comparison.
Meanwhile, the application of Big Data techniques to security tools and visualisations allows IT to keep an eye on these more complex networks with decreased reaction times.
Related to this concept is the growing importance of APIs. If a classical approach involves moving the data to where it is needed, these new techniques suggest that pulling the data through an edge in an online on-demand fashion may allow you to implement more fine-grained policy, better tracking, and quicker reflexes. As the workforce becomes increasingly mobile, this approach becomes almost imperative.
This doesn't mean that you should immediately discard your user database, virus scanners, traditional firewalls and safe zones, but by identifying edges instead of zones and applying access controls and filtering policies at these edges, businesses can more efficiently understand how data is flowing and adapt to new requirements with less fear of unintended consequences. The first step in preparing for this is to look beyond traditional network control.
Finding the right fit
Of course, there is no one-size-fits-all approach when it comes to investing in the latest data security. Security is a risk management balance, and the appropriate investment for a given business at a given time depends on the threat landscape, industry and other regulations, cost of a breach, and so on.
Some firms, for example financial institutions, may be more cautious in their adoption of new technologies as they wait for audit practices to be understood. Yet other firms may depend on the latest and greatest features to remain differentiated, and will need to be equally aggressive in adopting modern security approaches.
A fine-grained edge approach will enable some businesses to assume different postures in different business lines. Security is a business initiative - more security is certainly more security, but not necessarily better business.
Finally, remember that like a transatlantic cruise, security is a journey, not a destination. Attackers are better organised than ever before and rapidly adopt the latest tools, so organisations need to fight fire with fire. Technologies, features, market demands, workplace evolution – the rate of change in the corporate IT landscape continues to increase.
At this inflection point, the time is right to adopt some new thinking about the shape of the enterprise and its data by looking for the edge.
John Thielens is chief security officer at Axway