Embedded network security: defence at all levels
- — 06 July, 2012 11:27
Perimeter controls are no longer enough
Confidential information is increasingly at risk in many organisations. Recent incidents have shown that perimeter controls are no longer enough—businesses need to seriously update their security strategies to reflect new threats and new working practices. With bring-your-own-device becoming the norm and employees becoming more mobile, company data is increasingly being taken out of the organisation on laptops, smartphones, tablets and more. Third parties are connecting to the corporate network on devices that the IT department has little, if no, control over, and branch offices are becoming the mainstay of multinational organisations.
The traditional perimeter around a business is no longer there, so companies must adapt to ensure their security, both internal and external, is up to scratch. Those businesses who do not modernise their security will inevitably be more at risk of a security breach that has the potential to seriously disrupt regular business activity.
The Nomadic Challenge
In the knowledge economy, rock-solid security is a must have. Intellectual property is at a financial premium, so it is essential to protect it from inadvertent loss and to keep it out of the reach of professional fraudsters. Information is becoming increasingly difficult to secure in companies that have many branch offices with limited IT resources and growing numbers of mobile workers.
The task of securing information has been made much more difficult by the workforce becoming increasingly nomadic. While this extends a company’s reach, it also extends their risk. Confidential information is frequently out in the field and away from the direct control of the IT department. With increased mobile working, it is not all that surprising that there has been a rise in laptop loss and theft, and yet, few companies encrypt the data stored on mobile devices.
The 3rd Party Challenge
It is not just mobile employees who can put a strain on an organisation’s security. An increasing number of organisations are inviting third parties into their corporate environments and providing them with company services, such as email, web portals and business applications. In security terms, third parties introduce an unknown quantity into the organisation—their devices may not be secured and could potentially introduce malware into the network, or they may not be properly identified and inadvertently given access to confidential information.
The Remote Site Challenge
It is at smaller sites where the risk is most pronounced. Many multinationals have moved away from having a handful of very large sites and offices to a decentralised infrastructure with many smaller offices, depots, sites or outlets. Centralised delivery of enterprise applications over the corporate WAN is empowering this change, however, this often means that there is very little IT resource needed at smaller sites. Although this centralised delivery is an efficient use of resources for application delivery, it leaves smaller locations exposed with little to know IT security onsite.
The Trusted Zone Challenge
Essentially, the corporate network cannot be relied on to be the “trusted zone” that it once was. Organisations need to become “de-perimeterised”. There is no point in having an enterprise perimeter if workers need to access corporate information when they are outside of it. To protect the de-perimeterised organisation, it is important to have security embedded throughout the business.
Enterprises need to have consistent and comprehensive security from the edge of the enterprise through the local area network to the end user. All assets and sites need to be protected as security is only as strong as the weakest link. Automatic preventative devices, which can automatically take action based on what the device has detected, should be embedded throughout the organisation at all layers. Security controls need to be embedded in the infrastructure layer, the transport layer and the application layer in order to ensure that the entire organisation is secure from threats.
For example, user authentication needs to be embedded within the application layer to control access to company resources. The level of accreditation needs to be automatically calculated based on the user’s personal security level and the device and network from which he or she wishes to access the resource.
Embedded network security Opportunity
The de-perimeterisation of an organisation means that security breaches don’t just happen outside a nominal boundary that is protected by a firewall, they can happen just as easily inside. For this reason it is essential to also embed security in the transport layer so that all communications within the business are protected from security breaches.
For too many businesses, security is still seen as merely an expense, when in fact good security offers many business advantages. Security must be seen as an essential element to growing the business, as it not only protects users, but it also enhances productivity by making sure the right people access the right resources at the right time. Embedded network security can ensure that an organisation is secured from top to bottom, providing invaluable peace of mind.