Embedded network security: defence at all levels

Perimeter controls are no longer enough

Confidential information is increasingly at risk in many organisations. Recent incidents have shown that perimeter controls are no longer enough—businesses need to seriously update their security strategies to reflect new threats and new working practices. With bring-your-own-device becoming the norm and employees becoming more mobile, company data is increasingly being taken out of the organisation on laptops, smartphones, tablets and more. Third parties are connecting to the corporate network on devices that the IT department has little, if no, control over, and branch offices are becoming the mainstay of multinational organisations.

The traditional perimeter around a business is no longer there, so companies must adapt to ensure their security, both internal and external, is up to scratch. Those businesses who do not modernise their security will inevitably be more at risk of a security breach that has the potential to seriously disrupt regular business activity.

The Nomadic Challenge

In the knowledge economy, rock-solid security is a must have. Intellectual property is at a financial premium, so it is essential to protect it from inadvertent loss and to keep it out of the reach of professional fraudsters. Information is becoming increasingly difficult to secure in companies that have many branch offices with limited IT resources and growing numbers of mobile workers.

The task of securing information has been made much more difficult by the workforce becoming increasingly nomadic. While this extends a company’s reach, it also extends their risk. Confidential information is frequently out in the field and away from the direct control of the IT department. With increased mobile working, it is not all that surprising that there has been a rise in laptop loss and theft, and yet, few companies encrypt the data stored on mobile devices.

The 3rd Party Challenge

It is not just mobile employees who can put a strain on an organisation’s security. An increasing number of organisations are inviting third parties into their corporate environments and providing them with company services, such as email, web portals and business applications. In security terms, third parties introduce an unknown quantity into the organisation—their devices may not be secured and could potentially introduce malware into the network, or they may not be properly identified and inadvertently given access to confidential information.

The Remote Site Challenge

It is at smaller sites where the risk is most pronounced. Many multinationals have moved away from having a handful of very large sites and offices to a decentralised infrastructure with many smaller offices, depots, sites or outlets. Centralised delivery of enterprise applications over the corporate WAN is empowering this change, however, this often means that there is very little IT resource needed at smaller sites. Although this centralised delivery is an efficient use of resources for application delivery, it leaves smaller locations exposed with little to know IT security onsite.

The Trusted Zone Challenge

Essentially, the corporate network cannot be relied on to be the “trusted zone” that it once was. Organisations need to become “de-perimeterised”. There is no point in having an enterprise perimeter if workers need to access corporate information when they are outside of it. To protect the de-perimeterised organisation, it is important to have security embedded throughout the business.

Enterprises need to have consistent and comprehensive security from the edge of the enterprise through the local area network to the end user. All assets and sites need to be protected as security is only as strong as the weakest link. Automatic preventative devices, which can automatically take action based on what the device has detected, should be embedded throughout the organisation at all layers. Security controls need to be embedded in the infrastructure layer, the transport layer and the application layer in order to ensure that the entire organisation is secure from threats.

For example, user authentication needs to be embedded within the application layer to control access to company resources. The level of accreditation needs to be automatically calculated based on the user’s personal security level and the device and network from which he or she wishes to access the resource.

Embedded network security Opportunity

The de-perimeterisation of an organisation means that security breaches don’t just happen outside a nominal boundary that is protected by a firewall, they can happen just as easily inside. For this reason it is essential to also embed security in the transport layer so that all communications within the business are protected from security breaches.

For too many businesses, security is still seen as merely an expense, when in fact good security offers many business advantages. Security must be seen as an essential element to growing the business, as it not only protects users, but it also enhances productivity by making sure the right people access the right resources at the right time. Embedded network security can ensure that an organisation is secured from top to bottom, providing invaluable peace of mind.

Original Publication

Safeguard security with gateway consolidation

Just like the doors to your house, your internet gateways are the one point where you can see (and decide) what comes in and out. The gateway is exposed to all sorts of security threats, from hacking attempts, to spam, phishing and viruses. It’s critical that you define clear security rules for your gateways and deploy corresponding processes to keep them up to date.

Every company has increasing numbers of employees needing to work remotely while maintaining access to corporate information and communication. It’s a security issue, one of escalating importance.

Despite the serious cyber risks, many companies and multinationals still apply a local internet access policy, with local offices individually managing access to the internet and their corporate network, as well as the security related to that access. The lack of standardised security across a company can cause serious security issues with high potential for exploitation of loopholes. The more points of contact that exist between the internet and a corporate WAN, the greater the risk of attack and impact on business operations – it can take just a few days or even hours for a hacker to exploit a known vulnerability.

It is important to be aware of your network vulnerabilities so that patches can be implemented rapidly when necessary. Such capabilities require time and skilled resources, and expert security specialists can be hard to find, as well as expensive to retain. Having local internet access points also requires hardware and software implemented at each location, with the right management systems in place. It is important to remember that the more local gateways you have the greater your initial capital expenditure, operational costs and security risk will be.

Traditional thinking dictates that there must be strict barriers between the internet and corporate intranets. Over the years, these barriers have become increasingly complex, leading to numerous perimeter loopholes and a huge variety of gateways – and so a greater potential for a loss of network control. The best way to regain control is to consolidate these gateways. Fewer gateways mean lower costs, better consistency and increased compliance with security policy. The concept of consolidating multiple gateways is simple: instead of many points of entry to the internet, only major gateways are retained. Information flows are redirected through the private corporate network to secure, highly available, consolidated internet gateways.

While this may sound simple it is vital that specialists handle the consolidation process to manage and control business risks. A thorough analysis must be undertaken to determine security risks and the associated costs. It should include assessments of IT risk, technical security and vulnerability, and a total cost analysis detailing all expenses such as hardware, software, maintenance, network capacity and staffing costs.

It’s important to realise the benefits of consolidated gateways aren’t just cost-related. By redirecting traffic over your corporate WAN, you can prioritise company internet traffic through different classes of service, ensuring continuity of service for your critical applications and/or customer traffic. You can also choose to host your web, messaging and application servers in the gateway’s demilitarised zone, a separate and protected area of the gateway. You can then (potentially) transfer administration of this area to specialists who can monitor, upgrade, troubleshoot and patch traffic around the clock, ensuring that customers and employees have access to business services at all times.

Consolidating your internet gateways reduces the number of loopholes that cybercriminals can squeeze through, increases efficiency and raises compliance with security policies. Fewer gateways mean fewer complications, reducing the need for multiple layers of security for different devices, portals and locations which can potentially conflict with each other.

Better security and performance at your gateways, lowers the risk to your business and most importantly, your customers.

Original Publication