Click to learn more about author Don Boxley.
Few positions can rival the responsibilities of security and other IT administrators. With the weight of an entire organization’s data protection and management on their shoulders, these professionals need clarity and simplicity when it comes to setting their goals and priorities.
With that in mind, I’d like to make it as easy as possible for these invaluable individuals to focus on what matters. I’ve boiled it down into the following two questions that every IT professional charged with data security should care about more than anything else on their plate:
The first question is: How are we handling access for remote users, third parties, and others in our partner network?
The fact that the world has changed dramatically when it comes to workforce digitization and everything IT-related helps explain why today’s security often fails us. Many companies are still foolishly relying on technologies designed for an earlier era to secure corporate perimeters. Yet in light of how ubiquitous data breaches have become—5 billion records were exposed in 2018 alone, according to CSO—clearly the old choices are no longer working. The hackers are winning, and that can in part be traced back to an overreliance on virtual private networks (VPNs) for secure web connections.
What’s wrong with VPNs and other types of tried-and-true perimeter security? The main problem is that they were designed for a world before cloud became king. Back in the day when companies only had physical servers and virtual machines to worry about, traditional perimeter security, including direct-link formats, were all you needed for reliable web security.
But things are much different now. Think about how businesses today are structured—you’re much more likely to be juggling a mix of hybrid and multi-cloud deployments, with cloud co-mingling with on-premises scenarios. Because of these massive shifts, organizations need a new security strategy to reflect the current reality. Fortunately, secure technology solutions have evolved as well to move companies beyond the limitations of VPN.
In particular, a growing number of IT and security leaders are discovering the value of software-defined perimeter (SDP) solutions, which can help with managing access rights for third-party vendors and other remote users to ensure that only specific services can be accessed—services that IT defines. Data access and sharing for strategic partners has become a new imperative in the cloud environment, which necessarily raises new concerns about data security. Without an SDP approach, conducting digital business with a third-party partner becomes risky business.
The second question is: If we remove all remote users and external vendors from our network, how can these important partners still access what they need for business purposes?
This is a “baby with the bathwater” situation. In an understandable effort to keep cybercrime at bay, many companies set policies that prevent any remote users from being able to get onto the corporate network at all. This makes perfect sense on one level, since would-be hackers commonly use access controls and broken authentication to get their hands on unauthorized identities, data, and/or functionality.
Yet although this approach helps boost security by reducing the potential attack surface, you end up with a new problem: your enterprise misses out on the ability for third-party vendors and partners to conduct digital business on your company’s behalf. By using an SDP solution, you can meet security needs as well as business goals. SDP both minimizes the exposed surface area for lateral attacks and ensures that digital business continues for your partner network.
Now that you have your marching orders for the two most important security issues that you should be thinking about if you’re an IT or business professional in charge of data security, consider two critical points before deciding to invest in any new technology or security solution:
• Application segmentation. Your remote-access technology should allow IT to segment not by network, but by application—a feature of SDP solutions. The benefit here is that outside vendors are limited only to specific access to exact services rather than having the run of the whole system. Needless to say, this slashes chances of attacks to the lateral network.
• Heterogeneous routers. I’ve already mentioned some of the limitations of VPNs, so here’s another to add to the list: complexities with configuration. By needing dedicated routers, firewall procedures, and access control lists, VPNs raise the risk of a successful data breach. This is why you want your third-party remote-access solution to support not simply one router, but a heterogeneous router environment. SDP solutions support this requirement.
There’s another advantage as well to this approach: you can steer clear of frustrating lock-in from router vendors. Technology based on SDP enables seamless shifting from cloud to cloud as needed, scaling across hybrid cloud environments even with multiple partners.
In short, with so much business now conducted in the cloud and third parties legitimately needing a secure way to access some of your data where it lives, partner and vendor data access should be at the top of the list of concerns for any IT and security professional. By prioritizing implementation of an updated SDP solution to manage remote access rather than attempting to put yesterday’s square peg into today’s round hole with a VPN, you can ensure that your enterprise has done everything it can toward optimum security.