People have wandered a long way outside of the secure walls of corporate computing. Your users are working from more places than you can keep track of. They are using devices you may or may not own, and cloud services you may or may not know about. In fact, about 40% of cloud services are procured outside of the IT department. Whether this was your choice or not doesn’t really matter, what matters is that the perimeter concept of information security is rapidly disappearing. The solution is to move to either a pure cloud or a hybrid cloud strategy. With budgets flat and businesses demanding growth and cost savings, the efficiency of cloud services are essential. This applies to security, too.
Over the past three decades, a distinctly defined perimeter has been one constant characteristic of information security. Organizations relied on the fact that their assets would operate behind a defined perimeter. Data centers were on premise, and most of the user devices were, too. The increased adoption of laptops brought us VPNs, which was primarily an effort to extend the perimeter.
Today, our architectures are very different, driven by a wealth of portable devices, cloud computing, and a highly-mobile workforce. Everyone wants access to everything, everywhere, at any time. The VPN model of connecting “back” to the corporate environment suffers from network latency and the need for multiple holes in the firewall. The old architecture has become too cumbersome, so it is time for a new one.
The new security architecture is cloud-based, virtualized, and more concerned with data than location. Security-as-a-service continuously monitors web traffic, regardless of where it originates from. Instead of trying to redirect all user traffic to an on-premises web security gateway, cloud-based web gateways operate where the users are. This configuration improves performance and reduces network complexity, maintaining security at all off-premise locations.
Cloud access security brokers (CASB) and data loss prevention (DLP) solutions apply enterprise privacy and security policies to cloud services. These tools make sure that data is appropriately encrypted when in transit or in storage across cloud services, and protect sensitive corporate data from moving to inappropriate locations. They also provide the essential service of monitoring traffic to and from the cloud, helping to identify and secure Shadow IT instances that are a high-risk point for most organizations.
Finally, virtual network security platforms (vNSP) are the protectors of public cloud services and traffic. Security services are matching the path of other computing functions, bringing the efficiency and agility of virtualization to cyber defense. Virtual network security readily scales and adapts to dynamic virtual workloads. Perhaps more important, virtual intrusion prevention systems (IPS) deliver inspection and visibility capabilities for east-west traffic that was often overlooked or assumed to be secure in physical data centers.
Your organization needs flexibility, agility, and constant connectivity, and innovators responded with public and hybrid cloud compute models that are meeting these needs while reducing costs. Your security needs similar characteristics and security innovators have responded. As devices, data, and people spread across physical and virtual environments, make sure that they do not go there unprotected.
As the perimeter changes, so do the objectives of the security team. The primary job is now minimizing risk, especially as devices, data, and processes spread out among the clouds. Next is minimizing business slow-downs and interruptions, and cloud-based security addresses traditional bottlenecks and points of failure with distributed processes, at a significant savings.
Third, security needs to actively help the business grow and remain competitive. Every organization now uses technology as an enabler of speed, efficiency, and efficacy. Empowering users to work when mobile and connect to data and applications when needed is an important part of business strategy. Focusing on the data and incorporating security from ideation through deployment is necessary for the organization to succeed, securely.
Your security perimeter may be gone, but your people, devices, and data can travel safely and securely with virtualized and cloud-based defenses that operate at the speed and scale of your organization.