In ancient times, cities were often walled fortresses, with heavily guarded perimeters, and strangers were closely scrutinized before being allowed to pass through the gates. Likewise, in the “old days” of computer networking, there were strict lines of demarcation between the internal network and everything outside. Firewalls sat on the network edge like sentinels protecting the borders from untrusted intruders. Users and computers on the inside were considered trustworthy by default.
Things change. Today, most cities are open, with many roads leading in and out and hundreds or thousands of people freely entering and exiting every day. And with the advent of ubiquitous mobile connectivity, virtualization technologies that blur the lines separating physical machines, and everything-as-a-service computing, the concept of an impenetrable perimeter that encompasses an entire organization is dissolving into the thin air of our increasingly cloudy infrastructures.
We’ve heard a lot of talk over the last few years about the disappearance of the network perimeter, but the edge isn’t gone – it just moved. Security is becoming more focused on protecting the data, wherever it might be (on the endpoints, on network storage devices, or in the cloud). What do these changes mean for your business?
If you haven’t done so already, it may be time to reevaluate your entire security strategy. If you cut your IT teeth on the “old school” methodologies, you might be feeling a little lost in this brave new networking world. But the new paradigm isn’t really as different as it seems. It’s just about moving your security inward.
In those walled cities of old, individual homes were far less protected than they are today. They didn’t necessarily have locks on the doors, and windows were mere cutouts that anyone could climb into. Today we’ve moved our perimeters inward, using fences, guard dogs, deadbolts and alarm systems to protect our own properties. This is akin to the host-based firewalls and anti-malware software that protect servers and clients. It’s still perimeter security, but the interior footprint is much smaller.
That’s not the extent of our inward-movement, though. When we have especially valuable assets, such as jewelry or cash, we lock them up in a safe so that even if a burglar manages to break into the house, he’ll have a hard time getting to those things we value most. The most valuable thing we have on our network is data – the business’s trade secrets, employees’ and clients’ personal information, one-of-a-kind intellectual property that can’t be replicated. These most valuable assets should be the focus of your security strategy.
This is known as a data-centric approach to security, and it’s the new paradigm. We can put our data in a “safe” by setting restrictive access permissions on files and folders. Then we move in even closer by using strong encryption so that security is built into the data itself. Even if attackers capture it, it will be unusable to them. We can encrypt entire volumes, folders or individual files.
Sometimes, though, we need to take our valuables out. Maybe we need to take the cash to the store to buy something, or we want to wear the jewelry to a party. Maybe we want to have the stamp collection appraised or cash in the bonds. When we go out in public with our most valuable valuables, we’ll probably take special care to prevent them from being lost or stolen. Maybe we’ll hide the 5 carat diamond necklace in an inner pocket during the cab ride and only put it on when we’re safely surrounded by friends inside a private banquet hall. If we’re transporting a truly large amount of cash, maybe we’ll hire an armed guard to escort us or handcuff the briefcase to our wrist. At the very least, we’ll keep the valuables out of sight and be extra vigilant and avoid going through high crime areas.
There are many ways to protect data when you have to take or send it out of its safe repository, too. You can use IPsec or SSL to protect transmissions, send only over wireless networks that use strong encryption, use rights management to prevent those with whom you share files or messages from copying, printing or forwarding them and so forth. New encryption techniques such as identity-based encryption and format-preserving encryption offer even more flexibility.
At this point, you might be saying, “Wait a minute. That all sounds familiar.” Indeed, it should. If you’ve been doing things right, you already do some or all of this, as part of your defense-in-depth security strategy. While many of the protective technologies remain the same, the focus has shifted. In a world with no borders, it’s every bit of data for itself. And that data has become more difficult to secure, because it no longer resides nicely in one place, on a file server. Cloud storage, BYOD and the distributed processing model of big data make data discovery an all-important and necessary (but often overlooked) first step.
The elimination of borders means more freedom, but with freedom come new challenges – especially on the security front. Welcome to the future.
Discover how you can secure, monitor and manage your network while enhancing productivity, with our network and security solutions today!