Strategic Security Approaches

Beyond Basic Protection

Shared systems and cloud computing have evolved from niche ideas into mainstream business practices. IT decision makers understand that the concept of data ownership has blurred. The network perimeter is all but gone.

In fact, some argue that guarding the network perimeter is foolish. In previous years, IT administrators could build a strong exterior barrier designed to prevent intrusions. Consequently, one could trust that the network core was secure.

This mentality worked adequately when a firm’s workforce was static. However, the enterprise has become highly mobile over the last few years. What’s more, partners, customers and even prospects often require at least some access to internal resources.

Today, Cisco refers to this computing model as “borderless networks.” RSA uses the term “hyper-extended enterprise.” Regardless of the moniker, the situation is the same. As apps and infrastructure move into the cloud, the requirement to harden every piece of infrastructure is paramount.

Security Travels with Data

Today, security must travel with data as it flows between IT systems operated by partners, customers and service providers. Security is now part of the data itself rather than relying solely on security where the information resides.

The ability to encrypt hard drives on mobile devices and use token-based authentication on various systems ratchets up protection. And centralized policy management makes it far more difficult for an employee to accidentally or purposely breach security.

(Note: Data Loss Prevention, or DLP, takes this concept to a higher level. It can analyze data in a more sophisticated way and track how and where it is moving. See right for details.)

The benefits of this approach extend beyond stronger security. It also leads to more efficient spending on infrastructure security. Infrastructure systems will strongly authenticate users and devices, and grant access to only needed resources.

This approach also marks a shift away from concentrating on firewalls, antivirus and Intrusion Prevention Systems (IPS). They will now be considered the last line of defense.

Inside-Out Security Model

If history is any indication, hackers and crime syndicates will always find new ways to penetrate networks — often at the worst possible moment. Factor in challenging economic times and it’s clear that businesses are looking to optimize resources while approaching network security in a more comprehensive way.

Such thinking has progressive IT administrators looking to adopt an inside-out approach to network security. Such a strategy aims to maintain business functions and operations during any cyber attack or other security threat.

An inside-out security approach attempts to take control of the network via two elements: secure design and threat protection.

Secure design builds policy enforcement into the fabric of the infrastructure to ensure that only trusted people and devices participate in the network.The secure design toolbox includes authentication technologies, Virtual Private Networks (VPNs) and network quarantining systems.

Threat protection incorporates multilayer network security as a way to minimize inside and outside risks. Here, effective security strategies include the use of Intrusion Detection Systems (IDS), Public Key Infrastructure (PKI) access control and DLP tools.

Trusted Security Measures

The continued use of niche security tools — firewalls, antivirus, IPS and similar systems — is still vital. In addition, firms must adopt solutions that function effectively across a supply chain, authenticate users and devices, encrypt sensitive data and grant access to resources only as its needed. The end goal is to achieve a high level of interoperability. IT leaders also want to improve data management from creation to its logical endpoint.