As CIOs assess how best to do business in a new, borderless environment, they are investing in new network infrastructure such as hybrid networks, cloud connect access, Software Defined Wide Area Networks (SD WANs) and Network Function Virtualisation (NFV).
This world of ‘future networks’ has deep implications for cyber security. Instead of the traditional ‘fortress model’ — where the boundaries of an organisation’s network were tightly defined and perimeter network controls such as firewalls guarded against malicious incoming and outgoing traffic — security now has to contend with a new, borderless environment.
The fortress model was based around the understanding that MPLS connectors ‘locked down’ a set, secure pathway between processing and storage at different locations. Now, users can connect to corporate resources via a plethora of different routes, which have reduced security to enable flexible connections.
This environment has many more break out points to the internet, many more devices connected to it, much more data stored within and travelling across it. It also includes third-party cloud-hosted services and infrastructure. In short, the size and complexity of the attack surface has grown, and with it the difficulty and cost of protecting it from a cyber attack.
So let’s take a look at some of the core challenges you’ll face in this environment, and how to deal with them as your business moves forward.
Enable your employees to collaborate and access corporate resources whenever they need to and wherever they are.
As Software Defined Networks (SDNs) arrive, the key to success for customer and provider will be the orchestrated and controlled delivery of security options. They will initially replicate the controls that are delivered today inside their network, but also the layers and controls that are assumed when corporate services are stored physically onsite. This changes the dynamic from delivering security services at the pace of the supplier to delivering them at the pace the customer needs them, matching the cloud value model. This will enable rapid growth and also remove the risk of the cloud journey.
A key threat to internet-facing services are DDoS attacks, where websites are flooded with huge volumes of bogus traffic, paralysing them, and leaving them unable to respond to genuine user requests. There has been a steep increase in the number and scale of these attacks, as hackers take advantage of the growth in connected devices — many with very limited, if any, security.
As the SDN world develops, DDoS services will expand out to include the network and destination protections, such as Web Access Firewalls and the network circuits themselves. This will then improve early warning systems as the different network circuits start to see an increase in traffic before they arrive at the customer’s environment. The result would be services that are designed to enable a business to maintain services, either from direct traffic or indirect traffic anomalies that can occur at multiple levels of the network delivery.
Organisations need to make sure that their employees can access the resources and data they need, at the right time, from wherever they are.
The security of an individual’s identity and their access control will have to change dynamically, as today the access is mainly from laptops and mobiles that authenticate when they require access to certain resources. Users will drive the requirement to access those same resources from newer, less controlled devices (including IoT devices). This means the standard working patterns will change, and therefore the way we manage users’ security — the control of their identities and their role in management of resources and data — will become more important. As points of access increase, organisations will have to rely upon more data and application security options to understand the patterns of identities and how those identities change between varieties of applications.
To ensure that sensitive transactions can be performed securely across inherently insecure networks, such as the internet, customers need a Managed Public Key Infrastructure service to authenticate users, restrict access to confidential information and verify the ownership of sensitive documents.
Application-focused security options are going to become more important, as network controls and the network perimeter decrease. Once the network and identity protection is in place, security around the applications themselves will require updating. This starts with valid certificates confirming the applications’ authorities and ensuring the right interactions with the application occur. Options around Blockchain verification of applications, and potentially devices, then gives the managed services behavioural insight to better understand valid application transactions.
Customers are connecting more and more smart devices to their network, many with little or no security built in. These represent the Achilles’ Heel of many organisations and are obvious targets for an attack.
Customers therefore need an endpoint and device security service that ensures security policies are implemented for user devices. It should also quarantine any suspicious devices from the rest of the network until all problems have been dealt with.
As you can see, there’s a lot to think about. To make planning your future cyber security easier, you need all the information you can get your hands on, at your fingertips.
The security level is the first capability which is reduced as devices increase the flexibility with which they are able to connect to corporate resources. This is due to the race to bring an increasing array of connected products to market, the smaller size of many devices and wanting to enhance the ease of user experience. IoT devices are a classic example of this — we have seen an increasing number of very powerful Distributed Denial of Service (DDoS) attacks launched by botnets against connected devices, such as the Mirai botnet.