By Steve McNicholas, Chief Technologist, DWP Account, and Fellow, HP Enterprise Services
The demands on today’s global enterprise have made rigid security networks nearly obsolete. In a global economy where collaboration is a crucial competitive differentiator, a patchwork of applications and access may result in a firewall that extinguishes innovation rather than eliminates risk.
That’s why it’s imperative that we rethink and transform our network security models. We must transition to a model that emphasizes fast, flexible communication.
Legacy security: a dangerous risk?
Over the last decade, network security featured rigid perimeters around networks with hardened access points, not unlike a candy-coated nut. That shell of protection has morphed into a highly rigid, ossified system—a wildly disintegrated set of security technologies. It’s a cumbersome patchwork of network access controls, outbound proxies, data loss prevention measures, and anti-virus protection.
The result? Locked-down communications, restricted collaboration, and a host of security vulnerabilities. In fact, it’s often easier to subvert security mechanisms in this legacy environment than it is to effectively communicate. Due to the nature of collaboration, we end up exposing more of our network and sensitive data than is necessary. It becomes difficult to let users in without that happening.
How can we innovate beyond these legacy security models and their inherent limitations while sharpening our competitiveness? We must realize that the security risk has shifted from external to internal threats: Your users are your most significant security vulnerability. Second, we must take a step back and determine what we really care about. The network environment isn’t really our primary concern. It’s the confidentiality, integrity, and availability of data and services.
The current competitive landscape integrates trusted and untrusted resources within a common trusted security domain. To adapt, security models must shift focus from infrastructure—the network—to data and identity, i.e. privilege.
Protecting data, not the network
“Where I am and where I want to go,” must shift to “who I am and what I want to do.” Access point protection shifts to user privilege based on what subnet each user is on. Here’s how:
- Get users off the network. To maximize collaboration, we must begin to move users to an Internet persona, which allows productivity.
- Wrap the campus and user environment in a loose perimeter of thin security layers. We dispense with attempts to encapsulate networks and access points with rigid security controls.
- Secure information assets. Strong data perimeters should include custody, mitigation, intrusion prevention, and denial of service.
- Assign privilege. Workers are borderless and collaboration may even include competitors.
The resulting model features a thin perimeter around your user community that resides on the Internet. Data centers and applications are exposed and connected to the public network, secured via encrypted tunnels. Your employees and sites are linked and serviced by Internet connections. The public network provides security services such as anti-virus, data leakage prevention, and application optimization. At the same time, strong security perimeters are contracted back around your data.
This is the new wave in network security and flexibility. The associated challenges hinge on how we establish and assign identity to users. Managing identity and privilege will require significant investment. But the result will yield far more competitive value when innovation isn’t locked down.
Learn more on how to begin the journey to your secure enterprise.
Join the discussion. Innovation INSIGHT is where Enterprise Innovators connect. Sign up at our LinkedIn discussion group or watch the webcast replay as HP Distinguished Technologist Bryan Stiekes presents “Enterprise Security and the Waves of Disruption: It’s Surf or Sink.” Check out parts 1 and 3 of the series on security: Surf or sink during IT's biggest challenge in 20 years and 3 ways to safeguard against employee sabotage.