How IT, Security Teams Can Protect the New Perimeter

eWEEK DATA POINTS RESOURCE PAGE: Enterprises ought to take note: The security perimeter has changed, big time.

Download the authoritative guide: The Ultimate Guide to IT Security Vendors

Identity.security.perimeter

It is time to readdress the security paradigm. As workplace technology continues to evolve into a SaaS-powered world, it’s the business users who wield control, often interacting with one asset that makes every organization tick: data. Unfortunately, the security focus isn’t on the user and their data interactions, and that is what gets organizations into the negative headlines.

Many of those incidents making headlines today likely could have been prevented if IT and security teams had better insight into the actions users are taking to get work done—what they’re doing inside SaaS apps, with whom they’re interacting and with what they’re interacting. These things include sharing files, forwarding emails, granting elevated privileges, exporting reports and collaborating with external people.

Go here to see eWEEK’s listing of Top Cloud Access Security Vendors.

If they had had the ability to receive alerts for massive confidential file downloads, or for files or groups that were public facing, they would have at least known this was happening. If they had had the ability to automatically remediate them, they could have probably avoided it altogether.

Enterprises ought to take note of this; the security perimeter has changed, big time. This eWEEK Data Point article uses industry information from David Politis, CEO and founder of BetterCloud.

Data Point No. 1: Control Is Shifting

The cloud has created an entirely new business environment, ushering in a new mode of operation. It provides lines of business with unparalleled opportunities to innovate, including the ability to introduce new offerings at a record pace. As such, entire business models for most organizations have grown heavily dependent on having seamless access to multiple PaaS, IaaS and SaaS services. Unfortunately, IT’s control has diminished as well. The dramatic and still ongoing shift to the cloud has created an environment where companies no longer have physical control over their own data. The result: Data management is a nightmare at best.

Data Point No. 2: There Is a New Status Quo

The current generation of professionals fully embraces the mantra of working from anywhere, at any time, using any device. And, understandably, it is changing how businesses operate. So much so that SaaS is the system of record now. SaaS allows organizations to stay competitive, collaborative and engaged. However, because devices and data are not hosted on-premises anymore, security efforts need to evolve in step.

IT needs to embrace an approach that takes into consideration that today’s user leverages an array of unmanaged devices—smartphones, mobile devices, tablets, Chromebooks, wearables, etc. And they do so from multiple locations outside the LAN. With the advent of SaaS, they expect to be able to start work on one device and pick it right back up on another, at any time, from anywhere. The traditional perimeter no longer works because the perimeter no longer exists.

Data Point No. 3: Hackers Are Evolving

Today’s hackers are far more advanced, with access to a growing number of tools and strategies. Naturally, this has a massive impact on the threat landscape—creating a host of new challenges for IT and security professionals. However, perhaps the biggest challenge to network security is lateral movement. Once attacks such as malware or ransomware, or hackers breach the network and find their way inside (e.g., through a successful phishing attack or address spoofing), they have free rein to move laterally.

The same goes for endpoints. Each endpoint connecting to the corporate network can access sensitive data and represents a potential point of ingress for attackers. Once a bad actor is inside corporate firewalls, they have unrestricted, uninspected access to valuable, sensitive business data. This kind of vulnerability essentially renders the traditional perimeter-based model ineffective.

Data Point No. 4: Threats Are No Longer Purely External

Research clearly shows that insider threats are a big part of the new reality. In fact, 91 percent of organizations feel vulnerable to insider threats, and unfortunately these internal attacks have a business-wide impact. As the C-suite assumes greater responsibility for cybersecurity and takes a more active role in shaping their company's security strategies, they may have a better understanding of this impact.

Data Point No. 5: IT Lacks Needed Visibility

Securing user access is a great first step. Yet, as hackers continue to evolve and find ways to masterfully circumvent authentication efforts, the thought of implicitly trusting users inside the perimeter is big mistake. The “castle and moat” approach assumes that everyone inside the perimeter is trusted. This is no longer true in the age of SaaS. Your users might have the best intentions, but the way SaaS apps are designed—for openness and collaboration—means that users could be doing dangerous things without ever knowing it. Or perhaps you do have malicious users who are conducting nefarious activities. Simply put, you need to know what your users are doing. You need visibility into their interactions. Without that, you have no way of knowing if data exposure or suspicious activity is occurring.

Data Point No. 6: Your Users and Data Are the New Perimeter

In today’s modern security landscape, the new perimeter is closest to the data assets you’re trying to protect, and that’s the user. To stop the security threat where it starts, you must start with monitoring all user interaction activity. You’re trying to prevent the exfiltration of your confidential business data, your trade secrets and intellectual property, your employee data, your customer data.

Because of your users, your data is living, breathing and constantly shifting. It’s time to start focusing who is accessing sensitive data, whether it’s accidental or malicious, and understanding what they’re doing. Are they accidentally sharing files publicly? Are they forwarding corporate email to a personal Gmail address? Are they sharing trade secrets with rival companies?

If you have a suggestion for an eWEEK Data Points article, email cpreimesberger@eweek.com.

Chris Preimesberger

Chris J. Preimesberger

Chris J. Preimesberger is Editor-in-Chief of eWEEK and responsible for all the publication's coverage. In his 15 years and more than 4,000 articles at eWEEK, he has distinguished himself in reporting...