Today, of the threats organisations face, cyber-attacks are the biggest challenge; DDoS, financial theft, ransomware and connection hijacking to name just a few. Unfortunately, cybercriminals want to access critical applications and steal hot ticket items such as propriety research, secret recipes, prototypes and confidential personal data to either extort money or even just to create havoc. There are also no signs of the relentless attacks slowing down; our 2017 Data Breach Investigations Report highlighted the increased use of ransomware, up a staggering 50 percent compared to last year. As a result, cybercrime must be confronted head on, or the business implications could be ruinous.
The changing face of security
Physical perimeter security solutions are traditionally used to protect against external threats to critical applications. However, the demands of new technologies have stretched perimeters to breaking point. To provide more capacity and flexibility so these new technologies can be used, most organisations now use virtual environments; placing business-critical systems in the public cloud for easier access. However, these put them way beyond their well-defined physical boundaries.
As companies have embraced digital technologies, they’ve opened up more opportunities for greater collaboration and productivity than ever before. Employees can have access to critical business information and systems remotely, partners and suppliers can collaborate from anywhere in the world and customers have anytime, anyplace connectivity via mobile and online applications. The world has never been so connected and businesses so agile. However, this new convenience has exposed security weaknesses; weaknesses that cybercriminals are only too happy to exploit.
To counter this vulnerability and improve upon traditional solutions, businesses can now implement security directly into the network layer to help protect against potential breaches of critical data. The adoption of Software Defined Networks (SDN) has made this possible, enabling organisations to embed security into the very foundations of the network, ensuring that it is never just an “add-on” or overlooked.
Protecting a moving perimeter by making its contents disappear
One way of stopping someone from stealing or attacking something is making it disappear. Creating a Software-Defined Perimeter (SDP) within the network layer enables a “non-discoverability” approach to enable secure access to devices and applications across a Public Cloud. This means that an organisation can automatically hide application resources and devices from would-be attackers. It also enables the ability to see the attacks in real time and provides businesses with the opportunity to secure critical resources and stop the attacks in their tracks.
The result is that the network and apps are like an exclusive private club where everyone wants to go. This new approach to network perimeter security serves as the bouncer, controlling who can get in and what they can do once they’re inside. It checks user IDs and devices at the network “door,” then “escorts” them inside for another level of approval/verification before they can join the “party” to use apps and resources. The result keeps assets within the network safe, and locks undesirables out.
The wise man built his perimeter on software?
Some organisations might question who SDP is aimed at, but in reality, any business can benefit from having this security system in place. One example would be a financial institution that is under a cyber-attack. Instead of customers being frozen out of their bank accounts, using an SDP will provide direct access via the bank’s apps whilst keeping them secure. By ring-fencing apps through a SDP, banks can provide continual safe access and non-disrupted transactions. In the meantime, the bank’s security/cyber-team will be watching the breach in real-time and working behind the scenes to stop it and minimise impact.
Another example would be a manufacturer that might want to protect secret blueprints or data that could cause the business damage if it was published. SDP would be used to hide this valuable information away from the rest of the world; accessed only by a few individuals with approved access rights. These are just a few of the examples, however an SDP approach really can benefit any type of business that needs to keep data secure or provide safe access to applications.
The stark reality is that cybercriminal activity is continuing to increase and instead of making propriety and business-critical information visible on the web via IP addresses that can be Googled and then infiltrated, companies need to take matters into their own hands and protect the assets they regard as most valuable. It’s no longer enough to rely on the security solutions that protected the rigid perimeters of the past. Businesses must move with technology; rethinking how security safeguards information in the digital world – making it invisible to the prying criminal eye but accessible to the trusted few who rely on accessing it. Implementing a Software-Defined-Perimeter can help make this a reality.