Current Filter: >>>>>>

   

Authorising only those that you know and trust with network access must be the most fundamental principle of network security. Reinforcing this with other measures, such as rule-based access to network resources, then starts to create a very specific and granular model for letting individuals gain access to the network and its extensive resources.

----------------------------------------------------

C is for Context. Networks are no longer simply defined as local or wide area: their nature has changed and because of this, authentication and authorisation alone are no longer enough. Among some of the biggest headline making breaches that we see on a regular, even monotonous basis, provide us with evidence of networks that were operating with some of the strongest authorisation rules in the world being eventually compromised by hackers, who all too often gained entry using the credentials of a privileged user account.

Jason Garbis, who is VP of Products at Cryptzone points out that "It can no longer be assumed that users are who they claim to be without additional safeguards being applied. Being able to systematically check a range of contextual variables, such as IP address, security posture, time of day, location and role, will help to ensure access can be granted according to the perceived risks associated with each highly specific scenario. In this way the risk of unauthorised access is greatly reduced."

While the logic is faultless, it may be a challenge for a resource-stretched IT department to respond and put adequate measures in place. However, Garbis points out that, "The idea of creating and maintaining such complex firewall rules is unrealistic. But technology now exists that can create firewall rules on-the-fly, based on a user's identity and their context - it can open a secure segment-of-one that connects a single user to an individual application or service."

A segment-of-one where network access is limited to what is required and contextually correct, moves the discussion forward as it takes account of a range of contextual factors that can be used to better assess the risk. If something seems out of order then organisations can block access to a resources or initiate multi-factor authentication to verify that user's identity. But even at this stage, context can be applied to make certain that an authenticated user, even a system administrator, only has the access they need and is never granted completely open access. Garbis concludes, "Keeping applications and services that a user is not authorised to access fully hidden, helps to prevent intruders armed with stolen credentials from finding and exploiting valuable network assets. IT organisations must re-evaluate their network security models and move away from totally open networks to a more dynamic network access control approach."

----------------------------------------------------

C is for Cloud. Given its enormous growth and particularly its adoption by society at large, the so-called cloud is bringing with it much change. Like most things in IT, cloud computing may not be as new as you might think. Oscar Marquez, who is CTO at iSheriff points out that, "It has evolved through a number of marketing-led incarnations, including grid and utility computing, application service provision (ASP) and Software as a Service (SaaS). The concept of delivering computing resources through a global network is rooted in the sixties."

With little control over its arrival, some organisations have failed to thoroughly consider and apply adequate security to their cloud estate, but Marquez turns this on its head, believing that the cloud can be the medium to deliver security. He says that "When it comes to cloud security, data protection, ownership and security concerns still remain. But the relentless fear, uncertainty and doubt that is created by the day-after-day reporting of cyber-attacks and breach headlines, combined with modest budgets and shortage of skilled personnel, have seen SMEs increasingly embrace the cloud for their security services."

It doesn't seem that long ago that the Unified Threat Management (UTM) appliance offered the ultimate, an all-in-one solution for SMEs in a wave of SME security solutions. Marquez points out that, "The cloud now offers the same simple, integrated approach, but with better security in an easier to use form factor and requiring less support."

It may be that the migration from on-premise to the cloud for delivering network security will not happen overnight, but Marquez believes that it will play an increasingly important role in helping SMEs and larger organisations to mitigate their risks.

Because of the functionality offered by a modern, well designed, well managed and secure network, little consideration is given to network infrastructure. In an increasingly virtualised network environment, what might be considered the physical network is very often sidelined. But ultimately the virtualised estate requires something physical to run on, and depending on the agreed objectives of the network, this can be an oversight that could create operational risk.

----------------------------------------------------

Page   1  2  3