Cyber Security in the age of "No Perimeter"By Bill Dunnion
As digital transformation continues to reshape the business landscape, cyber security becomes an even greater challenge. After all, gone are the days when people simply sat within four walls of an organization, accessed files from a desktop computer, and when done for the day, left the office behind.
Now, as catchphrases such as “the office is anywhere” flood our airwaves, the promise of that anywhere environment may be exciting to many, conversely causing the stress levels of IT people everywhere to rise to an all-time high.
The issue in all of this is that the perimeter as it was once no longer exists. It has been systematically replaced with a plethora of mobile devices, Software-as-a-Service platforms, cloud sharing applications, unified communications systems, and so much more.
This list is far greater than the sum of its parts as it represents a world not only made up of devices and infrastructure, but also is made up of a world open to interpretation—one that allows people to connect through their own personal habits and desires, often far outside of what the organization considers appropriate.
For instance, in light of the recent global pandemic that has forced the majority of the knowledge-based economy to embrace a work-from-home (WFH) environment, the way people are connecting is often something of a mystery to the IT team. If people suddenly use platforms like Skype, Zoom, Dropbox, and so on, to streamline their now remote-based workflows, what was once a perimeter that could be shielded, now becomes a wide open plain primed for attack.
So, the question must be asked: How does an organization account for a mobile workforce armed with a world of digital transformation possibilities? The answer is simple: grant access to everything based on identity and need.
If we boil the entirety of the corporate environment down to the same things that the now antiquated perimeter used to protect, the baseline is the same—it’s all about systems and assets. For instance, whether a person is partaking in an in-person meeting within the office, or a group meeting through Microsoft Teams, the assets they need to access are the same. Therefore, the circumstances by which they are meeting is largely irrelevant (or at least as an example for this particular topic), what matters most is what access they have to assets and how that is controlled.
One of the most effective ways to close the door to cyber criminals is to follow the basics of Identity Access Management (IAM), which is a system that secures, stores, and manages user identities and access privileges. First, it protects your company by ensuring that users are who they say they are and, second, grants access only to those who have permission to access application resources.
The most common IAM practices are single sign-on (SSO), multi-factor authentication (MFA), and privileged access management—you can deploy these on-premise or in the cloud. Meanwhile, unauthorized users do not have access to sensitive corporate data which helps to safeguard the privacy and security of the organization and the individual.
These practices and more are obviously needed in the digital age. More so, in an age where organizations are now looking at the WFH exercise of 2020 to be a more permanent move, the need for IAM is now mission critical. In all, the perimeter is of little consequence: protect your people and data, and the rest will all fall into place.