Protecting the New Perimeter

Written by

Over the past couple of years, the hyper-growth in cloud applications and the explosion of mobile devices in the workplace have transformed work across organizations of all sizes.

Companies large and small are taking steps to enable employees, partners, contractors and even customers with the apps, devices and services they need to be productive. In fact, according to Gartner, of the £104 billion spent on enterprise application software in 2015, “the majority” went towards modernizing, replacing or extending existing business software using SaaS. Okta’s dataset supports this figure, showing that on average, businesses adopt between 10 and 16 off-the-shelf cloud applications, a number that has grown 33% year-over-year.

This increased uptake of the cloud and the rise of devices in the workplace certainly brings productivity benefits, but it also presents organizations with some challenges. With corporate employees now regularly using mobile devices to access company data stored in cloud applications, the traditional idea of the enterprise network boundary is vanishing. To support today’s mobile workforce organizations need to re-think how they define and secure their perimeter, without sacrificing user productivity. Using cloud technologies will enable companies to easily access data and effectively protect the business, without interfering with the performance of a mobile, connected workforce. The problem is that with data moving to the cloud, security teams are sometimes only able to see a fraction of user activity on the organization’s own internal systems. As a result, IT has to look beyond just securing the network and corporate owned devices, and instead focus on securing user identities.

Say Hello to the New Perimeter

Traditional security approaches have focused on establishing network perimeters and then architecting layers of firewalls, VPNs, IDS and DLP systems to segment and secure users and data. The rapid adoption of cloud and mobile technology is aggressively challenging this model. Applications exist outside of the firewall, passwords have become a liability, and IT no longer controls every device that accesses corporate data.

The new reality is that the network perimeter is defined by the user, and more specifically, by their identity. Securing this “Identity Perimeter” and managing identities’ access to applications has become a complicated calculus, and it is IT’s responsibility to secure information regardless of the device and user’s location. As a result, many companies – including MGM and Adobe – are focusing on maximizing the security of user identities, whether internal or external, and data rather than just devices and infrastructure.

Today, many organizations understand that by using contextual data about users, devices, and patterns of behavior, they can more accurately detect unauthorized attempts to access corporate information, and IT can better mitigate the risk from a security breach to more effectively protect the business.

A New Way of Thinking

As a first step, we need to move beyond the use of passwords towards greener, more secure pastures. Organizations are realizing that users – who tend to either use the same insecure password across all personal and professional channels, or leave passwords written on pieces of paper for all to see – are highly vulnerable to security threats. Consequently, a growing number of businesses are implementing multifactor authentication (MFA) to protect against the range of attacks that rely on stealing user credentials.

This highly secure authentication mechanism involves the use of two or more different types of authentication – something the user owns, something they know, or something they are – to ensure users are who they say they are, reducing the risk of unauthorized access.

With MFA in place, even if a user’s password is stolen, hackers are still unable to access their account without also spoofing the second factor. The more contextual the data is that an organization uses to authenticate a user, the more difficult it becomes for hackers to breach the perimeter.

Securing the Boundaries

In order to solve and secure sensitive information, it is also crucial that organizations understand who has access to applications and data, where they are accessing them from and what they are doing with them.

Managing identity with single sign-on (SSO) and provisioning provides businesses with a better way to secure and control access for a magnitude of more users, and to devices and applications that span traditional company and network boundaries. This approach enables IT to benefit from real-time updates and the flexibility to react to the organization’s ever-changing network, and automated user de-provisioning across all on-premises and all cloud-based applications gives IT the peace of mind that once an employee has left the company, the company’s data won’t leave with them. In other words, these solutions ensure all users adhere to data security guidelines, giving IT more control over the different applications, access points and user types that will be connected to its cloud systems.

Ultimately, recognizing the new perimeter and managing identities with SSO and provisioning will provide businesses with a better way to secure and control the magnitude of users, devices and applications that span traditional company and network boundaries. Not only can such technology enable businesses to quickly and securely adapt to the ever-changing environment, but it can provide a significant uplift to employee productivity by securing the need for access anywhere, anytime, from any device.

Listen to Okta talk about the importance of securing the identity perimeter and gathering deep insights into authentication activity in our webinar "Secure Your Places and People – Who’s Accessing You and from Where?" this Thursday at 6pm BST here

What’s hot on Infosecurity Magazine?