The concept of the “digital perimeter,” or the boundary between internal systems or information and the outside world, has changed dramatically. Between 1990 and 2010, the focus was on protecting a well-defined perimeter by building “bigger walls” to keep the bad guys out. However, this approach is no longer appropriate because mobility, the cloud and constant remote access to internal systems have rendered the old concept of a true perimeter obsolete.
Rethinking perimeter security is essential to building a new cybersecurity strategy that will work now and in the future. The starting point is to recognize the need to treat all mobile devices and users as if they were truly outside the firewall. This approach assumes that the Internet is the perimeter. The focus moves from building a wall or fence to securing applications and content. This approach allows IT and the security team to build application-specific protection and usage standards, ones based on the specific policies that are best aligned to the application and the information contained within it. This also simplifies the problem, since developing security for specific applications is a finite problem, whereas trying to secure all the permutations of devices, connection types and locations that are common across your entire employee group is unending.
The constantly expanding number of ways that users connect with internal systems has rendered the old approach of deploying static access policies unusable. Simply put, as users change locations constantly, use different access scenarios depending on available networks, and work from multiple devices, there is no way to create the foundation for static access management. A dynamic approach that looks past all of these variables to the application and the context in which that application is being used is the only way forward. By focusing on context-aware security policies that utilize location, IP address and other known aspects of the session, the ability to clearly see if a particular session is outside of normal “context” delivers a powerful foundation for identifying threats and supporting next-generation security.
This context-aware approach embraces the dynamism common in a digital business. The first step in updating the security strategy is to put more attention on the development of analytics and behavior for individual users. This information not only provides a baseline set of data on what a “normal” session looks like, but it is also used to ensure that the policies for each user are dynamic and don’t set off false alarms for such common scenarios as the user getting a new device or buying new home networking hardware with a different IP address.
The analytics should also track access to applications and websites to identify activities that are outside normal bounds. This ensures not only that external threats are identified and remediated, but also that any internal threats become apparent based on substantial changes in an individual’s usage patterns. This is a huge advantage for stopping data exfiltration and can be used to improve the efficiency of DLP tools.
The time has come to take the next step and focus on a holistic approach to security that is dynamic, based on intelligence gained from analytics that considers how applications are used by individuals. This makes it possible to protect the organization against increasingly sophisticated attacks, both now and in the future. Because attackers have changed their tactics and created new and complex threats, new cybersecurity strategies are necessary to protect the organization from these threats.