What IT and Security Should Be Asking Themselves in 2019

What IT And Security Should Be Asking Themselves In 2019.jpeg

By Don Boxley

IT and workforce digitization is not only changing businesses, but whole industries — virtually overnight. Think about how something as basic as how we buy groceries is already starting to morph now that Amazon owns Whole Foods.

This type of pressure for digital transformation of businesses in every arena continues to escalate in all directions — from competitors and customers to the C-suite. Whether you are in IT or are a business professional who is responsible for digitization and/or security strategies, you need to be able to think quickly and cohesively about your new priorities in a world of ongoing change.

While there are numerous variables that organizations must consider as they move towards digital transformation, perhaps the most essential consideration is data security. With more business than ever being conducted in the cloud and more third-party partners needing digital access to that data, failing to keep data security at the top of your business’s priority list could instantly become a fatal mistake.

In today’s cloud environment, one of the most critical data security concerns relates to strategic partner data access and sharing. Your organization’s security safeguards are only as strong as the weakest link in your vendor and partner ecosystem, so you may be inadvertently putting sensitive company data at risk every time you conduct digital business with a vendor that is granted access to your system.

For this reason, I offer up the following two questions you should ask this year:

2 Questions that Every IT and Business Professional Tasked with Digitization and/or Data Security to Ask Themselves:

1) What’s our security strategy for remote user/partner network access?

It would be redundant with the huge and ongoing media focus on data breaches to go into detail about hacks and cybercrime, but every industry acknowledges at this point in the game that these types of security threats are continuing to increase, with no sign of slowing.

There’s no excuse left for any business to avoid reviewing their strategy for managing remote user and partner access, since so many massive data breaches have been ultimately linked to a third party that compromised critical company information.

What’s most important here is being aware of some new realities. Many companies still use virtual private networks (VPNs) to create what they believe will be the securest of web connections — after all, security is the main reason that enterprises deploy VPNs in the first place, right? Well, that used to be correct.

In the pre-cloud world of virtual machines and physical servers, VPNs and other forms of traditional perimeter security like direct-link formats were a great choice. No longer. In our current cloud-based reality, companies require a security strategy that considers how business is done today, with multi-cloud and hybrid deployments now the norm with blended on-premises and cloud scenarios.

Every business’s new security strategy should start with “out with the old (VPN) and in with the new (SDP).”

SDP stands for software-defined perimeter, and it’s the most current and most secure networking software available today.

Its key advantage when it comes to allowing remote users and third-party vendors to access your system is that these partners can only access certain services that you define. 

2) How do we get every remote user off our network but still provide them access to business critical services?

Broken authentication and access controls are the most common ways for attackers to assume other users’ or partners’ identities and access unauthorized functionality and/or data. One way to resolve this is to get every remote user off your network. While this certainly eliminates a significant security attack surface, a digitally transformed business isn’t possible if your partners lose the ability to transact business digitally.

A better approach that addresses both security and business needs is to rely on an SDP solution. This allows you to successfully minimize the surface area exposed to lateral attacks while still allowing business as usual to occur in a digital space.

Now, here are the top two questions that likely were not asked last year:

2 Questions that I Advise You to Consider when Investing in New Technology Solutions:

1) Does the remote-access solution support application segmentation?

Modern remote-access solutions give network administrators the ability to segment by application, not by network. Allowing your partners system access at the level of the application rather than the network limits remote users only to fine-grained access to specific services, greatly reducing the chance of lateral network attacks — so be sure that your remote-access solution supports application-level segmentation.

2) Does the remote-access solution support a heterogeneous router environment?

If you’re still using a remote-access VPN, then I don’t have to tell you that they come with their share of configuration complexities. One way that VPNs have traditionally increased risk of a data compromise is by requiring dedicated routers — not to mention access control lists and firewall policies.

With this in mind, it is imperative that your solution for third-party remote access supports a heterogeneous router environment rather than just a single router. This will also help you avoid the strong possibility of finding yourself in a router vendor lock-in situation. With an SDP solution, you are able to shift operations from one cloud to another whenever you need to, avoiding the specter of vendor lock-in. To do this, your goal for 2019 should be to find a remote user access solution that scales across a multi-partner and hybrid cloud environment.

The cloud environment brings a new level of security concerns, particularly when it comes to partner data access. With that reality in mind, be sure to update your remote access solution accordingly, rather than crossing your fingers that your outdated pre-cloud technologies will protect your critical company information.

About Don Boxley

Don Boxley is a DH2i co-founder and CEO. Prior to DH2i, Boxley held senior marketing roles at Hewlett-Packard where he was instrumental in product, sales and marketing strategies that resulted in significant revenue growth in the scale-out NAS business.

More About Don