Expanding security beyond the virtual machine: security in the age of cloud and BYOD
It's no secret that organisations have been slow to warm up to the idea of cloud - and with good reason. Where digital data security was once as simple and straightforward as ring-fencing a network perimeter with a single physical gateway to control access, the cloud has changed everything. Businesses' precious data is now very rarely confined to its own secure data centre. In the cloud, it is both nowhere and everywhere - a worrying thought for many IT managers.
Facing up to security challenges is the price of admission if businesses want to remain relevant in a digital landscape. This means that driving digital goals forward with the resources and tools the cloud has to offer must come at the expense of a little extra time and effort spent preventing and planning for security issues such as data loss, hacking and malware. Shiraaz Singh, Aptronics Networking Solutions Specialist gives his thoughts on security in the age of cloud and BYOD:
The shifting goal-posts of digital vulnerability
Ransomware in particular is giving many IT professionals sleepless nights, and yet this is absolutely correctable through careful infrastructure design and the implementation of security measures that are able to stop a virus or malware from proliferating through the network. The dissolution of physical perimeters through cloud technology means that digital boundaries must take the brunt of cyberattacks, and adequate preparation is all about identifying and understanding the weak spots of each individual organisation.
With application mobility, and many companies using third-party services such as Dropbox to share information and collaborate, visibility becomes absolutely essential. Businesses need to ensure they know exactly where their data is, and who has access to it.
Adding mobility to the mix
BYOD and the rise of the mobile workforce has many advantages for both employees and businesses alike, but unfortunately, security is not one of them. With the ability to access data from any place, at any time and on any device, the number of vulnerable endpoints increases exponentially. Again, visibility is the most important aspect of keeping data safe in such a fluid environment. The devices themselves also need to be secured. In the event of loss or theft, it would be wise for businesses to plan ahead, ensuring the ability to remotely wipe any device that is reported missing or in breach.
To caution - too much security has the potential to affect employees' user experience, so much so that they may resort to Shadow IT, using unauthorised apps and unsecured software in order to get their work done at all.
Micro segmentation: network perimeters at the micro level
Micro Segmentation is another modern weapon against the vulnerabilities that mobility presents. In the era of BYOD, merging the needs of the enterprise with the demands of its users is a delicate balancing act. Using workspace technology on mobile devices makes it that much easier. Installable apps are used to create "containers" on employees' personal devices, so that organisations can provide a secure and controllable environment for them to work on. Unlike intrusive mobile device management solutions that take control of the entire device, containerisation is uniquely suited to BYOD environments, because it segregates (and protects) company data without interfering with personal data on the same device.
This gives IT admins the ability to aggregate all devices, applications and services and deliver them in an encrypted, policy-aligned container within personal devices. IT policy and management extend only to the container's contents, which reside in complete isolation from the rest of the device. If a device is lost, stolen or compromised, IT can wipe company-specific applications and data without disturbing personal assets.
Completing the circle would be security solutions that employ virtual, micro-segmented perimeters around workloads and services that are policy-based rather than rule-based. Such solutions have the ability to move with the service or workload. An absolutely vital point to consider if a business is in any way thinking or exploring cloud based services.
The bottom line
Businesses like yours are under constant pressure to exceed expectations, harness trends, and turn them into opportunities for innovation and growth. But making full use of the powerful resources that the cloud places at your organisation's doorstep can only happen when every security risk has been mitigated, and planned for. Security considerations must be based on the specific needs and vulnerabilities of businesses on an individual basis - and this is the price any organisation must pay for taking advantage of the cloud and its unprecedented agility, cost-savings and convenience of as-a-service operation models.
The tools that served IT so well in the age of the data centre will simply not hold up in the cloud. It's time for security and compliance to be disrupted as well.