2016년 1월 7일
The borderless enterprise is a model that, whether businesses like it or not, is here. It involves all of the disruptive technologies that have shaped the landscape of the corporate world over the past decade: SMAC (social, mobile, analytics, cloud). These technologies are spilling over the boundaries of the traditional enterprise data center. Users, IT assets, data, and applications are no longer confined within the restraints of the corporate network and IT infrastructure. It is pouring into the cloud and out into the street via mobile devices.
|Work, workers, data, and devices are no longer confined to your four walls. Cyber security in the era of the borderless enterprise needs to take cloud, social, and mobile into consideration.|
1. Securing the Borderless Enterprise is Different from Securing the Traditional Data Center
Obviously, this new environment means that the old methods and techniques for securing data no longer apply. To date, most enterprise network security has involved securing the perimeters: keeping intruders out. Since there is no longer any clearly defined "in" and "out", new strategies for security are required.
2. Know Where Your Assets Are
A surprising number of CIOs and IT managers aren't even sure what data their organizations own and where it's stored. With Shadow IT driving sensitive consumer and corporate into public cloud infrastructures, this is dangerous. Employees are also using unsecured email, social networking, and mobile devices to communicate sensitive information. It's time for the enterprise to identify what data they hold and construct sound policies and procedures for storing, communicating, and securing this data.
3. Security Tomorrow Requires a Multi-Pronged Approach
Since security is no longer a matter of protecting the perimeter (since the perimeter no longer exists), what does it look like? There are actually several proverbial 'lines in the sand' that enterprises need to draw. First, put security in place around the users. Secondly, put security in place to protect the data. Thirdly, secure the applications. Fourthly, secure the IT infrastructure. Finally, set up security for the IT assets (devices).
4. Cyber Security in the Borderless Enterprise will Require New Approaches
As you can see, there isn't one solution for all of these elements. Tomorrow's cyber security is much more likely to be a hybrid of numerous techniques rather than an "improved" version of any single technique. If you combine the strategies of network monitoring, applications monitoring, next-generation firewalls, antivirus and antimalware software, improved authentication methods, better encryption techniques, and incident response, you will likely see the earliest ancestor of future cyber security techniques.
5. What You Can Do Today
With a multi-pronged approach to security that factors in all of the various elements (users + applications + infrastructure + data + assets), you can protect your borderless enterprise until security catches up to the latest technologies and threats.
By nature, nothing about cyber security will ever be finalized. As soon as security specialists develop the ideal solution for securing users, applications, data, infrastructure, and devices, criminals will find ways to thwart their best efforts. Then the entire song and dance plays again -- security improvements, inevitable breaches, better security, and more successful hacking attempts. But that doesn't mean you can't do anything to protect your borderless enterprise today.
- Use solid network performance testing, application monitoring, and other techniques to identify a baseline of activity and determine when unusual activities could indicate a breach in any of the systems.
- Keep security software up to date and turned on. It's not uncommon for IT workers to turn off firewalls or disable antivirus software while troubleshooting software or the network and forget to enable it after they are done. Set policies and procedures to assure that these protective measures are active and up to date at all times.
- Hire the right security personnel. A surprising number of companies have no security specialist on staff, or employ "specialists" that are not adequately trained or experienced.
- Hire the right employees across the organization. It's also shocking how many data breaches are caused by either deliberate insider threats or accidental insider threats due to employees who aren't familiar with basic security practices. Hire the right people and empower them with the right training to keep themselves, their devices, their applications, and the entire network secure.
What else do you need to know about operating within a borderless enterprise? Find out today when you download The Borderless Enterprise Playbook. It's your free gift from NETSCOUT.