Increase of Network Endpoints & Security Breaches Drives Blend of On-Premises & Cloud Architectures
With reports about large-scale data breaches constantly in the news, most enterprises now understand that network security is one of the most mission-critical aspects of business.
The average data breach costs an enterprise $4 million, according to the Ponemon Institute. Executives and IT leaders alike know that money can be better spent elsewhere. They also are beginning to better understand the specific ramifications of data breaches, such as:
- Exposure of customers’ personal info, including credit card data, Social Security numbers & patient records
- Loss of IP and customer lists, leading to potential industrial espionage
- Loss of revenue or production
- Tarnished reputation & brand damage
- Loss of future profits from clients, vendors, or partners
- Legal costs & compliance violation fines
- Possible closure of the business
The risks are great, but not as vast as the potential benefits of leveraging new technologies, such as rampant IoT and cloud usage, amid the ongoing Digital Transformation. Thus, enterprises must find ways to fully embrace the increasingly technology-dependent business landscape while implementing the most comprehensive security plan they’ve ever needed.
Security Challenges of the Digital Transformation
The traditional way of securing your network is obsolete. In the past, your organization would have its own data center, along with many branch offices. From a network security perspective, those buildings were treated like mini-fortresses. Each fixed location had a dedicated security appliance and a private connection over MPLS to the data center.
This approach is untenable today because work is no longer a place where you go. Work is something you do — from anywhere. By 2020, 75 percent of all people will be working in a mobile way, according to a report by IDC. Work takes place in airplanes, hotels, customer locations, and just about anywhere else.
It used to be that about 80 percent of enterprise applications were in the data center. If information needed to go to the Internet, it was l routed through a VPN and the data center. However, problems began popping up. The rising volume of bandwidth-consuming traffic such as VoIP, video, and graphics began to clog the “pipes.” And the data center itself became more and more congested with resources that resided there.
The enterprise has been shifting toward cloud-based applications — Office 365, Salesforce, and many more. With 80 percent of enterprise traffic now going to cloud-based applications, the traditional model of routing all traffic through the data center is unrealistic.
Direct-to-Internet traffic — also known as Direct Internet Breakout (DIB) or Direct Internet Access (DIA) — has arisen as a viable alternative to a traditional MPLS setup. Cloud storage providers and lower-cost WAN links such as wired broadband and 4G LTE enable organizations to take much of their network traffic straight to the cloud — bypassing the data center altogether.
However, taking data directly to the Internet threatens security. Without a combination of on-premises and cloud-based security, bypassing the data center leaves enterprises too vulnerable to attacks and security mishaps from a wide variety of endpoints.
IoT Expansion & Evolving Attacks
Perhaps the toughest challenge for IT teams is IoT devices, partly because of how widely they vary. Some IoT deployments involve the IT department throughout the process, while others take place without being communicated. The latter could include badge readers by the facilities department, IP cameras from the security department, or customer devices such as beacons by the marketing department.
The struggle to secure these nontraditional, often disparate devices is real, especially considering the lack of anti-malware clients for IoT devices. By 2020, more than 25% of identified attacks in enterprises will involve IoT, according to Gartner.
The headlines have been filled with IoT-related security breaches, including the Mirai malware, which turned hundreds of thousands of Linux devices into botnets, and the Reaper botnet, which could be dangerous for years to come.
The development of standards in manufacturing and communication protocols is going to take awhile. In the meantime, enterprises need to address new, innovative security models.
Enterprises with many locations arguably are at the highest risk of security breaches — especially organizations with lots of small-footprint locations. These “locations” could be anything from city buses to kiosks and small offices. Even with hundreds or thousands of these to manage, many IT departments only employee a couple dozen people or fewer.
With such a lean IT team, it’s difficult to manage a widely distributed network, including employees with thousands of their own devices, with such a lean IT team. It’s easy for vulnerabilities to go unnoticed, and security updates are difficult to push out — especially if the enterprise doesn’t use a cloud management system.
Best Practices for Mitigating Risk
These constantly evolving security challenges that accompany the Digital Transformation call for a combination of approaches, including:
Educate end users — Often employees are the first ones to detect hacking attempts.
“Bring Your Own Network” — Require third parties to use their own network connectivity solution.
Parallel Network — Place non-mission-critical traffic on a physically separate network, preventing pivot attacks to particularly sensitive data such as credit card information.
Physically secure devices & networks — Some companies lock POS-connected devices in a cabinet. When PCI auditors, one of the first questions they ask is “What else is on the network that houses POS data?”
Security assessments — Enterprises are becoming more proactive by scheduling frequent simulated attacks to test employees and root out sophisticated phishing attacks.
Lock down router entry points
Cloud-based network management — Using a platform that allows remote management of distributed connectivity solutions enables easy, frequent, and instant security and firmware updates.
Security apps — Routing solutions that support cloud-based security applications — for web filtering, IPS/IDS, and more — give IT departments the flexibility to add additional layers of security as needed.
Blending On-Premises & Cloud Security
Many enterprises are applying these best practices and addressing their abundant network security challenges with a blended approach. Having on-premises IT staff and resources at every endpoint isn’t scalable and would be far too expensive. Cloud-managed all-in-one network connectivity solutions enable the immediacy of on-premises management with the simplicity and centralized control of the cloud.
Explore the benefits of combining on-prem and cloud-based security measures in our Scalable Enterprise Network Security white paper.