4 min read
When it comes to cyber security, perimeter security is often the first line of defense for many organizations. This can involve the use of firewalls and intrusion prevention systems (IPS) to keep malicious activity outside of a network. However, as IT environments become increasingly more complex, distributed, and dynamic, perimeter security is no longer enough to prevent data breaches and other forms of attack.
The Shift Away from Perimeter Security
As you probably know, during the coronavirus pandemic, many employees were forced to work from home. This meant that they were accessing their company’s network from a wide range of unsecured locations, using their own devices.
As a result, companies had to make rapid changes to the way their networks were accessed and the security measures in place to protect their critical assets. To start with, many companies were asking their employees to use a Virtual Private Network (VPN) when connecting to their networks remotely, which provides an encrypted communication channel between the employee and the company network.
While it is true that VPNs can help to prevent adversaries from intercepting and exploiting communication channels, they too conform to the moat-castle security paradigm. After all, how can we be sure that an attacker doesn’t already have access to our network? If they do, then a VPN might actually make the situation worse, as the lack of detailed information about who is connecting to our network, and from where will make it harder to differentiate between legitimate and illegitimate access.
One could argue that the shift towards a more distributed working environment would have happened regardless of the health crisis. For example, even before COVID-19, many companies were adopting cloud-based services, such as Amazon Web Services (AWS), Google Cloud Platform (GCP), Microsoft Azure, and more. This is not surprising given the many benefits that cloud platforms provide, such as; high availability, flexibility, scalability, strong security, cost-effectiveness, and so on. Regardless of the why’s and hows, companies are shifting away from the traditional moat-castle approach to cyber-security, to one that is more user and data-centric.
How Can Companies Secure Their Data in a Distributed Environment?
As mentioned, companies need to change their security strategy to one that focuses more on the data, and users that interact with the data. They should start by implementing a strong security policy that determines how sensitive data is handled.
They will also need to utilize secure cloud storage solutions, encrypt sensitive data, take regular backups, and use multi-factor authentication for accessing online systems and data.
They should also ensure that all remote employees have access to the latest security software and antivirus protection and that all devices are properly secured.
Shifting To a Zero-Trust Security Model
In addition to the above, companies should consider adopting the zero-trust security model, which is designed to prevent malicious actors from gaining access to a system or network by bypassing traditional security measures. Zero-trust security is an approach to cybersecurity that assumes all users, devices, and networks are not to be trusted by default.
This means that even if a user has access to a network or system, they must still be authenticated and authorized before they can access any critical resources. Zero-trust relies on the Principle of Least Privilege (PoLP), which stipulates that users should only be granted access to the data they need to perform their role.
Monitoring access to sensitive data is also an important part of the zero-trust strategy, which is explained in more detail below.
Monitoring Access to Sensitive Data
Monitoring access to sensitive data is a crucial activity in a distributed IT environment as it provides visibility into who is accessing the data, what type of data is being accessed, and when the data is being accessed. This visibility helps to prevent unauthorized access to sensitive data, as well as detect and respond to other suspicious user activities. Most sophisticated data security solutions use machine learning models to identify anomalous user behavior and will send real-time alerts to your inbox or mobile app when detected. They can also detect and respond to events that match a pre-defined threshold condition.
In conclusion, while perimeter security can provide an initial layer of protection, it is no longer enough to fully protect an organization from the constantly evolving cyber threats present today. Organizations need to adopt a comprehensive security strategy that includes a mix of security tools and technologies along with regular training and awareness programs. Doing so will ensure that organizations remain secure and protected against targeted attacks, mobile threats, and software vulnerabilities.
If you’d like to see how the Lepide Data Security Platform can help to keep your accounts and data secure, schedule a demo with one of our engineers or start your free trial today.
Top 10 Most Important Group Policy Settings for Preventing Security Breaches
15 Common Types of Cyber Attacks and How to Mitigate Them
Common Causes of Frequent Active Directory Account Lockouts