WHITEPAPER. How to secure your Post-perimeter world

Similar documents
Zero Trust with Okta: A Modern Approach to Secure Access from Anywhere. How Okta enables a Zero Trust solution for our customers

How your network can take on the cloud and win. Think beyond traditional networking toward a secure digital perimeter

AKAMAI CLOUD SECURITY SOLUTIONS

WHITE PAPER AIRWATCH SUPPORT FOR OFFICE 365

WHITEPAPER. Lookout Mobile Endpoint Security for App Risks

Getting Started with Zero Trust. Never trust, always verify. Okta Inc. 301 Brannan Street, Suite 300 San Francisco, CA 94107

Securing Your Enterprise in the Cloud. IT executives must be ready to move to the cloud safely

Zero Trust in Healthcare Centrify Corporations. All Rights Reserved.

Crash course in Azure Active Directory

Say Yes to BYOD How Fortinet Enables You to Protect Your Network from the Risk of Mobile Devices WHITE PAPER

Verizon Software Defined Perimeter (SDP).

Securing Your Most Sensitive Data

Preparing your network for the next wave of innovation

THE IDENTITY DEFINED SECURITY ALLIANCE

Security for an age of zero trust

GLOBALPROTECT. Key Usage Scenarios and Benefits. Remote Access VPN Provides secure access to internal and cloud-based business applications

Beyond Your Device. Control, Connect, Experience. BT GS Analyst and consultant call 2 July 2013

Secure Access for Microsoft Office 365 & SaaS Applications

2016 BITGLASS, INC. mobile. solution brief

Optimizing Pulse Secure Access Suite with Pulse Secure Virtual Application Delivery Controller solution

Introducing. Secure Access. for the Next Generation. Bram De Blander Sales Engineer

Cato Cloud. Software-defined and cloud-based secure enterprise network. Solution Brief

Software-Defined Secure Networks. Sergei Gotchev April 2016

3-Part Guide to Developing a BYOD Strategy

Paper. Delivering Strong Security in a Hyperconverged Data Center Environment

Google Identity Services for work

Google on BeyondCorp: Empowering employees with security for the cloud era

Five Essential Capabilities for Airtight Cloud Security

NEXT GENERATION SECURITY OPERATIONS CENTER

Best Practices in Securing a Multicloud World

How to Enable and Secure in the Next Stage of BYOD: Reap the Benefits of Bring Your Own Laptop

Next-Gen CASB. Patrick Koh Bitglass

2013 InterWorks, Page 1

Borderless security engineered for your elastic hybrid cloud. Kaspersky Hybrid Cloud Security. #truecybersecurity

Go mobile. Stay in control.

8 Must Have. Features for Risk-Based Vulnerability Management and More

Solution. Imagine... a New World of Authentication.

Encryption Vision & Strategy

Adaptacyjny dostęp do aplikacji wszędzie i z każdego urządzenia

The Etihad Journey to a Secure Cloud

Speaker Introduction Who Mate Barany, VMware Manuel Mazzolin, VMware Peter Schmitt, Deutsche Bahn Systel Why VMworld 2017 Understanding the modern sec

MOBILE SECURITY 2017 SPOTLIGHT REPORT. Information Security PRESENTED BY. Group Partner

Zero Trust on the Endpoint. Extending the Zero Trust Model from Network to Endpoint with Advanced Endpoint Protection

XenApp, XenDesktop and XenMobile Integration

Cisco Start. IT solutions designed to propel your business

Outnumbered, but not outsmarted A 2-step solution to protect IoT and mobile devices

The Essential Guide to Preparing Your Network for the Cloud. How to meet your network requirements at every step of your cloud transformation.

THREE-PART GUIDE TO DEVELOPING A BYOD STRATEGY WHITE PAPER FEBRUARY 2017

and indeed live most of our lives online. Whether we are enterprise users or endpoint consumers, our digital experiences are increasingly delivered

Privilege Security & Next-Generation Technology. Morey J. Haber Chief Technology Officer

Enterprise Mobility. BEYOND MDM: A MULTIDIMENSIONAL MOBILITY STRATEGY Why device-centric strategies no longer meet today s mobility needs

SD-WAN. The CIO s guide to. Why it s time for a new kind of network

BlackBerry Enterprise Identity

BETTER Mobile Threat Defense (BMTD)

Integrated Access Management Solutions. Access Televentures

EBOOK 4 TIPS FOR STRENGTHENING THE SECURITY OF YOUR VPN ACCESS

The Device Has Left the Building

SOLUTION BRIEF RSA NETWITNESS SUITE 3X THE IMPACT WITH YOUR EXISTING SECURITY TEAM

Cato Cloud. Solution Brief. Software-defined and Cloud-based Secure Enterprise Network NETWORK + SECURITY IS SIMPLE AGAIN

Q&A TAKING ENTERPRISE SECURITY TO THE NEXT LEVEL. An interview with John Summers, Enterprise VP and GM, Akamai

Integrating Okta and Preempt Detecting and Preventing Threats With Greater Visibility and Proactive Enforcement

THE CLOUD SECURITY CHALLENGE:

TREND MICRO SMART PROTECTION SUITES

Choosing the right two-factor authentication solution for healthcare

Next Generation Privilege Identity Management

Modern Database Architectures Demand Modern Data Security Measures

RSA NetWitness Suite Respond in Minutes, Not Months

WHITE PAPER AUTHENTICATION YOUR WAY SECURING ACCESS IN A CHANGING WORLD

RHM Presentation. Maas 360 Mobile device management

Optimizing your network for the cloud-first world

NETWORKING 3.0. Network Only Provably Cryptographically Identifiable Devices INSTANT OVERLAY NETWORKING. Remarkably Simple

The SD-WAN security guide

MITIGATE CYBER ATTACK RISK

TREND MICRO SMART PROTECTION SUITES

The security challenge in a mobile world

THE NEW COLLABORATIVE WORKFORCE. Enterprise Communications, Advanced.

Fundamental Shift: A LOOK INSIDE THE RISING ROLE OF IT IN PHYSICAL ACCESS CONTROL

A Mobile Security Checklist: The Top Ten Threats to Your Enterprise Today. White Paper

BEYOND AUTHENTICATION IDENTITY AND ACCESS MANAGEMENT FOR THE MODERN ENTERPRISE

IBM Future of Work Forum

Multi-Layered Security Framework for Metro-Scale Wi-Fi Networks

SOLUTION OVERVIEW THE ARUBA MOBILE FIRST ARCHITECTURE

FOR FINANCIAL SERVICES ORGANIZATIONS

Office 365 Buyers Guide: Best Practices for Securing Office 365

Delivering Integrated Cyber Defense for the Cloud Generation Darren Thomson

A Guide to Closing All Potential VDI Security Gaps

Securing Digital Transformation

HOLISTIC NETWORK PROTECTION: INNOVATIONS IN SOFTWARE DEFINED NETWORKS

10 KEY WAYS THE FINANCIAL SERVICES INDUSTRY CAN COMBAT CYBER THREATS

BYOD Business year of decision!

5 Trends That Will Impact Your IT Planning in Layered Security. Executive Brief

Achieving Digital Transformation: FOUR MUST-HAVES FOR A MODERN VIRTUALIZATION PLATFORM WHITE PAPER

Beyond Firewalls: The Future Of Network Security

Introducing KASPERSKY ENDPOINT SECURITY FOR BUSINESS

with Advanced Protection

How to Leverage Containers to Bolster Security and Performance While Moving to Google Cloud

Related Labs: Introduction to Universal Access and F5 SAML IDP (Self-paced)

Cisco Cloud Security. How to Protect Business to Support Digital Transformation

Run the business. Not the risks.

PrecisionAccess Trusted Access Control

Transcription:

How to secure your Post-perimeter world

WHAT IS THE POST-PERIMETER WORLD? In an increasingly cloud and mobile focused world, there are three key realities enterprises must consider in order to move forward in protecting corporate resources from leakage and attack: 1 2 3 The perimeter has disappeared. Legacy security technologies do not suffice. Devices cannot be trusted. As employees continue to use a mix of managed and unmanaged devices to access corporate resources, it sets up the need for a new security architecture: post-perimeter security. THE PROBLEM: Your perimeter has disappeared Work has fundamentally changed. Critical data has moved to the cloud and employees are able to access it from any network, wherever they are in the world. For example, employees don t often have to connect to a VPN in order to check their work email or view/download sensitive documents on the go. Attacks like phishing have also evolved to take advantage of the fact that existing perimeter protections no longer have visibility into user traffic. Corporate devices are personal now, as well. Social media and messaging apps create an environment where employees can be phished and corporate credentials stolen through personal activities. The reality is, enterprise data simply does not live there anymore. It s fluid, moving, and accessible. With this ecosystem shift, two new security necessities emerge: MOVE KEY SECURITY FUNCTIONS TO THE ENDPOINT POST- PERIMETER WORLD ESTABLISH A ZERO-TRUST ACCESS MODEL Enabling mobility and the ability to access data seamlessly is a great development for enterprise productivity, but it causes a serious challenge to security teams who rely on perimeter provisions such as firewalls and secure web gateways. 2

Move key security functions to the endpoint First, instead of stashing endpoints behind traditional perimeter security, or rely on VPNs to bring traffic into the perimeter, security itself must move to the endpoint. Security needs to be everywhere the data is accessed without impacting end user privacy. Establish a zero trust access model Even with security provisions on the endpoint, the enterprise should never assume the device is innocent until proven guilty. This new world demands that device health must be continuously checked in order to allow access to corporate data, again, without impacting end user privacy. THE NEW SECURITY ARCHITECTURE: Post-perimeter security In practice, this necessitates a new security architecture concept we call post-perimeter security. 1 At its core, postperimeter security is made up of three distinct, but connected puzzle pieces: Endpoint protection Access to cloud Identity and access management Assessing device risk using an endpoint protection solution is a crucial aspect of the post-perimeter security architecture. This protection provides continuous visibility into any threats or risks on the device. Only then can it be determined whether or not an employee device is healthy enough to authenticate and access corporate resources. Through this protection, policies can be enforced, in real time, based on an enterprise s specific risk tolerance. Protecting access to the corporate cloud, and the internet as a whole, without relying on perimeter defense is another crucial aspect of this architecture. To make this possible, some of those critical security functions must move to the endpoint. Monitoring for malicious links and websites and preventing employees from accessing dangerous content is a primary function that must move. These two aspects work together with an identity solution, such as an Single Sign-on (SSO) provider, to either allow an employee to authenticate and access corporate resources or be denied even the ability to authenticate. Once authenticated, the endpoint risk is continuously assessed, with access revoked any time a new risk is detected. In certain scenarios, access may be managed via an Enterprise Mobility Management (EMM) (e.g., for managed devices) or Mobile Application Management (MAM) (e.g., for managed applications). WHY THE WORLD IS MOVING TO POST-PERIMETER SECURITY Corporate data is increasingly hosted in the cloud, and at the same time is increasingly accessed by endpoints that are connected to networks beyond the control of IT - wide area cellular networks, and public WiFi. Corporate data no longer moves between a server and an endpoint on networks managed by IT. Instead a significant portion of enterprise data doesn t even enter or go thru the physical enterprise. Today s enterprise data must move across any network and be accessible on any device. Gartner predicts that 80% of worker tasks will take place on a mobile device by 2020. Gartner, Prepare for Unified Endpoint Management to Displace MDM and CMT June 2018 3

The rise of cloud-based productivity tools Today many core office productivity applications are consumed through a software as a service (SaaS) delivery model, backed by an identity and access management solution. No longer limited to a single device, the licensing model for SaaS apps are assigned to a user identity. This means that users can access these applications on any device, whether a laptop or mobile device, to best suit their needs, anytime, anywhere. The flipside of this, is that organizations can no longer depend on traditional approaches to security to control access and movement of corporate data. NEED FOR SOPHISTICATED MANAGEMENT AND CONTROL In the post-perimeter world, employees have greater control over the tools they use for work, and often leverage consumer tools in place of corporate apps and services assigned to them by IT, in the interest of productivity and user experience. The challenge for IT is to provide secure access to corporate data without getting in the way of the user. This is compounded by the rise of bring your own device (BYOD), which in most cases limits the ability of IT to impose control on the device itself. In addition to managing devices and applications where possible (e.g., using a mobile device management or a mobile application management solution, respectively), the focus must now include protecting access to corporate data using identity and SaaS application controls. Post-perimeter security builds on existing strategies Granting access to data automatically when a user or endpoint connects to a corporate network no longer works in a mobile and cloud world. This led to the development of the Zero Trust security framework by Forrester Research analyst Jon Kindervag in 2009 2. The goal of Zero Trust is to treat all endpoints connecting to enterprise data as untrusted, and instead focus on inspecting and logging all traffic to verify that users are doing the right thing. In 2011, Google created an enterprise security model, BeyondCorp 3. BeyondCorp began as an internal Google initiative to enable every employee to work from untrusted networks without the use of a VPN. Access requirements are organized into trust tiers representing levels of increasing sensitivity. With BeyondCorp, mobile devices are treated as first-class platforms that must have the same levels of access and ability to perform tasks. In 2017, Gartner s CARTA (Continuous Adaptive Risk and Trust Assessment) framework expanded on Zero Trust and BeyondCorp. According to Gartner, initial one-time block/ allow security assessments (e.g., during log in) for access and protection are flawed, leaving the enterprise open to zero-day and targeted attacks, credential theft, and insider threats 4. Key to the CARTA framework is that trust (and risk) of digital business entities and their actions must be dynamic, not static, and assessed continuously as interactions take place and additional context is gained. Building on these key tenets of modern security in a mobile and cloud-first world, post-perimeter security provides an architecture for enterprises to establish continuous conditional access to corporate resources based on the dynamic risk posed by untrusted endpoints and to add key protections for users, who are often the starting point for most cyber attacks. HOW TO MAKE POST-PERIMETER SECURITY A REALITY With apps, devices, and networks outside the reach of perimeter based security controls, adopting Zero Trust, BeyondCorp, and CARTA is now the goal for many IT organizations. For many organizations, making post-perimeter security a reality is about expanding and integrating existing services that are already in place. 4

What you need to get post-perimeter security Detection and remediation of risk across all endpoints FIXED ENDPOINT PROTECTION MOBILE THREAT DEFENSE CONTINUOUS CONDITIONAL ACCESS UNIFIED ENDPOINT MANAGEMENT ACCESS AND INFRASTRUCTURE IDENTITY AND ACCESS MANAGEMENT SOFTWARE AS A SERVICE Enforcement of risk controls for enterprise data Endpoint protection for all endpoints The role of endpoint protection is to continuously determine and establish the risk posed by user actions and devices, all of which are untrusted in this new architecture, such protection must span fixed and mobile devices as corporate applications are seamlessly accessed by users across devices. Furthermore, endpoint protection must integrate with access arbiters such as identity and access management solutions and/or the cloud-based applications themselves in order to take remedial action in the presence of unacceptable risk. In certain scenarios, remedial action may be achieved via integrations with controls provided by enterprise mobility management. Cloud security and productivity As reliance on cloud services and infrastructure grows, the need to provide secure access to hosted applications and data becomes paramount. Cloud security solutions provide independent access and breach protection for the hosted data and services, In addition, cloud service providers Access and breach protection for cloud security and productivity must integrate with identity and access management and endpoint protection in order to incorporate the potential risk associated with access requests. To protect users from malicious sites masquerading as corporate access, adequate provisions must be included in the endpoint itself. Identity and access management Identity has been recognized as the new perimeter and the foundation for granting access to corporate data. Identity platforms streamline access with capabilities like single sign-on, making it easier for users to work across multiple apps and services. While identity and access management vendors leverage key security capabilities like multi-factor authentication to protect access to cloud and on premises data, they must integrate with endpoint protection to continuous determine the risk posed by untrusted devices. Combining identity with endpoint protection allows organizations to provide continuous assessment of trust for both users and the devices. 5

THE POST-PERIMETER ALLIANCE The Post-perimeter Security Alliance includes leading enterprise vendors with a common vision to provide security and productivity for the modern, perimeter-less, clouddelivered, and privacy-focused world. Today, it is difficult to achieve end-to-end post-perimeter security from a one-stop shop. Instead, with integrated security capabilities across endpoint, cloud, and identity, this alliance delivers productivity enablement and protection for access to corporate data. Together, the solutions offered by the Post-perimeter Security Alliance provide continuous assessment of risk to corporate data, as well as remediation and controls in the presence of such risks. A cross-industry effort like the Post-Perimeter Security Alliance makes a lot of sense right now, and can help guide enterprises who want to implement a postperimeter architecture, but aren t sure how all the pieces fit together. Phil Hochmuth, Program Director, Enterprise Mobility at IDC Members of the Post-perimeter Security Alliance include mobile threat detection, endpoint protection, identity and access management, enterprise mobility management, and cloud-based productivity vendors. As market leaders in their respective markets, it s likely that an organization has one or more of these vendors already in their environment. Whether they know it or not, many organizations are well on their way to a post-perimeter security strategy. Learn more about how making post-perimeter security a reality within your organization here. 1 Putting the trust in zero trust: Post-perimeter security for a new age of work (2018, November 1) Retrieved from:https://www.lookout.com/info/lookout-post-perimeter-lp 2 Getting Started with Zero Trust: Never trust, always verify Retrieved from: https://drive.google.com/file/d/1y_bexoduiuar8m9wzxtqagv21t3vchor/view?ts=5c361c31 3 Barclay Osborn, Justin McWilliams, Betsy Beyer, and Max Saltonstall. (2016, Spring) BeyondCorp, Design to Deployment at Google Retrieved from:https://storage.googleapis.com/pub-tools-public-publication-data/pdf/44860.pdf 4 Gartner Seven Imperatives to Adopt a CARTA Strategic Approach (2018, April 10) Retrieved from [Subscription Required]: https://www.gartner.com/doc/3871363/seven-imperatives-adopt-carta-strategic 1-888-988-5795 lookout.com 2019 Lookout, Inc. LOOKOUT, the Lookout Shield Design, LOOKOUT with Shield Design, SCREAM, and SIGNAL FLARE are registered trademarks of Lookout, Inc. in the United States and other countries. EVERYTHING IS OK, LOOKOUT MOBILE SECURITY, and PROTECTED BY LOOKOUT, are registered trademarks of Lookout, Inc. in the United States. POWERED BY LOOKOUT is a trademark of Lookout, Inc. All other brand and product names are trademarks or registered trademarks of their respective holders. 20190318-Lookout-USv1.0 6

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback