Companies must adapt their security approaches to survive

For the majority of organisations digital transformation is well underway, bringing innovation, efficiency, and data-driven decision making as a result. So far, so good. However, as organisations expand considerably through the cloud, the security risks facing their intellectual property and customer data increases as a result too. In fact, Akamai’s latest State of the Internet Security Report found that organisations were under increasing pressure from botnets looking to gain access to networks through credential abuse, with nearly 27 billion bot attacks between May and December 2018 alone.

Moving beyond the control

In the past, businesses would only be able to operate within their ‘own walls’, making protecting themselves a much more defined process. Security teams knew where everyone was, where they were accessing things from, and what they were using to do so. Think of it like the old-fashioned castle, with a moat acting as a firewall for the business. Here everyone is verified before the drawbridge is lowered, then once you’re in the castle you’re considered safe and trusted. So, with this approach, you’re either completely in, or shut out entirely from the network.

As more companies embrace the cloud, this perimeter security approach looks a bit shaky. Users and data are no longer in the same location and businesses are faced with employees accessing the company network beyond the perimeter they control. While this is good for employees to work where they want and how they want, moving beyond that perimeter makes them more susceptible targets to malicious hackers. This is made worse when you bring in freelancers or employees that want to use their own devices.

The reason is simple, even though employees have moved beyond the perimeter, by accessing the same applications as they would have from inside, they have stretched the perimeter and made it less secure. As they are still considered as trusted by the network and there is an increase in the number of devices gaining access to the network, this means that hackers have a greater attack surface to target. If hackers can compromise someone’s device, then they have a free shot into the network, where they can cause havoc. This can be through a phishing email or employees working remotely on unsecured Wi-Fi. Freelancers in particular can be vulnerable targets, and act as unwitting carriers, becoming compromised while connected to one company’s network and then introducing vulnerabilities to the next one they go to. Once inside, attackers can remain undetected for months and are able to extract huge amount of confidential and proprietary data.

Verify and never trust

In the age of the General Data Protection Regulation (GDPR), protecting customer data should be a business’ key concern – reputation, customer loyalty, and a business’ bottom line all hang in the balance otherwise. But with today’s flexible working environments, where corporate boundaries become harder to define, protecting customer data presents a challenge. Therefore, for businesses wanting to reap the true rewards of digital transformation a transition away from perimeter security is a necessary step.

This is where Zero Trust comes in; giving a clear methodology enabling businesses to ensure data is protected beyond the corporate boundary. Whereas the perimeter approach is ‘trust but verify’, a Zero Trust approach to security means businesses do not assume requests to access applications or data should be automatically trusted, no matter where, who or what device they come from. This requires every attempt to be authenticated before access can be granted. By doing so, should one application be compromised, the damage is limited and restricted with the rest of the network and applications isolated and protected. A good example of this would be if a remote worker who can only access a specific application is targeted, hackers would only be able to attack that app, rather than be able to see other machines and applications on the rest of the network that they could look to target.  

So as businesses focus on expanding their ability to create the perfect environment for their employees to thrive, they mustn’t forget the steps they need to take to protect themselves. With Zero Trust, businesses can rest easy knowing that everyone is empowered with the right tools they need, without putting the company at risk.

Share this

FROM SOCIAL MEDIA

As part of our #ConnectandProtect campaign month, Gareth Jones, VP of Intellectual Property at @benevolent_ai expla… https://t.co/KgToy71eOj
On Thursday 04 June, @BSG_Team launches its latest report "Moving to a fibre-enabled UK: International experiences… https://t.co/xJg61CEPIV
A better-connected system: Will apps change the way the #NHS operates? @CivicaUK's Steve Brain explores how the pan… https://t.co/Ofoc9cyBfK
At #COGX2020 #techUK will be chairing "The power of #supercomputing- How do we get the UK strategy right?" Hear fro… https://t.co/NUi7bsPxeG
Learn useful tips from @MicrosoftUK to help you stay motivated and avoid video conferencing fatigue whilst #WFH du… https://t.co/ic3YgCNhsX
If you operate in digital trade & tech exports, join us on 5 June to hear from UK Export Finance on their current b… https://t.co/n4SvBaZXzE
Our increasing reliance on digital platforms shows that, more than ever, it's time for an inclusive revolution.… https://t.co/uI3ZUkAspf
What's the business case for private network investment? Understand the trials and triumphs in deployments and the… https://t.co/6gxzdqnHfT
Did you know techUK were partnering with @cognition_x at #CogX2020 to run five panels as part of the Next Gen Infra… https://t.co/2KAv3asmMZ
techUK Cyber's Zero Trust Working Group launches tomorrow. If you'd like to be part of the discussion on all things… https://t.co/7p4kEGLZQC
Become a Member
×

Become a techUK Member

By becoming a techUK member we will help you grow through:

Click here to learn more...