Security in the brave new world of Cloud, Mobile and Social

I have been reading about disruptive technology for quite some time and always wondered why is everyone calling it disruptive? It is just another chapter added to the IT evolution story, isn’t it! However, the recent experience made me believe, it is disruptive!

This article is to share one such experience where established corporate practices have been challenged and it is none other than the network boundary, - the first layer of defense for the corporate IT infrastructure. Now this defense is evaporating and corporate data is flowing in-and-out of it! Corporate data which was locked behind firewall and accessible over the Intranet with company provided laptop/desktop is gradually flowing through the Internet to non-corporate owned devices (BYOD)! Enterprise IT resources which were accessible only to the company intranet are now accessed through the cloud deployed SaaS applications!

The network administrator who was closing every possible hole in the network is now drilling a new hole to support the disruptive transformation. These scenarios are a good indication of the evaporating company network boundaries! Given this situation, companies are puzzled with one common question - How to mitigate the risk emerged from disappearing network boundaries?

Answer lies in the pages of history, a well proven and repeatedly tested practice, i.e. apply the rules of an ancient kingdom and beef up the second layer of security i.e. Access Gateway. The access gateway which was considering all the network authorized users to be good, needed additional intelligence before permission is granted. This additional intelligence had to go beyond regular user id and password. Moving away from the Boolean response (Yes or No) to moderated access. An access granted to do a set of task based on the trust presented by this user.

However, in a situations where gateway collected trust does not meet the minimum trust requirement to access the requested resource and employee still has an immediate need to carry out company business. The immediate business need should be smartly dealt by access gateway solution using policy based access in the form of alternate trust. Access gateway should have the capability to challenge the user for additional credential such as temporary pin, biometric, soft/hard token etc. and meet the alternate trust required for accessing this resource.

To make the second layer of defense more robust, adding an analytics backed threat intelligence solution to access gateway is not a bad idea. Analytics enabled gateway would proactively identify threats and prevent the attacks before they occur.

While the intelligent gateway solution would mitigate the major risk from fading network defense, question remained open for the protection of the corporate data in user’s device or cloud deployed SaaS application. This challenge should be addressed by deploying strong encryption solutions and/or device management agents on the client side. The device management agent would help removing data upon device loss or user’s departure from company.