Where did my network perimeter go? Five steps to ensure persistent security.

Having a strong perimeter for protection has been a core security strategy for centuries, and it’s still the basic foundation for network security today. Enterprises traditionally focus most of their security efforts on stopping unauthorized access and threats at the network border, to protect the applications and sensitive data within.

However, that network border is no longer a solid defensive barrier. It’s getting increasingly stretched and fragmented as organizations migrate their applications and infrastructure to the cloud. In its 2017 State of the Hybrid Cloud report, Microsoft found that 63% of enterprises are already using hybrid cloud environments.

The result is that gaps are appearing in perimeter defenses, which can be exploited by hackers or malware to steal information and IP. The data breach at credit reference agency Equifax, which exposed the records of 143 million U.S. customers in September 2017, was caused by hackers exploiting a simple vulnerability in a web application. That same month, Verizon, Time Warner Cable and Deloitte all suffered breaches from poorly configured Amazon S3 buckets.

These issues are forcing enterprises to rethink their approaches to data security. They’re starting to focus less on perimeter defenses, and more on identifying unusual user or network behavior which may be an early sign of a potential breach or attack. Another driver behind this rethink is the EU General Data Protection Regulation (GDPR), which comes into effect on 25th May 2018.

GDPR will force organizations to take greater responsibility over how they secure the personal data they hold, or risk significant penalties if they have a breach. Yet a recent analysis by Forrester found that only 25 percent of organizations are currently GDPR compliant, while just 22 percent expect to be compliant by the end of 2018.

Given the need to urgently address these challenges, what actions should enterprises take? Security Week recently published our article describing how organizations can rethink their security strategies to resolve these issues before they get out of control. Here’s a recap of the five key steps it describes:

1. Assign roles specific to new threats
Data security is a priority, so don’t spread responsibility for it across your IT department or add it to an existing manager’s workload. Putting a single person or team in charge ensures that it will get the attention it needs.

2. Audit data and infrastructure immediately
Enterprises need to know exactly what data they are dealing with, what policies need to be attached to each type of data, who has access to that data, and where workloads accessing critical data are running. This requires in-depth visibility across the entire enterprise network environment. It is also important to document data capture methods for compliance. An initial audit, and ongoing asset discovery is essential to identify what is vulnerable and where, so action can be taken to close the gaps.

3. Create baselines
Once the enterprise understands its data profiles, and who should have access to which type of data, this can be turned in to baselines of expected, normal behavior.

4. Monitor for abnormalities
Enterprises then need to monitor user and network behavior against these baselines to identify anomalies which could signal a potential breach. Examples are a user downloading terabytes of data, or an employee with marketing credentials accessing server logs.

5. Ensure security data is also secured
Enterprise security teams also need to secure their own processes. Personally-identifiable information (PII), included in everything from vlogs to personnel data, needs to be secured through data masking to ensure security itself is not the weak link.

In conclusion, security strategies focused solely on perimeter defenses are no longer capable of protecting sensitive data against theft and inadvertent leakage in today’s complex IT environments. Organizations need to be able to quickly identify threats and vulnerabilities inside their networks, to keep PII safe. After all, if they can’t see what’s happening, they have no control over it.

limit
3