Perimeterless world: Networks are becoming less tied to physical locations
The enterprise perimeter is nearly extinct and the dramatic shift to remote work during the pandemic is accelerating its demise. Security needs rethinking in a world without perimeters, where identity and zero trust architectures will need to play increasingly important roles governing access management.
Drivers
The traditional firewall approach assumed that enterprises could establish a strong perimeter and then intrinsically trust everyone inside. Yet, even before the pandemic, cloud migration and the adoption of Software-as-a-Service (SaaS) applications were on the rise causing perimeter-based controls to become increasingly hard to maintain and scale. Many enterprises also had existing Bring Your Own Device (BYOD) programs and robust mobile-first initiatives that perimeter-based controls were never designed to protect. Remote-first work will remain with us in a post pandemic environment, with 72% of office workers indicating a desire to retain the flexibility to work remotely1. As such, the global workforce has become reliant on at-home WiFi networks, non-hardened work devices, and online collaboration tools. Without reliable connectivity, employees may not be getting the protection they need and their non-hardened devices can also pose a significant risk to enterprise network security. A more porous perimeter with less oversight is also naturally more susceptible to insider threats, malicious or unintentional. Organizations must quickly move beyond perimeter-based solutions to secure the growing number of applications and resources hosted in the cloud, available as a service, and on mobile systems.
Impact - With less and less behind the walls of the enterprise, companies can no longer take a fortress approach to defend against threat actors. Employees, vendors, contractors, and customers are all connecting to the network from everywhere. Security strategies need to evolve to support new ways of doing business that drive growth, productivity, and competitive advantage.
Solutions - Identity Access Management, Zero Trust, User Entity Behavior Analysis, Secure Access Server Edge (SASE), Software Defined Perimeter (SDP), Cloud Access Security Brokers (CASB).
Perspectives
Defender’s Perspective - The network as a decision maker has been outmoded, and has not been a particularly useful gating mechanism for some time. Instead, trust ought to be treated as a gradient and neither as a static nor binary state of being. With the evolution to zero trust, enterprises can reevaluate trust levels dynamically, so they can constantly reassess the extent to which to trust an identity. With an access management approach rooted in a perimeterless reality, security teams can make more nuanced decisions with inputs from the business about risk tolerance and acceptance. The shift from caring about "where" to "who" is the natural evolution of security that enterprises can choose to either lead or lag.” - Justin Berman, Former Head of Security, Dropbox.
Team8’s Attacker Perspective - In a perimeter-driven strategy, once attackers successfully infiltrate a perimeter, they can easily navigate laterally within a wide internal enterprise environment. While breaking through the perimeter is hard, moving within it is easier. On the downside, the death of the perimeter and the move to zero trust has theoretically exposed some internal crown jewels to the outside. The upside is that, in most cases, zero trust breaks the network into smaller fragments, removing much of the lateral movement options for an attacker.
In our next blog, we will cover Privacy & Digital Trust.
The views expressed in this blog are those of Team8, any reference to “we” should be considered the view of Team8 and not necessarily those of WisdomTree Europe.
Team8 is a global venture group with deep domain expertise that creates companies and invests in companies specializing in enterprise technology, cybersecurity, and fintech. Leveraging an in-house, multi-disciplinary team of company-builders integrated with a dedicated community of C-level executives and thought leaders, Team8's model is designed to outline big problems, ideate solutions, and help accelerate success through technology, market fit and talent acquisition. For further information, visit www.team8.vc.
Source
Related blogs
+ Introducing cybersecurity: the megatrend of the 2020s
+ Cloud security: A necessary component in digital transition planning
+ Security of Things: Dealing properly with the explosion of connected devices