In ancient times, cities were often walled fortresses, with heavily guarded perimeters, and strangers were closely scrutinized before being allowed to pass through the gates. Likewise, in the ?old days? of computer networking, there were strict lines of demarcation between the internal network and everything outside. Firewalls sat on the network edge like sentinels protecting the borders from untrusted intruders. Users and computers on the inside were considered trustworthy by default.
Things change. Today, most cities are open, with many roads leading in and out and hundreds or thousands of people freely entering and exiting every day. And with the advent of ubiquitous mobile connectivity, virtualization technologies that blur the lines separating physical machines, and everything-as-a-service computing, the concept of an impenetrable perimeter that encompasses an entire organization is dissolving into the thin air of our increasingly cloudy infrastructures.
We?ve heard a lot of talk over the last few years about the disappearance of the network perimeter, but the edge isn?t gone ? it just moved. Security is becoming more focused on protecting the data, wherever it might be (on the endpoints, on network storage devices, or in the cloud). What do these changes mean for your business?
If you haven?t done so already, it may be time to reevaluate your entire security strategy. If you cut your IT teeth on the ?old school? methodologies, you might be feeling a little lost in this brave new networking world. But the new paradigm isn?t really as different as it seems. It?s just about moving your security inward.
In those walled cities of old, individual homes were far less protected than they are today. They didn?t necessarily have locks on the doors, and windows were mere cutouts that anyone could climb into. Today we?ve moved our perimeters inward, using fences, guard dogs, deadbolts and alarm systems to protect our own properties. This is akin to the host-based firewalls and anti-malware software that protect servers and clients. It?s still perimeter security, but the interior footprint is much smaller.
That?s not the extent of our inward-movement, though. When we have especially valuable assets, such as jewelry or cash, we lock them up in a safe so that even if a burglar manages to break into the house, he?ll have a hard time getting to those things we value most. The most valuable thing we have on our network is data ? the business?s trade secrets, employees? and clients? personal information, one-of-a-kind intellectual property that can?t be replicated. These most valuable assets should be the focus of your security strategy.
This is known as a data-centric approach to security, and it?s the new paradigm. We can put our data in a ?safe? by setting restrictive access permissions on files and folders. Then we move in even closer by using strong encryption so that security is built into the data itself. Even if attackers capture it, it will be unusable to them. We can encrypt entire volumes, folders or individual files.
Sometimes, though, we need to take our valuables out. Maybe we need to take the cash to the store to buy something, or we want to wear the jewelry to a party. Maybe we want to have the stamp collection appraised or cash in the bonds. When we go out in public with our most valuable valuables, we?ll probably take special care to prevent them from being lost or stolen. Maybe we?ll hide the 5 carat diamond necklace in an inner pocket during the cab ride and only put it on when we?re safely surrounded by friends inside a private banquet hall. If we?re transporting a truly large amount of cash, maybe we?ll hire an armed guard to escort us or handcuff the briefcase to our wrist. At the very least, we?ll keep the valuables out of sight and be extra vigilant and avoid going through high crime areas.
There are many ways to protect data when you have to take or send it out of its safe repository, too. You can use IPsec or SSL to protect transmissions, send only over wireless networks that use strong encryption, use rights management to prevent those with whom you share files or messages from copying, printing or forwarding them and so forth. New encryption techniques such as identity-based encryption and format-preserving encryption offer even more flexibility.
At this point, you might be saying, ?Wait a minute. That all sounds familiar.? Indeed, it should. If you?ve been doing things right, you already do some or all of this, as part of your defense-in-depth security strategy. While many of the protective technologies remain the same, the focus has shifted. In a world with no borders, it?s every bit of data for itself. And that data has become more difficult to secure, because it no longer resides nicely in one place, on a file server. Cloud storage, BYOD and the distributed processing model of big data make data discovery an all-important and necessary (but often overlooked) first step.
The elimination of borders means more freedom, but with freedom come new challenges ? especially on the security front. Welcome to the future.
Like our posts? Subscribe to our?RSS feed?or email feed (on the right hand side) now, and be the first to get them!
DEBRA LITTLEJOHN SHINDER is a technology consultant, trainer and writer who has authored a number of books on computer operating systems, networking, and client and server security over the last fourteen years. These include Scene of the Cybercrime: Computer Forensics Handbook, published by Syngress, and Computer Networking Essentials, published by Cisco Press. She is co-author, with her husband, Dr. Thomas Shinder, of the best-selling Configuring ISA Server 2000, Configuring ISA Server 2004, and ISA Server and Beyond. Deb has been a tech editor, developmental editor and contributor on over 20 additional books on networking and security subjects, as well as study guides for Microsoft's MCSE exams, CompTIA's Security+ exam and TruSecure?s ICSA certification. She formerly edited the Element K Inside Windows Server Security journal. She authored a weekly column for TechRepublic?s Windows blog, called Microsoft Insights and a monthly column on Cybercrime, and is a regular contributor to their Security blog, Smart Phones blog and other TR blogs. She is the lead author on Windowsecurity.com and ISAServer.org, and her articles have appeared in print magazines such as Windows IT Pro (formerly Windows & .NET) Magazine. She has authored training material, corporate whitepapers, marketing material, webinars and product documentation for Microsoft Corporation, Intel, Hewlett-Packard, DigitalThink, GFI Software, Sunbelt Software, CNET and other technology companies. Deb specializes in security issues, cybercrime/computer forensics and Microsoft server products; she has been awarded Microsoft?s Most Valuable Professional (MVP) status in Enterprise Security for eight years in a row. A former police officer and police academy instructor, she has taught many courses at Eastfield College in Mesquite, TX and sits on the board of the Criminal Justice Training Center there. She is a fourth generation Texan and lives and works in the Dallas-Fort Worth area.
?Michelle Knight Saul Bass Jeanne Cooper Jody Arias mothers day gifts kim kardashian jaycee dugard
No comments:
Post a Comment