×

STAY TUNED


A SECURITY REVOLUTION
FOR YOUR CLOUD & DATA CENTER.


JUNE 11TH

Coming June 11th
 
 

Can Network Security be both Transparent and Effective?

The rapid adoption of smart technology in the consumer space over the last 10+ years has shined a light on user experience and design. Starting with the introduction of the first iPhone in mid-2007, Apple put the consumer first and security...well, somewhere down the line. It wasn’t the device’s awesome security controls that made the iPhone a tour de force. It was all the neat things it allowed consumers to do. At that time, security professionals warned people at every turn about the insecurity of mobile devices. Their best recommendation: keep consumer-grade devices off the network. Today, not only would that advice be laughed out the door, but the current iPhone, for instance, has stronger security than many corporate networks.

How did Apple build the gold standard of security while allowing consumers anytime access to their favorite apps in such a short timeframe? Network security has been evolving over the past 30 years and has not achieved the same level of seamless effectiveness. The answer lies in the fact that the company quickly learned that building security into the design of the phone allowed them to create secure devices that didn’t focus on security. The primary goal was and remains usability. Security has to be part of the fabric of the phone so that it can scale as new technology is developed and as users demand the ability to transact with sensitive data on the phones at any time, from anywhere.

The evolution of network security

In contrast, enterprise architectures have grown in a patchwork-like fashion, starting with the internal network and expanding out through partners, clouds, containers, and even IoT for the enterprise. In the network sprawl, security has struggled to keep up, often getting left behind as new technologies and connections are created. Business demands and the storied tensions between network and security professionals have resulted in security not being “baked in” to corporate network architectures. As networks expand, security teams struggle to bolt security control on to systems and tools. This frequently results in incompatibilities or delays in deployment, none of which is attractive to business leaders who are focused on the bottom line. In many ways, traditional security is antithetical to speed and efficiency — i.e., business drivers. Taking a cue from consumer device manufacturers, though, network security teams can modernize protection.

The key? Focus on usability and customer experience. I’m not talking about how much fun a security tool is to use, but security needs to be designed for how people and networks work today. Deploying and managing security must be straightforward and expeditious, and it certainly can’t disrupt enterprise services or applications in use.

The future of network security

Short of tearing down then re-architecting the entire network, organizations need security tools that fit into their frameworks and demonstrably improve protection without costing a fortune, taxing employees, and taking years to complete. To accomplish this feat, security practitioners should look for security solutions that include the following four attributes:


Subscribe to our newsletter:


Automation

Today’s networks are too vast and complex to require manual maintenance and tuning — they haven’t been designed in a user-friendly way. From automated asset discovery to policy recommendations, security professionals need to adopt automation tools that incorporate an element of machine learning. This will ensure that systems and controls adapt over time without adding a management burden.

Platform-agnostic control

Companies no longer run on one type of network; the majority operate hybrid networks, with the balance starting to tip on favor of cloud and container environments. Unfortunately, most security tools don’t work ubiquitously across these environments and can’t readily adapt to the ephemeral nature of clouds or containers. But that’s starting to change. Security professionals should implement controls that are data- or application-centric instead of ones that rely on network constructs to function. Because networks will continue to evolve, network constructs can’t be the foundation upon which network security relies — doing so will only add frustration and complexity to security pros’ work days (and nights).

Continuous and adaptive authentication

Per the point above, since today’s networks are not static and today’s workforces are increasingly mobile, security cannot be a point-in-time or geography-based decision. Threats can be network-borne and employees/contractors can work from anywhere, therefore effective security control must be iterative and adaptive to change. Authentication mechanisms for system requests (vs. people or devices) should be based on the cryptographic identity of what’s communicating on the network (i.e., hosts, applications, services) and how, not the mechanism by which it’s communicating (e.g., IP address or port). Doing so lessens the requirement of security teams to constantly update access control lists and individual permissions.

Centralized policies

One major hurdle in managing the entirety of companies’ corporate networks is oversight of multiple, disparate sets of policies and outputs. Utopia for most security professionals is one tool that can work effectively across hybrid networks and can be managed from a central console. Traditional security tools are too tied to the network environment to provide this capability, but tools like Edgewise are environment-agnostic. This gives security teams greater control of the network yet decreased manual intervention, complexity, and aggravation.

 

Katherine Teitler, Director of Content

Written by Katherine Teitler, Director of Content

Katherine Teitler leads content strategy and development for Edgewise Networks. In her role as Director of Content she is a storyteller; a translator; and liaison between sales, marketing, and the customer. Prior to Edgewise, Katherine was the Director of Content for MISTI, a global training and events company, where she was in charge of digital content strategy and programming for the company's cybersecurity events, and the Director of Content at IANS, where she built, managed, and contributed to the company's research portal.