Data security: Rethinking the perimeter

Business computing is happening everywhere, at our desks, at home, on mobile devices, in watches and cars, and work is transforming rapidly because of it.

According to Harvard Business Review, “just about every individual, company and sector of the economy now has access to digital technologies - there are hardly any ‘have nots’ anymore.” And Okta’s recent report shows that on average, businesses adopt between 10 and 16 off-the-shelf cloud applications, a number that has grown 33 per cent year-over-year.

This means organisations — regardless of size, industry and location — are taking steps to enable employees, partners, contractors and even customers with the apps, devices and services they need to be productive, while also securing increasingly mobile workforces.

Nonetheless, while cloud technologies are enabling employees to be increasingly productive, they also bring a series of challenges. With more and more employees using phones and tablets to access both personal and work related information, the traditional idea of the enterprise network boundary is vanishing. The problem is that with data moving to the cloud, security teams are sometimes only able to see a fraction of user activity on the organisation’s own internal systems. How can they define and secure their perimeter, without sacrificing user productivity? Instead of securing the network, organisations should focus on securing user identities.

Introducing the Identity Perimeter

A recent Accenture report shows that 51 per cent of senior decision-makers are concerned about security as a challenge for adopting digital technologies. Businesses are realising that applications exist outside of the firewall, passwords have become a liability, and IT no longer controls every device that accesses corporate data. In order to keep end user computing secure, they need a better way to secure and control an increasing number of users, devices and applications that span traditional company and network boundaries.

Traditional security approaches have focused on establishing network perimeters and then architecting layers of firewalls, VPNs, IDS and DLP systems to segment and secure users and data. But the new reality is that the network perimeter is defined by the user, and more specifically, by their identity. Securing this “Identity Perimeter” and managing identities’ access to applications has become a complicated calculus, and it is IT’s responsibility to understand who has access to applications and data, where they are accessing it and what they are doing with it.

As a result, many organisations are looking beyond just securing the network and corporate owned devices, and are focusing on securing internal and external user identities, and data rather than just devices. By using contextual data about users, devices, and patterns of behaviour, they can more accurately detect unauthorised attempts to access corporate information, and IT can better mitigate the risk from a security breach to more effectively protect the business.

Regaining Control Through MFA

The advent of social media has made it easier for hackers to triage personal information to answer traditional security questions like “What is your mother’s maiden name?” and “Where did you go to primary school?”. This is prompting a growing number of businesses to implement multifactor authentication (MFA) to protect against the range of attacks that rely on stealing user credentials.

This highly secure authentication mechanism involves the use of two or more different types of authentication — such as a password plus a temporary key which is sent to a user’s phone, dongle, email address, or app – to ensure users are who they say they are, reducing the risk of unauthorised access.

With MFA in place, even if a user’s password is stolen, hackers are still unable to access their account without also spoofing the second factor. The more contextual the data is that an organisation uses to authenticate a user, the more difficult it becomes for hackers to breach the perimeter.

Minimising Risk in the New Perimeter

Today, everything depends on identity. With cloud use set to soar, it’s clear that having a holistic understanding of the network and its surroundings no matter the complexity is imperative.

Managing identity with single sign-on (SSO) and provisioning provides businesses with a better way to secure and control access for a growing number of users, and to devices and applications that span traditional company and network boundaries. This approach enables IT to benefit from real-time updates and the flexibility to react to the ever-changing workforce and increased adoption of applications. Additionally, automated user de-provisioning across all on-premises and all cloud based applications gives IT the peace of mind that once an employee has left the company, the company’s data won’t leave with them. In other words, these solutions ensure all users adhere to data security guidelines, giving IT more control over the different applications, access points and user types that will be connected to its cloud systems.

Recognising the new perimeter and managing identities with SSO enables businesses to quickly and securely adapt to the ever-changing environment — reduce concerns over visibility of users, devices and applications — and provides employees with access the applications they need, when and where they want them, ultimately increasing their productivity.

Phil Turner, VP EMEA, Okta

Image source: Shutterstock/GiDesign