Deconstructing the security perimeter
September 9, 2006
For the past few years, important Internet security breaches have dominated the IT news headlines. Some very sensitive data had been placed into laptops that were later lost or stolen. Hackers have severely compromised financial and identity information. Employees inadvertently shared some personal and confidential information out of their networks to destinations unknown and unsafe.
Overall, while the names of the individuals and of their companies have changed, they are still tied together by a universal theme: the data inside their organizations has somehow been accessed without authorization, and then leaked out beyond corporate perimeter defenses with the assistance of users that were in possession of the passwords.
As companies watch in horror and wonder if they will be the next breach of the week, the question they need to ask themselves is "do I really understand how my confidential information is being accessed and used by credentialed users?" The answer to this question is quite a bit more complicated than they might realize.
In response to changing business practices and evolving technology, organizations have intentionally deconstructed the perimeter, extending the notion of the internal network in multiple directions to enable the extended enterprise.
Links to CRM applications, billing and procurement systems, as well as telecommuters, outsourcers and partner access all expose the internal network to massive risk. As organizations punch holes in the perimeter to allow for growth, the internal network is now only as secure as those have access to it.
Meanwhile, as most security defenses focus only on protecting users or systems, little or no attention is paid to reducing risk associated with critical information assets or the actions of individuals who have access to them.
This is what's known as the internal threat -- a complex, shifting problem that manifests itself in one way or another on the internal network. The internal threat is a hard problem to define and is even harder to solve.
While traditional security measures were effective in securing the perimeter, the internal threat could be anyone and anything that has credentialed access to your network. Employees, partners, outsourcers, consultants and even hackers with stolen credentials all pose an unseen risk by simply having access to your sensitive data.
Organizations are now tasked with not only understanding what these parties are doing on the network, but how they're using the data and infrastructure they have access to.
In order to cost-effectively and efficiently monitor actions and behavior on the network, organizations must shift their thinking from a reactive or negative model, to a positive model of security.
Rather than spend time, money and costly resources on continually adding layers of security to hopefully protect your business processes against disruption or misuse, a risk-centric, model of security can be applied to an organization, allowing for the better use of existing security applications and products, as well as gaining a deeper understanding of your internal network behavior.
Through this model, security measures protect the integrity of assets by watching the processes themselves, instead of trying to predict and detect any number of negative influences against it.
One example of a positive model of security, especially in light of several recent high-profile laptop and desktop losses and theft, would be to monitor the acceptable use of data before it even leaves the network.
By the time sensitive data is pulled back from an internal server to a host, whether or not it's encrypted, it's too late to protect an organization against data loss or theft.
And while locking down hardware and data and host encryption are good policies to integrate into an organization's overall security policy, this does not protect an organization from inappropriate or malicious data usage and movement within or out of the network.
A positive model would incorporate deep monitoring into all streams traversing the network and alert an organization to inappropriate data usage or movement within and outside of the organization, thereby preventing potential data loss before it can leave with the host.
So what's the true difference between a negative and positive model of security? A negative model only tries to define any possible negative influence on the intended business process, where a positive model looks specifically at what the business process is and how it was implemented.
This drastically simplifies the configuration and is much more future proof around potential negative impacts.
To make this possible it is necessary to monitor all communications and data traversing the network in a business context that visually supports the business goals and policies in place.
Source: Line 56
Become an authorized reseller of Proxy Sentinel™ and Firewall Sentinel™. Do like the rest of our authorized resellers and have your clients benefit the important security features of our products and solutions, while increasing your sales at the same time. Click here for all the details.
You can link to the
Internet Security web site as
much as you like. Read our section on how your company can participate in our
reciprocal link exchange program
and increase your rankings
in the major search engines such as
Site optimized by Pagina+™
Powered by Sun Hosting
Search engine keywords by Rank for Sales
Development platform by My Web Services
Internet Security.ca is listed in
Global Business Listing