Thanksgiving is the time to reflect on all we are thankful for. While 2020 may have not been an ideal year, we have decided to focus on the aspects of network security that we are thankful for in any case.
2020 was a major year for the network security industry. While organizations made the shift to working from home overnight, the inevitable move to remote work was accelerated and securing the network became top priority for IT teams.
This past year we saw improvements in network security throughout the space and here at Perimeter 81, we are grateful for all the different ways that relevant technologies and solutions have evolved in the last year. From faster and more effective authentication technologies to remote work networking infrastructure, 2020 has proved that network security is headed in the right direction.
As we take a look at the past year and move forward, here are the 5 network security technologies we are most thankful for.
Before COVID-19, most employees did not have the option to work outside the office. Although remote work and the “digital nomad” lifestyle has been steadily on the rise over the past few years, it was far from the norm. Suddenly, in March, all of that changed, and employees were required to work from home for the foreseeable future.
Now organizations have implemented secure remote access solutions that provide their employees with a fast and secure remote network connection that don’t lag. Most remote users are connecting to their work environments that reside on the cloud and need to be granted full network access to reach their environments. Over the past year, more organization’s are dissolving their Remote Access VPNs and providing teams with a more scalable and secure remote access solution.
Encouraging a more user-centric model, organizations are providing their remote workers with a quicker and more secure network connection to their corporate resources and applications.
It’s 2020 and MFA is everywhere. Multi-factor authentication (MFA) is one of the key technologies in use today for verifying the identities of users. With its roots in the RSA tokens and then Google’s Beyond Corp, MFA requires that a user requesting access has not only something that they know (ie. their credentials) but also something that they have.
This kind of verification might be carried out with a device or by an application on the user’s device like Google Authenticator, push notification to their mobile, or in the worst of cases an SMS. The hope is that if an attacker has stolen the credentials from a breach, data dump, etc, then they will be denied access when challenged with MFA. A large amount of today’s massive data breaches are due to the result of the lack of password hygiene that fails to provide enough protection. In the past, a single authentication login may have been enough, but as hackers have become more sophisticated it has forced multi-factor authentication (MFA) to become a must when authenticating a user.
By requiring users to login using their account password and then go through a second step, you can reduce your company’s potential risk exposure.
When mitigating risks inside an organization, it’s best not to put all your eggs in one basket. Micro-segmentation in network security refers to breaking up the different data or other resources into smaller and segmented sections, decreasing the chances of an attacker gaining access to all the critical resources and applications.
Even if hackers breach a part of a network they won’t be able to gain access to all the data on the network just a small amount. Forrester Research recommends dividing network resources at a granular level, allowing organizations to tune security settings to different types of traffic and create policies that limit network and application flows to only those that are explicitly permitted.
Adopting the network micro-segmentation approach provides IT and security teams with the flexibility to apply the right level of protection to a given workload based on sensitivity and value to the business.
With everyone working remotely, providing access is key but not every employee needs access to everything. This is the idea of limited privilege access: the model that users should only have access to resources they absolutely need in order to do their job well while also respecting security.
Insider threats or the possibility that a user’s account has been compromised are common concerns that can be mitigated if we are able to limit what users are supposed to have access to in the first place. So even while we still require verification for every user, we need to provide everyone with the minimal level of privileges that they need for their job, hopefully making it harder for adversaries to access more valuable bits of information or controls.
By the same token, we should be monitoring user behavior throughout all of their interactions to ensure that they are behaving like they are expected to. Chances are that Steve from accounting probably does not need to have access to your users’ passwords or other sensitive data that is unrelated to his job.
Nowadays, everyone is connecting from everywhere and different devices. This has created a challenge for IT and security teams to ensure their connection is secure at all times. By providing all your employees access to every resource in your organization, they are potentially creating more points and levels of risks.
To keep it simple, only give network access to employees that have provided and passed the authorization process for each device. By limiting access, you will be safeguarded from potential leaking of your organization’s sensitive information (personal information, financial information) of the organization that shouldn’t be seen by your entire staff.
With machines calling in for access from around the world, verifying that each device has proper authorization is essential. These may be mobile devices belonging to employees or an AWS server, verification becomes necessary before granting them access.
As you are checking the timer while cooking your Thanksgiving Turkey, catching up with family in person or virtually and jumping for joy while watching the big game, don’t forget to be thankful for the different technologies that keep us safe this thanksgiving. We certainly are.