Posts tagged VPN
Adopt a “shrinking” security model based on micro-perimeters, pt. 1

In the past, security architectures followed the so-called “M&M model” of the hard crunchy shell and soft center. The bad guys would be stopped at the perimeter. As cloud and mobile computing extend the reach of the enterprise well beyond the perimeters of the past, the traditional security model of allowing good guys in and keeping bad guys out is no longer sufficient. As counter-intuitive as it might seem, security perimeters should actually shrink in the expanding BYOx (bring your own device/application/identity) world.

In essence, what was big is now small and what was small is now big. The idea is to protect the small entities — applications, APIs, devices and data — by creating massively scalable micro-perimeters around them. The data is now protected, rather than artificially trying to place a perimeter around the organization. This approach ensures the business can benefit from the increased agility and scalability afforded by adopting a cloud strategy, and IT can be confident the company’s data is safe. The key to applying a “micro-perimeter” is to make use of an API gateway, applying security at the level of the APIs used to connect to the cloud services.

In the old days, most business applications were only accessible on the corporate network via a browser or fat client, so they only needed rudimentary authentication and authorization capabilities. Now, with the pervasiveness of cloud-based services and mobile devices, the network perimeter has effectively evaporated and application security is a front-and-center issue.

By shrinking the security perimeter to surround each individual application — meaning moving any access control that was previously implemented at the network level to the application level — enterprise IT can control user access from anywhere and any device, without having to rely on a cumbersome VPN connection.

When setting up a micro-perimeter around applications, keep in mind that building authentication, single sign-on and authorization capabilities into individual applications is neither economical nor scalable. Look for a gateway architecture that can front both new and legacy applications and support the latest federation standards such as OAuth 2.0, OpenID Connect and SCIM (System for Cross-domain Identity Management).

Learn more here.

On TJ Keitt’s Forrester blog post, “’Anywhere, Anytime’ Work Means IT Must Provide the Right Technology, to the Right Person, at the Right Time”

By Bill Reeves, Sr. Director, Product & Solution Marketing (MFT), Axway

“Working remotely” used to mean simply working from home. Now it means being able to work even when you’re mobile, including in transit or at any kind of remote location. We’re connected like we’ve never been before. But working remotely should never compromise the security standards of the organization.

When it comes to remote computing, it takes a lot of thought to determine what type of security you need, where you want the data, how you want the data handled and managed, and who should have access to it (and who should not). Sometimes leveraging the remote capabilities of smartphones and other devices means that you are exposing the enterprise to a whole new level of security vulnerability. And since users are developing expectations of how they want to work, and what devices they want to use, it’s not as simple as applying the same security standard to every single device no matter what kind of data is in play, how it is being manipulated, or where it is going.

For instance, are you going to allow the same level of document creation and manipulation on a smartphone that you allow on a laptop? Some users may have relatively low expectations around what they can do via a smartphone, while others may expect functional parity across both mediums. There’s a big difference between the two, because the ability to actually manipulate data creates a whole new world of security concerns. Organizations must decide whether they will limit smartphone capabilities to viewing only or offer more robust data manipulation capabilities.

What you need to do is establish standards for transferring as well as manipulating data. Think through what kind of access you want to provide for smartphones or other mobile devices. How do you want workers to access it? Do you even allow them to access it? What security level is necessary to ensure that you are maintaining the standards set by the organization?

The bottom line? You need centralized file management. You need the ability to audit. And you need security, security, security! When you’re viewing or manipulating the data, you have to take it very seriously, and consider how it can interact with a smart phone. And, of course, the data should be encrypted at rest and in motion.

In addition to great products that address internal communication within the enterprise, Axway offers specific solutions that enable you to manage files outside of the enterprise – because the fact is you’re going to have to extend your reach, not just to your trading partners but to your internal employees at home and on the road.