As enterprises embrace cloud computing and a mobile workforce, IT leaders have watched the traditional network perimeter capabilities dissolve, making security, access and identity concerns a top priority.
Digital ecosystems have expanded the infrastructure horizon for enterprises far beyond the network perimeter. Increasingly applications reside in the cloud, erasing the traditional idea of “inside” and “outside” a network perimeter. And while the idea of a “cloud perimeter” is emerging, protecting data your enterprise in requires a new approach to security that moves from the “moat and castle” approach to a zero trust model.
Shifting Security Priorities
This year, cyber security infrastructure has become one of the top three CEO priorities for CIOs, according to IDG’s 2017 State of the CIO report. Slightly more than half of the respondents to the survey also said that security and IT strategy tightly integrated today, compared to only 37% in 2016.
And there’s more to come. Forty-two percent of organizations expect to see an increase in security budget over the next 12 months, according to the 2017 IDG Enterprise Security Priorities survey.
And there’s a distinct shift toward the cloud for that security spend. In the Enterprise Security Priorities survey, 53% of security leaders say they’re looking into or piloting behavior monitoring and analysis; 49% are doing the same with cloud-based cyber security services; and 48% have cloud access security brokers on the radar or in a pilot program.
Elements of a successful cloud perimeter
As IT leaders explore their options for addressing security in their new digital ecosystems, what critical components should be on their checklist?
1. The cloud perimeter should use the Internet as its core network. In fact, adopting a cloud perimeter is an essential step to leveraging the Internet as WAN.
2. Verify and never trust should be a core principle of the system.
3. The perimeter should be able to provide:
a. A clientless central point of entry and control for allowing authenticated employees, partners and others to access specific corporate applications that are hidden from the Internet and public exposure.
b. Data-path protection, identity access, multi-factor authentication, application security, and management visibility and control delivered as a single service.
c. Global delivery that has service-level agreements on performance so end user experience isn’t affected by security.
d. Full security capabilities, including the ability to proactively identify and block access to malicious domains, the ability to quickly and uniformly enforce compliance and your Acceptable Use Policy, and full visibility and logging to look at positive and negative security models and to start to think about predictive analytics and behavioral analysis.
e. Cloud-based push-API services that deliver critical transaction and security event data from multiple resources in real-time, seamlessly integrating with existing reporting and analytics tools for actionable insights.
f. Rapid deployment deployed across any data center or hybrid cloud infrastructure.
The easiest way to move towards a cloud perimeter is to find a trusted partner who can offer you a SasS service in the cloud so you don’t have to duplicate technology stacks across your infrastructure. Then, start by embracing zero trust and least privilege and look for simple wins across security, access and delivery.
To learn more, visit Akamai.