Identity is the New Perimeter
Networks are not what they used to be. Since the introduction of the firewall as the #1 security product to protect your business the world’s ways of working have evolved, massively. Firstly, depending on culture and country, remote working has become very common and employees expect the same access to services outside the office as inside. On top of that they are using many different devices to achieve their daily tasks. Secondly, IT operations is saving cost and becoming more agile by taking advantage of software as a service (SaaS) offerings.
These macro trends are unstoppable and accelerating fast. Security administrators need to redraw the data perimeter for their security infrastructure and adopt to the new business needs. Endpoints need to get under control and SaaS services should be gated with intelligent proxies to screen and protect business assets. But most of all: administrators need to get fully aware of what is accessed where and by whom. It’s the identity of the user that is critical to validate in order to be able to enable privileged access management (PAM) and collect meaningful actionable analytics.
New authentication methods are making your business more secure. Gartner predicts that by 2020 already those companies who are using phone-as-a-token authentication methods including biometrics (fingerprint, Face-ID etc.) controls will experience 50% fewer identity-related security breaches than peers that use more traditional one time password tokens.* And this is not strange the password has proven to be the absolute weakest link in any security solution. Hackers don’t actual need to break into your business – they can just login by stealing or guessing credentials. It is therefore so important to implement a passwordless authentication solution that users will love to use. It’s the user-experience that will determine how secure your business will be—if it’s cumbersome and there are ways out, humans will find the easiest way. IT administrators need to invest into enterprise password management (EPM) solutions to help users handle login—in a secure way.
Gartner also predicts that by 2022, 70% of enterprises using biometric authentication for workforce access will implement it via smartphone apps, regardless of the endpoint device being used – and this is up from fewer than 5% today. ** And this makes perfect sense, as smartphone penetration in the enterprise growing it provides a great opportunity for security administrators to use this second device for multi-factor-authentication (MFA) methods.
So what does “good” look like? Image a workplace where remote devices will automatically use SSL Tunnels to connect to the enterprise perimeter – hosted at HQ or in the cloud—and where authentication is handled through a push notification validated only by showing your face or fingerprint. Instead of bouncing around, the solution gives one personalized web portal providing single-sign-on or remote desktop access to all the SaaS and on-prem applications that you need—at that time—and that you are privileged to have access too. And users from within the perimeter should use the same—perhaps personal VPN tunnels are not necessary while inside the enterprise perimeter, but the use-experience and single point of access is equally important. As humans we are creatures of habit—the more our access can look the same everywhere, the better.
Where does that leave the NGFW? The network perimeter is more critical than ever. If fact, it’s narrowing into the service layer through micro segmentation and creating isolated pockets in your network that are protected from each other. Private and public cloud services need to get secure at their network interface and the firewall does a great job at that. Firewalls are also the ideal SD-WAN edge device because they can add an additional layer of security on top of secure networking that facilitates local breakout and critical resource protection services.
Enterprises of all sizes need to prioritize identity and access management. As the perimeter has in-fact stretched out to the individual network user good multi-factor authentication is the foundation for good security. A superior user experience is essential to help users making a habit of using services more secure and a connect & identify once—secure access to everything is the what IT administrators should aim for.
- SaaS Software as a Service
- SSO Single Sign On
- MFA Multi Factor Authentication
- EPM Enterprise Password Management
- PAM Privileged Access Management
- NGFW Next Generation FireWall
- VPN Virtual Private Networks
- SSL Secure Sockets Layer
* “Don’t Waste Time and Energy Tinkering With Password Policies; Invest in More Robust Authentication Methods or Other Compensating Controls” published 4 April 2019, by Ant Allan, VP Analyst , Gartner
** “Predicts 2019: Identity and Access Management”, Published 13 December 2018, Analysis by Ant Allan, VP Analyst , Gartner