By: Gamal Emara, Country Manager – UAE at Aruba, a Hewlett Packard Enterprise company
The first priority of defense used to be to secure the perimeter. But changes are shifting the old concept of a fixed boundary in mobile-first wireless enterprises at a particularly dangerous time.
A few years ago, organizations only needed to contend with lone hackers seeking no more than bragging rights for breaching a system. Now, the threat vectors range from global criminals seeking financial gain to nation-states trying to steal trade secrets or blackmail their victims.
And the threats are escalating with attackers increasingly targeting the proliferating number of IoT devices that are coming online. Market researcher Gartner expects that some 6.4 billion “things” will be connected to the IoT this year, up 30% from 2015. That rapid increase also has implications for enterprise security.
Consider, for example, the much-publicized breach of a national retailer a few years back. The attackers gained entry through the systems of an HVAC contractor, which they compromised after an employee of the contractor opened a phishing email. Welcome to the enterprise world’s new security nightmare reality: your perimeter now extends to everyone (and everything) who works for your company’s third party contractors. If that doesn’t wake you up like an ice cold shower, nothing will.
Back in the era of fixed perimeters, it was relatively easy to identify what to trust and what not to trust. Anything inside the perimeter was OK; anything outside was treated with suspicion. But when people and devices are mobile, they move fluidly and freely across the perimeter. Instead of focusing on the perimeter, we have to focus on the user and the user’s apps and devices -- in context.
Contextual understanding means assigning access policies according to the context in which specific users, apps and devices access data resources. You’ll also need to be prepared to address a myriad of new challenges. What kind of device is being used? What applications are on the device? Who is using the device? What time of day is it? From where is the access taking place?
Every one of us can appear quite different to our network depending on the context. For example, if you are a doctor in an operating room accessing medical records, you must be given instant, high priority access. But if you are that same doctor seeking medical data from the Wi-Fi network of a coffee shop down the street, your access privileges could be assigned a lower priority level.
When trust is weighed and adapted to contextual factors, you have what we call Adaptive Trust. We have implemented the principles of Adaptive Trust in ClearPass, Aruba’s policy manager and in ClearPass Exchange, a central policy engine that enables layers of security thanks to its set of open APIs. A number of partners, including Palo Alto Networks, MobileIron, Intel and Microsoft are part of the ClearPass Exchange ecosystem.
How does this approach work? Recently, one of our partners found one of its firewalls detecting suspicious activity within a network. The cause: an e-cigarette that had been plugged into a USB port for charging. It turned out the device, unbeknownst to its owner, contained malware. When it comes to potential IoT threats, that’s just a hint of what’s over the horizon. Some experts believe that a massive IoT breach is inevitable. However, using a new ClearPass capability called OnConnect, you can now secure IoT devices like sensors that, unlike typical intelligent network devices, do not run 802.1x authentication protocols.
There is a very different perimeter out there. Don’t sit back and wait for the next breach. Get to know that new perimeter -- and adapt your trust accordingly.