There are some people who would tell you that there’s no such thing as too much security, but I’ll wager they don’t practice what they preach.
For example, if I adopted this “more is more” approach to my own life, I might have my house protected by a multi-layer security system featuring a badge scanner, a steel lock, and a six-digit combination code. But, instead of protecting me, all of this security complexity would likely encourage me to engage in bad security behavior, like leaving the keys and code under my doormat.
The same thing happens in an enterprise. The more security processes you put into place, the more likely it is that employees will circumvent those processes to save their sanity, also known as shadow IT. The classic “computer screen covered in sticky-note passwords” is only one very visible example. When it comes to security, simplicity really is the best policy.
Technology, of course, was supposed to solve this problem. As an alternative to driving to the office, the virtual private network (VPN) was an early and effective example. There was one app to install, one password to remember, and end-to-end encrypted communications. But let’s return to those sticky notes for a moment. Under a standard VPN configuration, all I need is the VPN client, login information, and password to access the corporate intranet. And not just an isolated corner of the corporate intranet, but everything: applications, data, and mission-critical hardware.
That’s exactly what is happening in many of the most egregious examples of corporate network breaches; a rogue user gains access to the intranet, and goes cherry-picking for customer data or other valuable information with no internal resistance.
If you’re thinking that more firewalls can stop the problem, you’re wrong… and right.
Hardware-based firewalls will only protect your physical network from the outside-in. What they don’t do is protect your network once someone gets past the firewall. In a virtualized network, however, enterprises can deploy hundreds or thousands of logical firewalls that prevent a rogue agent from going “room to room” (or virtual machine to virtual machine) in search of valuable information. This process is called microsegmentation, and it’s quickly becoming a security best practice for industries, particularly in banking and healthcare where customer data commands a premium on the black market.
Microsegmentation not only prevents malicious intruders from accessing valuable data, but it can also prevent them from gaining access to your network in the first place. In the case of VMware NSX, when integrated with AirWatch, enterprises can create single-use VPNs built around user and resource-specific policies. For example, an enterprise could dynamically create a VPN just for John Smith to access a single application from a specific device in a specific location, and tear down that VPN connection when he’s done. But wouldn’t that just compound the whole VPN password problem? The answer is ‘no’– NSX and AirWatch create these network conditions automatically—it’s completely invisible to the user, and no password is required. Now that’s security with simplicity!
Software-defined networking (SDN) is the future, but the benefits it brings to network security might be the most compelling use case for SDN right now. By enabling centralized policy management independent of any specific network topology, enterprises can bring themselves closer to a true vision of end-to-end security, all without overcomplicating life for the end user.
To learn more about how Rolta AdvizeX can incorporate a more secure mobile environment into your enterprise visit us online at https://vmware.advizex.com/. ▪