As enterprise applications become more mobile-centric and move into the cloud, organizations are finding that the traditional concept of the enterprise perimeter no longer applies.
Once understood to be an all-encompassing wall between an organization’s network and the outside world, the new perimeter is constructed around the idea of walled applications and identities. And just as networks are becoming software defined, so too are the tools that define the new perimeter. Physical firewalls, while still an important part of network security, are now being augmented by software-based tools to create flexible, virtual perimeters using new network concepts such as microsegmentation.
The old model of security viewed the data center as a kind of castle that required IT to build a moat and guard the drawbridge to keep the bad guys out. Today, however, it’s unreasonable to expect that you can keep out all of the bad guys. In fact, some may be inside your castle right now. So you need to protect what’s valuable: your data.
Microsegmentation provides a highly effective way to do that by limiting what is accessible and blocking access to data that needs to remain contained. How? By providing topology-independent segmentation. With microsegmentation, you create software-defined firewalls with unique access policies for every virtual machine, every user and even every session.
In a hardware-based security scheme, the idea of creating unique access policies would be daunting, because of the number of devices and provisioning personnel involved. (Human error during the provisioning process is one of the most common ways that companies get hacked.) With a software-based approach, however, you can manage all of your firewall policies and identity authentication in one place, and enforce those policies wherever you need to in the network. Equally important, you can update your policies more easily (and consistently) with a software-based approach.
As data centers become more virtualized, this idea of granular, dynamic security will become the standard for security, much as physical firewalls were in the past. Today, if an enterprise wants to implement a solution like this in their network, Rolta AdvizeX recommends a combination of VMware’s NSX (for microsegmentation) and AirWatch (for identity management). NSX provides the capability to apply dynamic firewalls to a single virtual machine, rather than assigning one firewall to an entire server.
On the client end, AirWatch (through a feature called “AirWatch Tunnel”) enables application-specific VPNs to be built up and torn down between users and applications, millions of times per day if needed. Going back to the castle analogy, you now have a network where authorized individuals can visit only a single room at a time (AirWatch), and do not have the ability to move between rooms once they’re inside the castle (NSX).
Building a stronger mobile environment is one of our core strengths at Rolta AdvizeX. Our role is to work with your enterprise to identify how to best tighten your security, particularly as enterprises become more mobile and employees move outside of the protected WAN/LAN environment. One of the outcomes of that conversation is the creation of stronger security policies that are also simpler to manage.
Enterprises tend to resist the concept of more security layers because of the pushback they’ve received from employees who are already inundated with passwords and protocols. Simplicity is therefore a primary requirement for any new security initiative, and one of the reasons why AirWatch is so effective: there are no passwords needed because the key encryption is done automatically and (from the user’s perspective) invisibly.
In the new mobile cloud era, it turns out, the best security is the kind you don’t see. To learn more about what AirWatch can do for your business, read “Is the Cloud Costing Us Our Identity?” ▪