Do you keep your front door wide open when you leave the house?
Some enterprises are doing just that when they use blanket security policies. Most enterprises are too lenient in the access privileges they allow guest users on their network.
When I meet with new clients, one of the first questions I ask is: What would I be able to see if I plugged my laptop into your Ethernet right now? What usually follows is a much-needed conversation around identity and access management (IAM). While most enterprises are using some kind of technology to identify users when they log on to the network, the access privileges associated with those identities is often rudimentary at best. For example, they may use broadly defined policies that barely differentiate between guests and employees, rarely differentiate between employees in different departments and make no differentiation at all between John Smith logging on from his laptop in the corporate office and John Smith logging on from his personal smartphone at the airport.
Weak identity and access management is a recipe for trouble. If anyone can access anything, then cybercriminals only need to get lucky once to see everything. The challenge for organizations is that networks have evolved from fairly static intranet/internet topologies with a limited number of devices to highly dynamic wired/wireless/cloud topologies with a multitude of human-operated and machine-operated devices. It’s no longer enough to say that John Smith can access the following data and applications. Access privileges need to be dependent on a variety of factors beyond identity, such as role, device, network, location and time of day.
Managing a myriad of access policies can get complicated quickly, which is why many enterprises opt for a minimum of policy policing. Fortunately, there’s a simpler way to manage identities and access privileges in an enterprise network: Aruba ClearPass. Before ClearPass, there was no clear way to identify different users on different devices in the network. But ClearPass provides instant insight into the who, what, where and when of network traffic, and helps you create and enforce dozens (or even hundreds) of different access policies based on that criteria.
Of course, before you can begin enforcing access policies, you need to understand which levels of access are appropriate for each user, device and location. To facilitate that process, we offer in-depth advisory services to help organizations assess, design and build better security processes for their business. We begin by examining your security requirements including your application ecosystem and any regulatory/compliance measures that affect your industry. Then we design and build a solution that is customized to your needs using leading-edge technology. We implement the technology, harden it for security and test it for any issues before it goes into production. Finally, we train your team to manage the technology or, if you prefer, we can manage it for you.
With Rolta AdvizeX and Aruba ClearPass, you don’t have to sacrifice security for simplicity. To learn more, be sure to watch my webinar Understanding the Role of Network Visibility in Enterprise Security. ▪