Protecting Your Enterprise in a Mobile World
Happy New Year! 2018 is officially in full swing and today I find myself sitting at the airport, on my way home from our first ever (and fantastic) Cyxtera Sales Kickoff! As you’d expect with any of these events, it’s a great time to connect with colleagues. Many of our top security experts, (including our Chief Cybersecurity Officer, Chris Day) were at the event with me and I often found myself immersed in conversation about the threat landscape of 2018.
Take for instance, Apple’s recent announcement regarding a chip vulnerability that exposed millions of iPhones, iPads, iMacs and MacBooks (among others) to threats such as Meltdown and Spectre. The impact of these attacks can be brutal. According to researchers “Meltdown "basically melts security boundaries which are normally enforced by the hardware." Spectre, meanwhile, "breaks the isolation between different applications" allowing "an attacker to trick error-free programs, which follow best practices, into leaking their secrets."
The first thing I notice in that sentence is a nod to a previous generation’s security implementations. My colleagues at Cyxtera along with a groundswell of leaders in the security industry say traditional, static (typically hardware-based) security solutions are no longer adequate in today’s highly dynamic landscape. Dynamic, software defined security implementations that are designed around the user and that follow a zero-trust methodology are more effective and appropriate in addressing the security needs for today’s distributed users and hybrid environments.
Apple’s announcement is a perfect manifestation of this argument. While it’s true that no security “solution” would have been able to prevent a security breach within the processor, a user-oriented security implementation would greatly diminish, if not eliminate the ability for a bad actor to gain access to a large swath of your organization’s application landscape. Think of it this way. If every iOS device is at risk, that presents a countless number of open doors to your company. With the traditional hardware based approach where a VPN client accesses a gateway and granted unfettered access to an open corporate network, these attacks could be utterly devastating. With a Software Defined Perimeter (SDP) solution for instance, even though malware might be able to obtain data from other processes on the device, its ability to do harm across the network is significantly limited.
Profound, right? Not really – it makes sense. Ten years ago, we saw the emergence of cloud based computing architectures that vastly changed the way we deploy our applications and changed how we manage our workloads today. With an ever increasing globally distributed workforce, accessing company assets and resources from a myriad of devices from desktops to phones, it makes sense that security evolves beyond VPN clients and physical firewalls. They simply can’t keep pace.
Views and opinions expressed in our blog posts are those of the employees who made them and do not necessarily reflect the views of the Company. A reader should not unduly rely on any statements made therein.