Page 228 - Cyber Defense eMagazine Special RSA Conference Annual Edition for 2022
P. 228
What is causing the perimeter to vanish?
As the organizational network expands, the number of devices located outside its perimeter increases.
Organizations are increasingly migrating to the cloud and adopting software-as-a-service (SaaS)
products for business continuity, cost efficiencies and digital transformation initiatives, making it
extremely difficult to manage endpoint security and monitor all user activity. The network perimeter
protected the on-premise data centers and corporate resources, which are now easily accessible through
unmonitored private networks. Hybrid data models where data is stored on-premises partially and
partially on the cloud make it difficult to enforce access controls around the network boundary. The rise
in the number of IoT devices has resulted in poor security management.
Challenges associated with perimeter-based security models
• The insider risk: When an insider is planning a malicious activity, there isn't any need for intruding
on the trusted network. The traditional perimeter-based model is not sufficient to deal with this
type of risk. Insider threats are difficult to defend as they have an added advantage of being
familiar with the organization's security structure. The level of visibility and granularity required to
mitigate insider threats cannot be fulfilled through traditional methods.
• Policy gaps: Certain business-critical data gets stored in two different systems using different
levels of access policies, and such instances often get unnoticed by security teams. External
attackers exploit these gaps between different policies or enforcement that apply to the same
asset. They leverage outdated policies or flawed authentication methods to break the perimeter.
• Vulnerable Endpoints: Vulnerable endpoints or software that contain security flaws can be
exploited by attackers. Endpoints should be monitored and updated regularly. Every device
connected to a private network can be a potential threat surface for attackers to execute code
and exploit vulnerabilities. These threat surfaces are sometimes used to gain access to business-
critical resources or hold hostage and steal sensitive information. This can be a security nightmare
for the enterprise.
• Dynamic Workloads: Most workloads are now either deployed on virtual machines or container
models, or cloud platforms. Hybrid cloud models allow workloads to be on either side of the
network boundary while allowing them to move around dynamically between on-premise and
cloud data centers. In such cases, obtaining visibility over workloads and creating relevant access
policies with the traditional network perimeter model can be challenging.
228