New security mindset needed for a post-perimeter world


Industry talking to customers What’s this?Published: March 20th, 2018 By: Glenn Weir

Recall for a moment the office of ten years ago — people in cubicles logging into apps running on local servers. Now come look around you today: apps have been moved into the cloud, but with them, a data trail to potentially critical corporate data. Workers may boast today’s cloud-driven world is infinitely more efficient than the one it supplanted, but it can also be far more dangerous if critical business data is floating around with no guaranteed way of walling it off from bad actors.

The once accepted perimeter-based security model is no longer a cure-all. It’s not even a cure-much. With companies evolving to a cloud-native model for developing apps and managing workloads, new security methods and practices are needed. Perimeter security was once the answer to all questions; now, it is only one of many answers — a nice complement to other security pieces but hardly sufficient on its own.

Today’s CISO must consider all the “what ifs” of users connecting to the network from personal mobile devices, gaining access to company data stored in public cloud apps via public networks. And this is not some fad or trend that will soon fade away:

  • The BYOD market will reach nearly $367 billion by 2022, up from just $30 billion in 2014 (Source)
  • At least six of 10 enterprises have a BYOD-friendly policy in place (Source)
  • Eighty-seven per cent of organizations have come to rely on their employees’ use of personal devices to access business applications (Source)
  • Almost 60 per cent of organizations allow their employees to use their own devices for work, with another 13 per cent planning to allow use within a year (Source)

The potential attack zone was once tucked neatly inside a firewall. But the firewall is no longer the imposing structure it once was. The attack surface has expanded immensely, and for CISOs, problematically. Data and applications in the cloud are now outside the old city walls. The modern enterprise must employ — and always be seeking — new methods to protect its data.

IBM’s “A guide to security platforms” provides concise, actionable information on securing platforms in the digital era. Among the topics covered in this publication:

  • Rethinking security for cloud-based applications – looking at enterprise security with new eyes and a fresh approach – focusing on the five fundamentals of cloud security
  • Verifying identity and manage access on a cloud platform – keeping a keen eye trained on end user identification and authentication – tightening access management and authenticating service calls
  • Redefining network isolation and protection – verifying that a cloud platform offers well-integrated firewalls, security groups, and options for micro-segmentation based on workload and trusted compute hosts
  • Protecting data with encryption and key management – looking for a cloud provider that offers BYOK (“Bring your own encryption key”) solutions that allow organizations to manage keys across all data storage and services
  • Automating security for DevOps – seeking an automated scanning system to search for potential vulnerabilities in images before they are run – key features of IBM Cloud Container Service Vulnerability Advisor (VA)
  • Creating a security immune system through intelligent monitoring – effectively controlling access, operating at the level of workloads, tracking activity in detail, and integrating into on-premises systems

Download “A guide to securing cloud platforms” and move forward with a new security mindset for a post-perimeter world.