How to achieve sustainable security
Getting rid of the brambles
When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.
A little over a year ago I was fortunate enough to buy a tiny cottage in the English countryside. The house had been looked after, with a clear path in and out, but the rest of the garden and small orchard had been allowed to be overgrown and were largely unreachable without running the gauntlet of brambles and nettles. As I cleared away the nettles and pulled brambles from the treetops, it occurred to me that this situation is not unlike the one frequently found in IT security – and that security infrastructures could do with a little weeding out as well. But where to start?
David Jack, Director, EMEA Product Management, Networking,Citrix.
Many enterprises have a well-maintained core application estate with a clear way to access it, normally aVPN. In addition, they have added security solutions over time to defend against external and internal threats. This way, however, they have cultivated a complex, overgrown security environment which can be difficult to maintain and often also creates challenges with user experience, especially if applications and services lie outside the core infrastructure, like cloud orSaaSapplications. All of this infrastructure takes a lot of work to just maintain, and can be difficult to adapt if new and unexpected threats emerge.
An architecture for sustainable security
Instead of this uncontrolled growth of security point solutions, what is needed today is an architecture for sustainable security. These are two words which come up frequently these days, but rarely together. Therefore, this requires an explanation. For me, there are five aspects – or branches, if you will – of sustainable security:
A fresh approach to security
A fresh approach to security is needed: an approach which better supports today’s environment where bothapplicationsand the people that need to access them are more distributed than ever before – a situation which will most likely continue into the foreseeable future, and seems likely to grow more complex over time. One challenge: the traditional VPN made every remote device an extension of the corporate network. It was designed for an on-premises world in whichremote workingwas the rare exception – so it is quite obvious why this approach doesn’t work anymore. This is why an increasing number of companies are moving to a cloud-deliveredzero-trust network access (ZTNA)solution.
Using ZTNA,employeescan interact securely with applications – regardless of the location of either, via a solution that continuously (i.e. not just upon initial access) checks device integrity, user identity, and access rights. This way, ZTNA reduces the risks associated with compromised endpoints dramatically. Being cloud delivered means that the infrastructure is always up to date to defend against the latest threats and can be dynamically scaled to minimize wasted resources when employees are not active.
Zero trust security replaces the old-fashioned perimeter-based “castle and moat” security architecture with a flexible one designed for the cloud age. The shift away from a centralized perimeter means that IT teams can invest their time in more valuable activities than keeping infrastructure updated and coordinating policies across several different elements. It also opens up the possibility to dynamically enable different modes of access, such as via a native devicebrowser, or requiring a secure browser.
The level of access restrictions depends upon the sensitivity of data being accessed and other factors such as the level of risk associated with different users and locations – in other words: true contextual access. The big advantage: access is only restricted, and only to the necessary degree, when it is absolutely necessary from an information security perspective. This makes access security much more user friendly. This way, ZTNA helps to achieve sustainable security in every aspect of the term mentioned above.
Making application security more sustainable
In addition to secure access, the apps themselves need to be independently secured. This doesn’t only apply to externally accessible apps, as insider threats continue to be a risk that must be considered. In addition, the bulk of modern cloud infrastructure data traffic passes through APIs, so this new route for potential compromise also needs to be secured.
A sustainable approach to dealing with app-level challenges is using application delivery controller (ADC) functionality, either on-premises or – preferably – in the cloud. Here, the consolidation of traditional ADC functions with modern app firewall and bot management capabilities provide a better user experience and simpler operations than separate elements. At the same time, applications deployed across hybrid cloud environments can be managed centrally and a consistent security policy is applied, reducing the efforts associated with maintaining robust app defense.
A further benefit is that this introduces another way to reduce the carbon footprint of the security infrastructure by removing separate security appliances from the network. So in terms of sustainability, a consolidated app security infrastructure, too, pays off in multiple ways. Looking with an experienced gardener’s eye.
In an overgrown garden, the only way to get a clear view of what needs to be weeded out is to take a step back and look at the whole picture. Similarly, evolving an existing security infrastructure can appear a daunting challenge – but by taking a step back, security teams can unlock better security and higher employee productivity. IT organizations need to clear the thicket of legacy security solutions and plant the seeds of a sustainable security architecture based on zero trust and app-level security controls. This way, they can look forward to a near future when the security team, as well as end users, can easily reach the fruit rather than having to fight through the brambles.
We’ve featured the best endpoint protection software.
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
David Jack, Director, EMEA Product Management, Networking at Citrix.
This new malware utilizes a rare programming language to evade traditional detection methods
A new form of macOS malware is being used by devious North Korean hackers
Arcane season 2 confirms the hit series isn’t just one of the best Netflix shows ever made – it’s an animated legend that’ll stand the test of time
