The complexity and span of devices on the network continues to develop at an astounding rate and many organisations are struggling to address the growing attack surface.
By Mandy Duncan, country manager at Aruba
A plethora of devices are being brought into the workplace and while all these new devices are designed to drive collaboration and connection, when they become connected to the company networks, they can become an insider threat and another possible entry point for hacking.
IDC declares that 55-billion devices will be connected worldwide by 2022, while Forbes Technology Council reports that up to 90% of these devices will be unmanaged or unagentable, meaning that these devices will not be able to be protected by traditional cybersecurity solutions.
Furthermore, with the growing everywhereness of device ability to send and receive data via the internet, the adoption of IoT to improve operational efficiencies and outcomes has taken precedence over critical security and compliance best practices. Forbes Technology Council describes that currently companies cannot see 40% of the devices in their environments.
South Africa organisations are no exception, from IoT to an always-on mobile workforce, many business networks around the country are connecting to more and more devices while struggling to see, manage or secure them, these organisations are more exposed to hack-attacks than ever before.
Building an edge-capable IT function
The Network Edge represents the culmination of all users, devices and technologies. According to Gartner, edge computing will be a necessary requirement for all digital businesses by 2022.
With potentially trillions of rands being invested in the hope of generating huge economic returns, the argument for paying attention to the edge opportunity is clear and the window for learning and action is narrowing.
From a network security perspective, the challenge for IT teams is to lead the pursuit of these edge-based strategies across the business and manage the edge environments, from user devices to operational technology -all with data security as a priority.
In the findings of the e-book commissioned by Aruba entitled ‘Opportunity at the Edge: Change, Challenge, and Transformation on the Path to 2025’, many interviewees and survey respondents highlighted the sheer scale of the technology ecosystem that IT must manage in an edge environment.
The edge represents a massive increase in security risks as every device and network touchpoint becomes a potential point of vulnerability and source of threat.
The InfoSec Institute highlights a number of critical risks that need to be managed, including weak device access passwords; insecure communications; data collected and transmitted by devices being largely unencrypted and unauthenticated; physical security risks for individual devices; and poor service visibility, with security teams unaware of the services running on certain devices.
The solution: an edge with built-in zero trust
With these developments, findings and projections on hand, networks will be more vulnerable to insider hacking than ever before and organisations are forced to adopt zero trust and zero risk tolerance models that are built-into their network edge.
Sometimes it takes a while for the market to put a name on what you have doing for a long time. For those not following the latest in security trends, zero trust is simply defined as not trusting either the endpoint or the network in terms of granting IT access.
When Aruba was founded in 2002 we identified security as one of the key challenges for organizations adopting wireless connectivity. That’s why we introduced a Policy Enforcement Firewall (PEF), a firewall that enforces role-based access control across the network, independent of the method of connection.
At that time, the market didn’t call it Zero Trust, but essentially that is what it was: the user or device must be authenticated and once that happens, application-layer IT access is granted based on the role of that endpoint. PEF is the enforcement point.
We’ve shipped millions of Policy Enforcement Firewalls that run on both Aruba access points and gateways. As such, they are embedded in our network infrastructure and protect not only wired and wireless LAN connections, but also anchor the zero trust security in our edge-to-cloud software-defined branch solution.
It doesn’t take a security expert know that spearfishing, ransomware and denial-of-service attacks are an ever-present danger and the explosion of mobile devices and IoT are increasing that attack surface and creating an ever widening blind spots. To deal with this threat environment, zero trust is a must-have foundational element in any enterprise security system. But remember, you can’t simply paste on zero trust on to your edge, you must have zero trust built-in.