New time and security challenges are looking for new approaches and solutions based on modern technologies. It needs to operate on different fronts, from the edge of the network, through its interior and data center, to the end devices and users, wherever they are.
At the beginning of the development of IT infrastructure in companies and the age that preceded the Internet, mechanisms for rapid spread of software infections practically did not exist, and the only real danger could come from inside, from malicious employees or someone who gained physical access to the network or data center. That is why it is understandable that so-called cyber security was often not high on the list of priorities of the IT staff.
By connecting to the Internet, isolated infrastructure islands have ceased to exist. Companies were potential targets to anyone who is connected to a global network, so security has slowly come to the focus of IT employees and vendors. The strategy in the first stage of corporate IT security development can be compared with the measures used in medieval castles, where most efforts were made to prevent penetration of attackers from the outside, through reinforcing the door or digging deeper. Thus, IT also focused on protecting the edge of the network, mainly by investing in firewalls and creating a DMZ (demilitarized zone) segment, and antivirus and antispam solutions also found its place in companies.
The tactics and goals of the attackers changed over time. While malware was initially aimed at speeding up the dissemination and destruction of data, more recently, the focus of the attacker is to remain undiscovered within the corporate network for as long as possible, in order to gain as wide access as possible, but also eliminate entry traces. While hackers used to be kids who were breaking the protection just for proving themselves and become famous, today it is practically a highly profitable business. The attacks are sophisticated and well-planned, mainly with political or financial goals, such as theft of confidential data for the purpose of competing or extorting money from the companies.
The last decade has brought a real explosion in the use of mobile devices and applications, accompanied by the expansion of cloud technologies and solutions that have displaced applications from corporate infrastructure. Today, users and their data are no longer inside “the castle” or company network, and Windows PCs, which have been the dominant business devices, are often replaced by mobile phones and tablets in companies. It is necessary to completely change the approach of IT security, in accordance with the challenges of the new time.
Keeping control in the era of mobility
Strict security rules are usually not handy with the satisfaction of end users, who, accustomed to the speed and convenience of using apps on private mobile devices, expect similar experience in work and in a corporate environment. For today’s IT staff, this seems to be an impossible task – to provide users with access to company IT services in a way that is both simple and safe, regardless of where the user is and what device is used.
The answer to this challenge is the virtualization of desktops and applications for their unified delivery to different mobile platforms, but also the shift of user data to the data center, where it is much easier to manage in terms of availability (high availability, backup, DR) and security. This makes it possible to convert end devices into simple access terminals that do not contain sensitive data (for example, a thin client office worker) or store the minimum data needed for work (for example, a tablet of a field vendor that needs access to e-mail and documents ).
There is no “gold bullet” in cyber security – a product whose procurement and implementation guarantees a quiet sleep. The only successful security approach is a layered, one that starts from education and procedures and ends with concrete technological solutions, preferably diverse and from different vendors. In defining the security strategy, it is not necessary to focus on preventing the entry of bad guys from the outside, but starting from the assumption that they have probably been in for a long time.
How ITAF can help you?
If you need help with protecting your business and your brand, Contact ITAF. Our experienced security experts can help you with installing and maintaining some of the most effective protection against any security risks, training your employees and helping to defend your business from the lasting effects of hacking attacks.