Borderless security set to replace the network perimeter
By Max BurkhalterOctober 28, 2019
Protecting private networks from external threats has long troubled cybersecurity experts in nearly every industry. Traditionally, organizations focused on creating a strong buffer between privately and locally managed networks. This was achieved by limiting outside access to internal servers, closely monitoring traffic and heading off cyberthreats before they breached a network's outer defenses. This type of system design, often called network perimeter security, has been the norm for over a decade, but recent developments in IoT and mobile technologies are forcing companies to adapt.
Breaking down the network perimeter
The concept of a network perimeter is rather straightforward: safeguarding a company's internal hardware, software, web applications and data requires a strong layer of defense at the boundary between networks. According to Barracuda Networks, this is typically achieved by deploying one or more of the following cybersecurity solutions:
- Perimeter routers: This networking equipment directs all traffic that travels in and out of an organization's internal servers and is typically positioned at the edge of the network. In a basic sense, border routers act as a buffer between private networks and the wider internet.
- Firewalls: These vital security systems work in tandem with perimeter routers to filter traffic based on a company's IT policies and network parameters. Firewalls are responsible for validating external connections and blocking traffic that may pose a risk to the private network, such as malware attacks.
- Intrusion detection/prevention systems: As an add-on to an organization's firewall, these protective systems are constantly on the lookout for suspicious traffic patterns and user activity. In most cases, these processes are automated, meaning the systems will either send an alert to the appropriate IT team or defend the network without direct human involvement.
- Screened subnets: Often referred to as "demilitarized zones," these small peripheral networks contain public services that are protected by the firewall and intrusion detection systems. This allows authorized traffic from locally managed networks to access an organization's internal server.
While these are only a few of the tools used in network perimeter security, they represent key defenses against external threats to a private network. That said, many companies do not have a clearly defined boundary thanks to the integration of IoT technologies, the rise in remote employees and the use of personal mobile devices for work-related purposes. Although VPNs have afforded companies a means of insulating authenticated external traffic from the open internet, they are far from perfect.
The rise of borderless network security
The digitization of modern enterprise environments has created an urgent need for networking frameworks that allow users to securely access important data, applications and other assets remotely. According to a 2018 study by International Workplace Group, more than two-thirds of employees around the world work remotely at least once per week. This reshaping of modern work environments has essentially erased the well-defined trust boundaries around enterprise networks, thanks in part to cloud storage and software-as-a-service products. Sensitive data and web applications are no longer stored onsite, which creates a host of cybersecurity and access challenges for IT administrators.
Under this network architecture, every device that connects to an organization's private servers, from both internal and external sources, represents a possible attack vector for cybercriminals. For example, if an employee's smartphone is infected with malware when it connects to the company's network, there is a chance it could spread throughout the entire system. According to a recent article from CSO Online, borderless security addresses these and other security threats by integrating a variety of network-level and device-level protections, including:
- Zero-trust networks: This type of network architecture funnels traffic from external sources, such as personal or public Wi-Fi, through a secure "transport layer," allowing authenticated users to safely access internal data and applications remotely.
- Identity management: Controlling access is essential to borderless security, which is why employees are often given user rights and permissions that are directly linked to their identity. This not only facilitates factor authentication when connecting to the network remotely, it also gives employees the ability to use several different approved devices.
- Endpoint security: Every laptop, desktop, tablet and mobile phone represents an endpoint in the wider network of devices connecting to a company's private network. Ensuring all authorized devices are protected with anti-virus and anti-malware software is crucial, as users may unknowingly download a malicious attachment that may threaten the security of the entire network.
Ultimately, the best cybersecurity strategy is to incorporate elements of both perimeter and borderless network architectures into one unified framework. While such a hybrid security system may require some upfront costs, the benefits are well worth the investment. Perle offers powerful connectivity tools that can help organizations maximize their network security and storage applications. Our industrial-grade Ethernet switches and console servers are designed to work within big data environments that rely on the uninterrupted flow of data stores. Read some of our customer stories to find out more.