The complexity of connections

1 April 2020 IT infrastructure

The complexity and span of devices on the network continues to develop at an astounding rate and many organisations are struggling to address the growing attack surface. A plethora of devices are being brought into the workplace and while all these new devices are designed to drive collaboration and connection, when they become connected to the company networks, they can become an insider threat and another possible entry point for hacking.

IDC declares that 55 billion devices will be connected worldwide by 2022, while Forbes Technology Council reports that up to 90% of these devices will be unmanaged or un-agentable, meaning that these devices will not be able to be protected by traditional cybersecurity solutions. Furthermore, with the growing everywhereness of device ability to send and receive data via the Internet, the adoption of IoT to improve operational efficiencies and outcomes has taken precedence over critical security and compliance best practices. Forbes Technology Council describes that currently companies cannot see 40% of the devices in their environments.

South African’ organisations are no exception, from IoT to an always-on mobile workforce, many business networks around the country are connecting to more and more devices while struggling to see, manage or secure them, these organisations are more exposed to hack-attacks than ever before.

Building an edge-capable IT function

The network edge represents the culmination of all users, devices and technologies. According to Gartner, edge computing will be a necessary requirement for all digital businesses by 2022. With potentially trillions of Rands being invested in the hope of generating huge economic returns, the argument for paying attention to the edge opportunity is clear and the window for learning and action is narrowing. From a network security perspective, the challenge for IT teams is to lead the pursuit of these edge-based strategies across the business and manage the edge environments, from user devices to operational technology – all with data security as a priority.

In the findings of the e-book commissioned by Aruba entitled ‘Opportunity at the Edge: Change, Challenge, and Transformation on the Path to 2025’, many interviewees and survey respondents highlighted the sheer scale of the technology ecosystem that IT must manage in an edge environment. The edge represents a massive increase in security risks as every device and network touchpoint becomes a potential point of vulnerability and source of threat.

The InfoSec Institute highlights a number of critical risks that need to be managed, including weak device access passwords; insecure communications; data collected and transmitted by devices being largely unencrypted and unauthenticated; physical security risks for individual devices; and poor service visibility, with security teams unaware of the services running on certain devices.

The solution: an edge with built-in zero trust

With these developments, findings and projections on hand, networks will be more vulnerable to insider hacking than ever before and organisations are forced to adopt Zero Trust and Zero Risk Tolerance models that are built-into their network edge.

Sometimes it takes a while for the market to put a name on what you have been doing for a long time. For those not following the latest in security trends, Zero Trust is simply defined as not trusting either the endpoint or the network in terms of granting access.

When Aruba was founded in 2002, we identified security as one of the key challenges for organisations adopting wireless connectivity. That’s why we introduced a Policy Enforcement Firewall (PEF), a firewall that enforces role-based access control across the network, independent of the method of connection. At that time, the market didn’t call it Zero Trust, but essentially that is what it was: the user or device must be authenticated and once that happens, application-layer IT access is granted based on the role of that endpoint. PEF is the enforcement point.

We’ve shipped millions of Policy Enforcement Firewalls that run on both Aruba access points and gateways. As such, they are embedded in our network infrastructure and protect not only wired and wireless LAN connections, but also anchor the Zero Trust security in our edge-to-cloud Software Defined Branch solution. Our Zero Trust protection is so effective that in September 2019 PEF was the only firewall designated by the insurance industry as Cyber Catalyst based on its demonstrated ability to reduce risk.

PEF is the critical component for Aruba Zero Trust that works in conjunction with other elements of the Aruba network ecosystem to implement the management and visibility needed by both the operations and security teams. Aruba’s ClearPass Device Insight harnesses the power of artificial intelligence (AI) to automatically discover and profile everything that is connected to the network without using device agents, all while furnishing a continuous profiling platform that embeds machine learning methods to detect and respond to any change in that profile. When integrated with ClearPass Policy Manager, access policies with precise IT access rights can be created to define the exact role of that device on the network at that moment in time, thus minimising the attack surface. To close the loop, the policy is passed to PEF for control of wired, wireless and WAN access and dynamically segmenting the traffic. This is how Built-in Zero Trust should be.

It doesn’t take a security expert to know that spearfishing, ransomware and denial-of-service attacks are an ever-present danger and the explosion of mobile devices and IoT are increasing that attack surface and creating an ever widening blind spot. To deal with this threat environment, Zero Trust is a must-have foundational element in any enterprise security system. But remember, you can’t simply paste Zero Trust onto your edge, you must have Zero Trust built-in.




Share this article:
Share via emailShare via LinkedInPrint this page



Further reading:

Integrated facilities management solutions
Issue 2 2021 , IT infrastructure
Tsebo Facilities Solutions provides a smart remote monitoring solution that will increase efficiency and, most importantly, mitigate risk.

Read more...
Creating hyper-aware industrial facilities
Issue 2 2021 , IT infrastructure
Jacob Chacko expands on what a cognisant industrial site is and why edge technology and the Industrial Internet of Things (IIoT) are relevant to it as well as hyper-aware industrial facilities.

Read more...
Cisco and AMD improve performance, security and hybrid cloud operations
Issue 2 2021 , IT infrastructure
Cisco has announced?an expanded engagement with AMD?to help businesses?accelerate advanced digital experiences?and improve hybrid cloud operations

Read more...
GJD unveils new Network Bridge product
Issue 2 2021 , IT infrastructure
GJD has announced the launch of its new Network Bridge, designed to easily connect GJD IP devices with third-party video management software and network compatible products, including Avigilon and other proprietary CCTV systems.

Read more...
Backup servers with free Altaro software
Issue 2 2021 , IT infrastructure
Altaro Physical Server Backup enables you to easily restore a physical server on your network and access it on your existing virtual environment, as a virtual disk or fully functional virtual machine.

Read more...
Vehicle-to-office connectivity
Issue 2 2021 , IT infrastructure, Mining (Industry)
A large coal and heavy minerals mining company in South Africa is rolling out a mine-wide wireless digital connectivity networking solution that interconnects the various employees’ mobile devices to monitoring systems on vehicles, mining equipment and conveyor belts throughout the mine.

Read more...
Introducing Video Storage Solutions
Issue 1 2021 , Integrated Solutions, CCTV, Surveillance & Remote Monitoring, IT infrastructure
Video Storage Solutions (VSS) was formed with the single objective of providing system integrators who are part of the Milestone Community with verified video recording and storage appliances. VSS is distributed in South Africa by First Distribution.

Read more...
Used electronics present security concerns
Issue 1 2021 , IT infrastructure
Employers have a legal obligation to clean old IT devices professionally and ensure that all data is erased from them prior to decommissioning and disposal or redistribution.

Read more...
CAPEX vs OPEX
Issue 1 2021 , IT infrastructure
With the rapidly accelerating pace of digital transformation last year, many organisations were forced to invest in data storage infrastructure, however, these businesses often face the dilemma of whether to opt for a solution acquired as a capital expense or operating expense.

Read more...
How technology enables better healthcare
Issue 1 2021 , IT infrastructure
With the need for digital acceleration to support the healthcare landscape since the onset of the COVID-19 global pandemic, technology has played a critical role to improve the standards of patient healthcare and enable health workers.

Read more...