As we approach the end of the year, at iSheriff we are thinking a lot about the outlook for 2015 and the longer-term future of cloud security.
The cloud has been widely hailed as the most disruptive force in modern business. Indeed, the world is in the midst of fundamentally profound transformations, enabled by the cloud, in the ways in which we access and interact with data and applications. Unfortunately, the security industry has not kept pace with these transformational trends, necessitating an equally profound change in the way we secure modern businesses against cyber-attack.
Over the next several weeks I will be sharing my predictions for five dramatic changes that are coming in enterprise security.
I invite you to join in the conversation!
Prediction #1: The Internet Becomes THE Corporate Network Perimeter
As recently as two to three years ago, the Chief Information Security Officer (CISO) was focused on defending the network against attack, and attempted to achieve this through an investment in a wide array of disparate on-premise technologies. This was all very well when users, corporate applications and data were behind the corporate firewall. However, those days are long gone.
Today, CISO’s are concerned about users connecting from their personal mobile devices, accessing corporate data stored in public cloud applications, over public networks. The CISO controls pretty much nothing in this scenario – not the endpoint device, nor the network, nor the application and likely not the data itself. The potential attack surface has expanded from being the corporate network perimeter, which in itself was challenging enough to protect, to encompassing a completely unbounded environment of personal devices, public network infrastructure and cloud applications and service providers. Billions of dollars that were originally invested in perimeter security now offer little to no value in this scenario.
The entire concept of the corporate perimeter is changing. We used to think of the perimeter as simply being the actual physical or logical perimeter of the corporate network. A few years ago it became more common to think of the endpoint device as part of this perimeter. Today, smart CISO’s recognize that the internet itself is truly the perimeter of their network. So the internet is where we must look for the solution to this rapidly evolving security problem. At iSheriff we solve this problem by delivering a comprehensive layer of protection through the cloud itself – enabling users to be protected wherever, and however, they are connecting to web services and applications. This is a profound shift for three key reasons:
- First, a cloud security layer eliminates the need for large enterprises to backhaul traffic, which is not only an expensive proposition, but creates a poor end user experience that is hard to enforce.
- Second, delivering security at the cloud layer enables the consistent enforcement of security policies based on the context of the user’s endpoint device, the network or location from which they are connecting, and the ultimate application with which they are interacting. This approach hands control of corporate data and applications back to the CISO – a critical step in ensuring a strong security posture.
- Third, delivering security through the cloud provides an unparalleled position of visibility from which to identify and block threats in real time.
Traditional on-premise security solutions have limited visibility beyond their own environment. However, the iSheriff cloud-based service can identify anomalies and attacks in real-time, correlating events across tens of thousands of customers and millions of end users to rapidly detect new threats as they propagate, and respond to shut them down before they can exact any damage.
There is a useful analogy here from the days of the cold war. One approach to preventing nuclear attack is to have a battery of missiles stationed at your borders, scanning the skies for incoming ICBMs and then attempting to shoot them down at the very last minute. A superior approach, which was at the heart of President Reagan’s “Star Wars” initiative, would be to station a network of satellites in space, continually watching the globe, armed with the capability to destroy the enemy’s attacks within seconds of launch. The former approach was re-active, with a low probability of success. The latter approach, based on a technology vision that was ultimately ahead of its time, was the ultimate in defensive posture. When it comes to cyber-attacks, at iSheriff we have the technology today to deliver on a comparable vision: a cloud-based network of threat sensors that correlates events around the globe in real-time, with the ability to block attacks as they occur, keeping corporate assets and data secure.
To learn more about iSheriff’s cloud services, please visit: https://www.isheriff.com/products/index.html. Also, don’t forget to check back next week for my 2nd prediction for the future of cloud security. I look forward to you joining the conversation!