If perimeter security was ever truly “enough,” it sure isn’t today. We’ve seen instance after instance of hackers infiltrating corporate, government and other servers and databases, wreaking havoc on organizations and their users. In many of these cases, IT departments assumed everything inside the perimeter was safe, and that all they had to do was secure the perimeter against outside security threats. Unfortunately, as MPSs know all too well, security is far from that simple these days.
For one thing, just where is the network perimeter? Most companies today enable some kind of remote access to corporate systems -- by users on a variety of mobile devices over what are often untrusted wireless networks. If you think about it, identity is the new perimeter. IT must set up granular, contextual policies that grant the right people access to the right information with the right security controls --without compromising the user experience.
MSPs must communicate with their clients that this is just not possible with the old model of security. Networks have to be treated with “zero trust,” with no one service or server considered more secure than the next. But these services, servers and other networking components cannot be walled off and locked up. Rather, employees need to access systems in order to do their jobs, and dev and IT pros must be able to tap into different combinations of systems and databases to flexibly and efficiently respond to changing customer demands.
And therein lies the rub: While the security threat against corporate infrastructure is growing, so, too, is the need to access and manipulate that infrastructure by more and more people in the organization. The model of securing the perimeter and “locking down” systems is more than outdated; it’s downright dangerous.
Perimeter Security Requires (Digital) Transformation
The term “digital transformation” gets thrown around a lot, but it’s exactly what has to happen in order for organizations to develop the kind of security posture necessary to not just survive, but thrive. MSPs must work with their clients to implement a simple way to manage identity and access to all application types, whether they are on-premises or in the cloud.
Some solution providers are attempting to accomplish this with software-defined networking, but the problem there is that hardware is the driving force. With network virtualization technology, in contrast, network resources are decoupled from underlying hardware. Virtualization principles are applied to physical network infrastructure, creating a flexible pool of transport capacity that can be allocated, utilized and repurposed on demand.
How does that apply to security? With VMware NSX, for example, security functions are decoupled from physical infrastructure and embedded into the hypervisor. In this way, granular, intelligent security policies travel with virtual workloads, independent of physical systems. This “micro-segmentation” limits the connections a workload has to other workloads, promoting a zero-trust architectural model and limiting the ways in which hackers can infiltrate systems.
Indeed, with NSX, each VM essentially becomes its own intelligent, flexible perimeter, enabling strong protection that can be safely and effectively evolved as situations and needs change.
No matter which pathway MSPs take with their clients, it should lead from old-school perimeter-based security and toward a model that enables companies to achieve digital transformation.
This guest blog is part of a Channel Futures sponsorship.