Floyd DCosta is Co-founder of Block Armour, a Mumbai- and Singapore-based startup focused on harnessing the potential of blockchain technology to counter growing cybersecurity challenges in a bold new way. Its flagship IoT Armour solution is designed explicitly to provide military-grade security for connected devices and critical infrastructure in the Internet of Things (IoT).
The outbreak of the novel coronavirus, from December 2019, has rapidly gone global with cases being reported from almost every country in the world. The WHO has since officially designated COVID-19 and governments have launched unprecedented responses, with many nations ordering lockdowns to control the transmission of the virus. With employees forced to work from home, the pandemic has put most businesses in an exceptionally challenging situation and largely uncharted waters, InfoSec-wise.
To quickly facilitate remote access to IT systems, many IT departments are using VPNs. While this speedily allowed for business continuity, the large numbers of remote workers and increasing workloads has resulted in unanticipated stress on the enterprise VPN, causing chokepoints, adding latency and heightening cybersecurity risks.
Enterprise VPN technology has been unquestioningly relied upon to provide employees, clients and third parties with secure remote access to internal IT systems. However, modern technologies, including the rapid migration of applications to the cloud, have resulted in largely hybrid and distributed IT environments. And, what was once an effective remote access tool, has become increasingly insufficient to address the needs of today’s modern digital enterprise.
The vanishing enterprise perimeter and the risks it has brought
In the past, there was a well-defined enterprise IT perimeter. All users, devices and systems sat within this high-walled network. With contractors, suppliers and clients now requiring anytime, anywhere, instant access to applications, the migrations of infrastructure and systems to the cloud and themes like BYOD and IoT becoming the norm, the previously closed IT environment has quickly transformed into a hybrid, highly networked and widely distributed ecosystem.
This growing ‘mobility’ of users and swelling enterprise perimeter has resulted in greater exposure to cyberattacks. The COVID-19 crisis and the ensuing lockdowns have exponentially compounded that. It has put an exceptional strain on InfoSec teams that struggle to secure this new digital ecosystem with yesterday’s tools which simply lack the ability to enforce the granular access control and network privileges.
A smarter way forward
With the enterprise IT no longer centred around its own offices and internal data centres, and digital transformation becoming a norm, security teams would need to look at new approaches and technologies to secure the modern digital enterprise ecosystem.
One emerging approach that is swiftly becoming the preferred option among progressive InfoSec teams is Zero Trust. Rooted in the principle of “never trust, always verify,” Zero Trust is designed to protect distributed digital environments by leveraging network segmentation, preventing lateral movement, providing a Layer 7 threat prevention, and simplifying granular user-access control.
It provides for comprehensive secure access to applications and environments, independent of user, device, and location. When combined with sophisticated architectures like Software-Defined Perimeter (SDP) and emerging technologies like Blockchain, Zero Trust is able to address many of the shortcomings of the traditional castle-and-moat approach with its legacy VPNs.
Having evolved from the work done at the Defense Information Systems Agency (DISA), SDP renders application infrastructure effectively ‘invisible’. The SDP toolkit includes a controller with a policy engine which authenticates and authorizes all endpoints trying to access a particular infrastructure before fine-grained access to that application infrastructure is granted.
Blockchain technology is an immutable time-stamped series of records that is cryptographically secure, distributed and managed by a cluster of nodes. The three pillars of Blockchain technology – Decentralization, Transparency and Immutability – deliver a scalable, resilient and robust backend system along with a new breed of tools for digital identity, authentication and authorization of users as well as connected devices in today’s digital world.
A Zero Trust system, when stitched together using SDP architecture and Blockchain technology, is able to deliver fine-grained micro-segmented network access to business applications, irrespective of whether they are hosted on-premises or across one or multiple Clouds.
So where does enterprise cybersecurity head from here?
Many organizations may still rely on a VPN to provide remote users and external third parties access to IT systems. However, in the new reality of the novel coronavirus pandemic and workforces being mandated to work from home, the traditional security approaches will fall short. Crises, like Covid-19, will only act as a catalyst for change. The generally dissipating enterprise perimeter along with the modern workforce preferences will anyways necessitate IT teams to leverage approaches like Zero Trust along with emerging technologies to secure the ever-expanding, hybrid and distributed IT environments.