The opinions of contributing entrepreneurs are their own.
Key Takeaways
- The old “perimeter defense” model of cybersecurity no longer works. With remote working, cloud platforms and AI, there is no longer a clearly defined boundary to monitor.
- Identity is now your company’s first line of defense. You must adopt a Zero Trust Network Access model, manage authentication, and issue company-owned devices to keep your digital environment secure.
- Rather than completely denying your employees access to tools that help them work smarter, weigh the risks of each tool and put the right safeguards in place.
Cybersecurity used to be simple: you just shut down the network, guard the perimeter and call it a day. But that was a different world; one in which your business consisted of cubicles, Ethernet cables, and neatly separated data centers.
Today, you’ll find that the traditional idea of cybersecurity – which is hyper-focused on ‘perimeters’ – has collapsed under the weight of cloud platforms, remote workers and artificial intelligence. It has become difficult to even define a new perimeter, let alone develop strategies to protect it. In fact, the perimeter as we knew it is probably gone forever.
In an age where your corporate networks are unowned, employees work from anywhere, and applications live who-knows-where, the old security manual is useless. Yet the foundations of cybersecurity have not disappeared; they just evolved.
Related: Your company’s security strategy has a glaring hole. Here’s what causes it and how to fix it.
How did we get here?
To understand how today’s cybersecurity commotion came about, it helps to rewind to a time when things were – literally – more grounded.
Three aspects play a role in any form of security: the network, the user and the application. In what feels like a distant past – when employees came to a physical office building and were tethered to RJ45 connectors and Ethernet – security was naturally baked into the network.
With tools like firewalls and intrusion detection systems, it was simple and ritualistic to draw a perimeter around the workspace and lock down everything inside. But now that remote work, cloud applications and AI have become the norm, we’ve stretched the perimeter so far that it’s time to face a simple fact: our old “defend the perimeter” strategy must evolve.
What do we do now?
With the network largely out of our control, security today is supported by the remaining two pillars: the user and the application. The key to creating new strategies is simple: pick one and be willing to master its intricacies. True security lies in deeply understanding the terrain you are defending, but they are not built the same.
With the rapid adoption of “Software as a Service” (SaaS), managing applications has become a difficult task. Previously, applications were protected because organizations built and hosted the data in their own centers. Now, third-party providers host applications (like Google Drive, Slack, Dropbox, ChatGPT, and more) over the Internet, making them more easily accessible to employees with minimal IT oversight.
Only with SaaS growing in popularityNavigating the entire application security environment can be like following a spinning compass. While there are certainly techniques and platforms designed to help companies tackle pitfalls like shadow IT and shadow AI, wouldn’t it be easier to start with what you can control? For easy security success, shift your focus from the application itself to the person who has access to it: the user.
Related: The pivot to remote control and what it means for security
How do you deal with identity?
Use a “Zero Trust Network Access” (ZTNA) model. While popular in the past, it is critical today to reject the idea that everything within a network is automatically secure. This means redefining the way security professionals think about trust in a borderless world. If the network is free, everything within it is a potential threat vector. Now trust can only be built at the individual level by examining each user, their identity, the devices they use and the access they are granted.
Implement a mechanism that authenticates: With no longer a clearly defined perimeter to guard, identity is now your business’s first line of defense. It is imperative to ensure that users are who they say they are, and sometimes just asking for a password isn’t enough. Current authentication methods are smarter and stronger, such as multi-factor authentication, biometrics, security tokens and role-based access control.
Manage users via devices: It may seem convenient to let employees bring their own devices, but it also opens the door to vulnerabilities. You have no control over what you can’t see, and allowing personal devices into the workspace is a surefire path to zero visibility. While it’s impossible to monitor the actions of every single employee, issuing company-owned devices puts the IT department back in control through visibility.
With insight into employee behavior, security teams can more effectively create acceptable use policies (AUP), block risky applications, identify dangerous behavior in real time, and understand what their security posture really is. Maintaining visibility over users is the new way to keep your digital environment airtight.
Balance security with productivity: The pressure to be productive, modern and agile is exacerbating the security crisis. While nightmares about violations may tempt leaders to clamp down with an iron fist, it can do more harm than good. Put up too many roadblocks, and people will find ways around them.
Instead of outright denying access to tools that help employees work smarter, ask them to advocate for it. If a new application or workflow improves efficiency and shows real ROI through solid, quantitative data, don’t be afraid to say yes after weighing the risks and putting the right safeguards in place. The trick is to know where to bend and where to stay firm.
Related: Employees Can Be an Insider Threat to Cybersecurity. Here’s how you can protect your organization.
You are still in control
Because controlling the network has become difficult in today’s decentralized, cloud-powered world, a strong cybersecurity strategy should instead focus on the user, even if they are not physically within the walls of your business. The network itself is no longer a reliable boundary, and in turn the ability to assume security based on location or device is outdated.
Instead, security must be built around your employees and their identities. While you can’t lock down the network, you can control what people can access. Focus on authentication, own the user and embrace a strategy that fits today’s borderless reality.
Key Takeaways
- The old “perimeter defense” model of cybersecurity no longer works. With remote working, cloud platforms and AI, there is no longer a clearly defined boundary to monitor.
- Identity is now your company’s first line of defense. You must adopt a Zero Trust Network Access model, manage authentication, and issue company-owned devices to keep your digital environment secure.
- Rather than completely denying your employees access to tools that help them work smarter, weigh the risks of each tool and put the right safeguards in place.
Cybersecurity used to be simple: you just shut down the network, guard the perimeter and call it a day. But that was a different world; one in which your business consisted of cubicles, Ethernet cables, and neatly separated data centers.
Today, you’ll find that the traditional idea of cybersecurity – which is hyper-focused on ‘perimeters’ – has collapsed under the weight of cloud platforms, remote workers and artificial intelligence. It has become difficult to even define a new perimeter, let alone develop strategies to protect it. In fact, the perimeter as we knew it is probably gone forever.
The rest of this article is locked.
Join Entrepreneur+ today for access.
#cybersecurity #change #company #today