10 tips for hybrid network-enabled security

Modern business increasingly relies on network-supported technologies, such as cloud computing, mobility and the Internet-of-things (IoT). The flexibility and agility they offer are essential for ensuring competitiveness in an increasingly global marketplace. But hand in hand with these benefits comes an increased risk of data compromise. In fact, enterprises are gradually realizing that it’s not “if” their data is compromised, more “when” it will be.

The Information Security Forum in its review of security themes through to 2018, warns that the widespread use of technology solutions has dramatically expanded the threats that enterprises face. In addition, it says that “established methods of information risk management will be eroded or compromised by internal or external non-malicious actors.”

Increasingly professional

Cybercriminals have become increasingly professional and are mounting frequent and damaging attacks against enterprises and other organizations. And just like enterprises, cybercriminals are able to benefit from new technologies to mount bigger and more varied attacks. The impact of a distributed denial-of-service (DDoS) attack on an enterprise, for example, is estimated at around $40,000 per hour.

Today, cybercriminals use “multi-vector” attacks, which target various areas of the enterprise in parallel to find the weakest link. These include end-users, mobile devices, networks, applications and data centers. DDos attacks, for example, are often used as a cover for more covert attacks against other parts of the infrastructure.

The key to protecting yourself against these multiple threats is to take a holistic approach to security and have a strategy in place to mitigate the impact of breaches as quickly as possible.

Here are 10 tips to help you build multi-layered security that protects your data and infrastructure, while keeping you competitive in the digital world.

  1. Break boundaries with network-based security: traditional approaches to security rely on many different solutions installed at the boundary between a “trusted” private business and the “untrusted” public Internet. Overwhelmed enterprise IT security professionals are demanding a network-based solution that is specifically engineered for the cloud, mobile, IoT and open API era where there is no fixed network perimeter.
  2. Take a strategic approach: Security experts from a CyberSOC can help you prioritize which data is most important to your business and outline ways to reduce attack risks. Understand cybercriminals’ objectives, be those monetary, ideological or competitive – rather than focusing on system vulnerabilities alone.
  3. Gain insight with a security information and event management (SIEM) platform: it correlates security alerts and turns them into actionable intelligence. SIEM can help identify malware and abnormal application access requests to detect intruders in your network. Big data analytics powers real-time threat visualization, dynamic incident response and post-event forensics.
  4. Dynamically match infrastructure to business requirements: choose the most appropriate network based on the business criticality of the data travelling on it, such as private WAN, or secured public Internet connectivity with a private, shared or public gateway.
  5. Deliver security from the cloud: it is vital to have consistent security protection across your entire IT infrastructure – including mobile devices. Use security protection in the cloud to block suspicious data before it even reaches the end-user.
  6. Authenticate users for all enterprise resources: federated identity and access management (IAM) scheme gives approved employees and partners access to cloud and on-premise applications from any device using a single login. Multi-factor authentication protects VPN access over unsecured Internet connections.
  7. Protect data in public environments: Sensitive data, such as customer records in Salesforce, should be encrypted and tokenized before being processed or moved between public and private clouds.
  8. Look beyond standard IT infrastructure: operating technologies in the manufacturing, oil, gas, water and electricity sectors are now online and data increasingly processed in the cloud. Industrial control systems and SCADA systems need protection too.
  9. Protect the Internet of Things (IoT): the devices that make up the internet of things are a potential weak link in your security chain. The dangers posed by insecure protocols and unpatched firmware accelerate dramatically when you consider the number of devices that are out there.
  10. Investigate virtualization for a more dynamic network: in the future, you will be able to provision different types of virtual security appliances in response to real-time threats using a NFV control plane. While the SDN controller will be able to steer, intercept or mirror the desired traffic for security inspection, creating a security service chain.

Find out more about the hybrid network: our first insight guide which looks at how enterprises can balance their cost, security and cloud application performance goals is available here.

Look out for our second insight guide, which is a deep dive into the actions you can take. It will be available over the coming weeks.

Anthony Plewes

After a Masters in Computer Science, I decided that I preferred writing about IT rather than programming. My 20-year writing career has taken me to Hong Kong and London where I've edited and written for IT, business and electronics publications. In 2002 I co-founded Futurity Media with Stewart Baines where I continue to write about a range of topics such as unified communications, cloud computing and enterprise applications.