There was a time not so many years ago when a perimeter was just that. Today your perimeter could be anywhere in the world on a mobile device, on your business partner’s network, or on servers in the cloud. Protecting your perimeter today means not only protecting your network edge devices, but also a plethora of internet of things (IoT) and mobile devices.
However, protecting your network from the vast array of mobile devices can be challenging. In the end, it’s all about identity and access management. Can you, as the security professional in charge of network management, be absolutely certain that the mobile device that is trying to access your network is what it appears to be?
There are a variety of tools you can use to authenticate users. These include the obligatory user name and password that can be augmented by behavioral analytics such as when and where the user is logging in from, the applications they are accessing and in which order, and such; or perhaps mobile device management software that authenticates the device by the applications on it, hard-coded IDs and other authentication data.
Identity and access management software also can include user provisioning, compliance auditing, role management, directory services, federated identity, and more.
Don’t forget that in addition to authenticating human users who try to enter our network, you also need to authenticate service accounts from automated systems that periodically access the corporate side of your firewall. If you have service accounts with business partners such as could services providers (software, backup, managed security services and other as-a-service providers) banks, local utilities, professional services vendors or others, you need to ensure that the system trying to access your network has not been compromised.
Finally, remember that hackers have a variety of ways to steal your data. If your company is invested in smart devices such as lights, HVAC systems, security systems, or other infrastructure electronics, these devices generally have no way to update, enhance or often to even install any security. It might seem extreme but hackers have manipulated smart devices to enter corporate networks. Make sure your infrastructure network is completely separate from your corporate data network.
Protecting your perimeter is more challenging than ever. Make sure to take the time to audit all devices that are authorized to access your network, then monitor your network to ensure that only white-listed devices are allowed to connect automatically. Next, create policies and procedures for devices that are not on the white list. The best way to ensure that only authorized devices connect to the network is to know which devices are indeed authorized.