Rethinking perimeter security in the age of distributed, virtualized computing environments
This article was written to accompany the Designing Enterprise for Multi-Cloud course, on Cybrary.
Enterprise computing has come a long way from the localized packet-switched networks of old. Today’s environment consists of a complex array of autonomous systems all over the world working together to get data where it needs to be. But as technology evolves, so too does the threat landscape. Conventional network perimeters have dissolved into distributed, virtualized computing environments, introducing a myriad of new challenges for cybersecurity leaders.
With cloud traffic set to represent 95% of all data center traffic by 2021, today’s data economy has rendered the traditional approach to network security useless in all but a handful of niche environments. As such, the idea of a perimeter in the conventional sense is simply dangerous from an information security perspective. It’s time for a radical rethink, hence why CISOs must be able to explain what the perimeter now means, and what today’s multi-cloud enterprise IT environments should look like.
The problem with perimeter security
In the early days of enterprise computing, the primary security control was to disallow external access. By establishing a perimeter, which typically didn’t extend beyond the internal network, security leaders could rely on measures like network firewalls. Often, the only external access points that needed protecting were web and email. Apps and data were stored locally, making it relatively easy to physically isolate them from the internet.
There are two serious problems with this approach in the modern era:
Firstly, in the age of cloud computing, remote work, and online business, there needs to be a way out, and not just for web and email. For example, partners might need access to things like invoices and purchase orders, while remote workers might access virtual desktops from home. Thus, the number of gaps in the perimeter required for critical business operations to function increases rapidly. Add mobile devices and new and emerging technologies like the internet of things into the mix, and the number of gaps increases exponentially. Eventually, there ends up being a multitude of gateways, every one of them presenting a single point of failure. It becomes a practical impossibility to keep everything secure, especially in the typical enterprise environment, where there might be tens of thousands of assets and end users.
Secondly, traditional perimeter security doesn’t consider the risk of insider threat. Yet insider threat is a fast-growing concern, with more than two thirds of organizations say such attacks are becoming more frequent. The perimeter approach focuses on regulating or disallowing external access, despite the fact that most cyberattacks involve negligence or maliciousness on the inside. For example, an advanced persistent threat (APT) might begin at the company’s email gateway, when a malicious email gets through the filters. Next, someone in marketing clicks on a phish in that email, which gives the attacker access to the finance department. Then, over time so as to reduce the risk of getting caught, the attacker exfiltrates sensitive financial data through the web gateway to an unknown and uncategorized website.
Taking these examples into account, a far more accurate way to view the perimeter is as one that’s full of holes and allows attackers to forge a path through the organization’s IT assets by lateral traversal. The best way CISOs can explain this to board members is by using the right illustrations and analogies, rather than unnecessarily complex diagrams and technical jargon.
The shift to zero-trust security and localized boundary protections
The challenges of defining enterprise perimeters was first discussed in the Jericho Forum in 2003. The international group of security experts focused on promoting de-perimeterisation and instead building zero-trust networks where individual entities self-protect.
Zero trust is opposite to firewall-based perimeter protection. In fact, it doesn’t consider there to be any enterprise-wide perimeter at all. Instead, the model asserts that each device and end user should only ever have access to the systems and information required to perform their assigned tasks. As such, protection is segmented based on nodes, where controls and policies are enforced by separate command and control centers.
Here’s how the zero-trust approach compares to perimeter security:
- Communication: With perimeter-based protection, entities (i.e. workloads) can share information freely and bidirectionally. With zero trust, protection is enforced by design and default, which means entities can only share information if necessary.
- Authentication: There is no mutual authentication between entities within a perimeter. With zero trust, however, entities must always authenticate before they can get access. This typically involves multifactor authentication (MFA) for more sensitive systems.
- Boundaries: Multiple workloads share the same boundaries in perimeter security. A zero-trust model localizes protection with micro segmentation. Each individual entity has its own independent security controls and policies.
- Traversal: Once a threat has broken through conventional perimeter defenses, it can travel freely between entities, potentially bringing the entire network down with it. But with zero-trust security, a successful attack can only compromise one entity at a time.
The components of zero-trust network access work together to enforce the core principle of the model: never trust, always verify. The system starts with a single, strong source of identity before authenticating users, applications, and devices, while connectivity is secured, typically by encryption. For additional context, the model might also cover compliance and regulatory policy. Other components may include service availability monitoring, DDoS attack protection, and individual access controls embedded in applications themselves.
Organizations typically migrate their workloads to the cloud for the sake of cost efficiency and accessibility, particularly in times when remote work is booming. But moving to the cloud also presents important opportunities for reducing risk. For security leaders, the main focus should be on reducing the size of the existing perimeter by moving workloads to individually protected virtualized entities, either in a public or private cloud or virtual data center, depending on the nature of the workload. By isolating servers from perimeters, workloads can be safely confined as individual nodes. Security controls and policies are enforced by a command and control center, which should also have redundancies to avoid having a single point of failure.
Cybrary helps security leaders close skills gaps and empower their teams to better tackle the challenges of today, and tomorrow. Request your demo of Cybrary for Teams today.