Before cloud computing, Software-as-a-Service, smart phones, tablets, and wearable devices, there was the data center. It defined an organization’s perimeter. People came into the office and worked on computers and laptops within the realm of the defined network, safe from IT security risks. When they worked remotely, they connected to their networks using VPNs. IT established a secure perimeter around you and your organization’s sensitive information, protecting you from the rest of the Internet using firewalls, security appliances, VPNs and more.
Now, your organization’s sensitive information is everywhere. If you looked, you would find it on mobile devices, in the cloud and, of course, behind your firewall. So where is your secure perimeter?
Some applications are hosted on-premises, yet are accessible from outside the network using VPNs. Software-as-a-Service (SaaS) business apps are in the cloud, and your organization’s sensitive information now resides in multiple cloud data centers, accessible by employees both on and off the corporate network. Many organizations are migrating some or all of their servers, databases and storage into Infrastructure-as-a-Service (IaaS), while newer ventures that are “born in the cloud” host no in-house infrastructure.
In today’s mixed on-premises and cloud IT environment, securing one network perimeter is not enough and one must take a Zero Trust security approach. The Zero Trust Security model moves access control mechanisms from the network perimeter to the actual users, devices and systems.
This paper examines six common risks of this “perimeterless” world, and proposes six opportunities to strengthen security using Next-Gen Access.