Partner Perspectives  Connecting marketers to our tech communities.
SPONSORED BY
1/16/2018
09:30 AM
Paul Martini
Paul Martini
Partner Perspectives
Connect Directly
Twitter
RSS
50%
50%

Top 3 Pitfalls of Securing the Decentralized Enterprise

Doubling down on outdated security practices while the number of users leveraging your enterprise network grows is a race to the bottom for businesses moving to distributed workflows.

The modern enterprise doesn’t live within four walls. It’s distributed, with companies leveraging digital communications to connect their brightest minds, and give teams the flexibility they need to successfully execute their most pressing tasks. But for all the benefits that decentralization promises, it also begins to blur the network perimeter, which forces security teams to think more critically and creatively about their defenses. When networks become distributed, there are numerous pitfalls that await them.

Pitfall 1: Devices and Users
The proliferation of mobile devices has put fully functional computers in the palms and pockets of virtually every modern worker. Whether part of a bring your own device initiative or delivered to employees directly by the company, employees use these essential work tools to access business-critical data, even when they aren’t plugged in at corporate headquarters.

The downside is that when employees connect to information systems and enterprise data from outside of the safety of the corporate network, it’s critical to keep tabs on where that traffic originates and if the device or user has permission to access enterprise data. Administrators need to be sure that they keep directories current to dictate permissions and proxy settings, while also doing all they can to monitor for traffic origins that could indicate illegitimate or malicious activity. By having an up-to-date registry of users, their devices and the associated permissions of that individual’s rank and role, teams will more easily be able to spot anomalous traffic patterns that indicate data theft.

Pitfall 2: More devices breed more applications – and threats
Part-in-parcel with the proliferation of mobile devices in the workplace is a boom in new applications and software – both for business and for pleasure – that employees are hungry to download. The problem here is twofold: For starters, non-essential applications can be a drain on bandwidth, so administrators need the ability to prioritize network capacity toward business-critical activity to avoid latency.

Further to that, just downloading any content onto the network from an outside source – whether a smartphone game or a word document – can open the floodgates to potential threats hiding in plain sight. Trojans – malware hidden within seemingly innocuous file types – can be unleashed on a corporate network via a personal email attachment, initiating a wealth of attacks – from DDoS to command and control callbacks – aimed at stealing data and disrupting network performance.

Pitfall 3: Bulky defenses only complicate security
Even security teams that are already meeting these challenges may not be taking the easiest or most effective route to securing decentralized networks. For instance, many teams will layer on security solutions by purchasing additional on-premises security appliances as bandwidth needs grow. While this approach will provide the additional security capacity needed to protect traffic, each piece of hardware will require dedicated security management, and put extra demands on IT to create costly and complicated backhaul networks.  

A better solution is for organizations need to simplify control and network pathways in order to give their business as much visibility into the activity taking place on their network as possible. Rather than installing hardware in a cumulative fashion, adopting additional consoles and vantage points into the network for teams to monitor, organizations need to strive to have all network activity presented from a single pane of glass.  

The decentralized organization isn’t a passing fad, but as costs pile up, a business that doesn't evolve its security strategy to enable it might be. Doubling down on outdated security practices while the number of users leveraging enterprise networks grows is an easy race to the bottom for organizations moving to distributed workflows.

Paul Martini is the CEO, co-founder and chief architect of iboss, where he pioneered the award-winning iboss Distributed Gateway Platform, a web gateway as a service. Paul has been recognized for his leadership and innovation, receiving the Ernst & Young Entrepreneur of The ... View Full Bio
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Veterans Find New Roles in Enterprise Cybersecurity
Kelly Sheridan, Staff Editor, Dark Reading,  11/12/2018
Understanding Evil Twin AP Attacks and How to Prevent Them
Ryan Orsi, Director of Product Management for Wi-Fi at WatchGuard Technologies,  11/14/2018
7 Free (or Cheap) Ways to Increase Your Cybersecurity Knowledge
Curtis Franklin Jr., Senior Editor at Dark Reading,  11/15/2018
Register for Dark Reading Newsletters
Partner Perspectives
What's This?
iboss has created the first and only web gateway as a service specifically designed to solve the challenge of securing distributed organizations. Built for the cloud, the iboss Distributed Gateway Platform leverages an elastic, cloud-based node architecture that provides advanced security for todays decentralized organizations with more financial predictability. Backed by more than 110 patents and patents pending, and protecting over 4,000 organizations worldwide, iboss is one of the fastest growing cybersecurity companies in the world. To learn more, visit www.iboss.com.
Featured Writers
White Papers
Video
Cartoon
Current Issue
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-19349
PUBLISHED: 2018-11-17
In SeaCMS v6.64, there is SQL injection via the admin_makehtml.php topic parameter because of mishandling in include/mkhtml.func.php.
CVE-2018-19350
PUBLISHED: 2018-11-17
In SeaCMS v6.6.4, there is stored XSS via the member.php?action=chgpwdsubmit email parameter during a password change, as demonstrated by a data: URL in an OBJECT element.
CVE-2018-19341
PUBLISHED: 2018-11-17
The u3d plugin 9.3.0.10809 (aka plugins\U3DBrowser.fpi) in FoxitReader.exe in Foxit Reader 9.3.0.10826 allows remote attackers to cause a denial of service (out-of-bounds read) or obtain sensitive information via a U3D sample because of a "Read Access Violation near NULL starting at FoxitReader...
CVE-2018-19342
PUBLISHED: 2018-11-17
The u3d plugin 9.3.0.10809 (aka plugins\U3DBrowser.fpi) in FoxitReader.exe in Foxit Reader 9.3.0.10826 allows remote attackers to cause a denial of service (out-of-bounds read) or obtain sensitive information via a U3D sample because of a "Read Access Violation starting at U3DBrowser+0x00000000...
CVE-2018-19343
PUBLISHED: 2018-11-17
The u3d plugin 9.3.0.10809 (aka plugins\U3DBrowser.fpi) in FoxitReader.exe in Foxit Reader 9.3.0.10826 allows remote attackers to cause a denial of service (out-of-bounds read), obtain sensitive information, or possibly have unspecified other impact via a U3D sample because of a "Data from Faul...