Editor's Pick (1 - 4 of 8)
Black Cloud, The Internet is Going Dark
By Tony Fergusson, IT Infrastructure Architect, Man Energy Solutions
I believe the corporate network will transform into internet cafes where users are only granted internet access and application access to cloud application is using SDP. This incredible network transformation we are experiencing is talked about in this new book Secure Cloud Transformation by Richard Stiennon, where there are some great examples of companies already on this transformational journey. We have been building our networks for years with the moat and castle concept, firewalls protecting the internal network but this design is outdated and we need to design our networks inside out. This means we should not build large enterprise networks allowing east west traffic flows between what we believe are trusted devices. Clients should only communicate securely to applications on public and private clouds viaa north-south internet SDP Fabric. This architecture will reduce the attack surface and prevent worm propagating malware outbreaks like Wannacry and NotPetya. The cloud security company Zscaler has gone even one-step further with this concept of application access, application policy access is based on name space (DNS) not network addressing. This completely changes the way we create and manage policy, this ensures policy is application centric not network centric, you can even define per application authentication timeout which improves user experience and protects high value assets. Most importantly, they introduce multiple layers of mutual TLS encryption and trust that ensures no one can intercept and snoop on the data. By creating,a dynamic secure segment for each user to only specific applications enables a true zero trust model. This concept of creating your own BlackCloud (Darknet), where you can control and monitor application access will enable enterprises to create their own secure network fabric, regardless of the user´s or the application’s location. You Can’t Attack What You Can’t See In this day and age, enterprises must reduce the attack surface. We cannot continue to worry about the next SSL/ TLS vulnerability, and we need to make sure no parts of our ecosystems whether on premise or in the cloud are exposed, let alone seen to be vulnerable. This is especially important in a world in where malware propagating is taking down enterprises and hackers are keen to profit using ransomware, crypto-mining, supply-chain exploits, IoT botnets, and a range of other new and creative attacks they have been cooking up.