You’ve been de-perimeterized.
In today’s business world, where the average employee works from home at least two days a month, and where mobile workers are expected to make up nearly three-quarters (72.3%) of the workforce by 2020, organizations need to face up to that stark fact. They no longer have a reliable perimeter–and that means perimeter-based security strategies alone no longer provide adequate protection from data loss.
Non-Traditional Work Requires Non-Traditional Security
On a daily basis, today’s workers access critical business applications from a variety of locations and devices–from home PCs via cloud-based apps, or mobile phones via cellular networks or even laptops and tablets via public Wi-Fi hotspots. As fewer employees get work done solely in a traditional office, they continue to push the boundaries of their workplace. So much so that traditional security tools like perimeter firewalls can no longer be relied on to block all attacks.
To cyber attackers, a network protected only by a traditional perimeter firewall is an opportunity to have a field day, starting with the compromise of a single mobile user’s credentials. Next, comes the use of the stolen credentials to access one internal network server, which opens the door for the attacker to move laterally at will across the environment.
Along the way, the attacker discovers the location of more critical data and exfiltrates it slowly over time. And the corporate security team is none the wiser.
Network Segmentation for Granular Trust
To thwart such scenarios, a growing number of forward-leaning organizations are choosing to take a defense-in-depth approach that layers security throughout the internal network via network segmentation. Rather than focusing on keeping attackers out, they focus on preventing damage once attackers breach the perimeter.
In segmented networks, the internal network is no longer one big trust zone. Instead, the network is divided into several trust zones protecting different critical assets.
For example, users credentialed for the finance zone can’t access the HR zone and vice versa—denying hackers that compromise one user’s credentials the keys to the corporate kingdom.
ISFWs Emerge
Such a strategy requires not only a new mindset; but also new technology. Internal Segmentation Firewalls (ISFWs) are a new class of firewall that are just now emerging to provide this additional layer of protection.
Our partner, Fortinet, offers an ISFW solution that can be placed in front of critical assets within the internal network to provide inside-out protection against threats. With its 360-degree visibility across network zones, unparalleled processing speeds, one-click management and graphical threat displays, Fortinet’s ISFW offers more comprehensive protection and performance than conventional firewalls. In fact, CRN recently named the Fortinet ISFW one of the coolest cyber-security technologies of the year.