June 5, 2017 • Published by Kurt Osburn
Cloud Security • Network Security • Security Assessments
As an IT security assessment professional, my job is to look at companies’ data security zones and their network perimeter compliance. I am looking at the normal stuff: Firewalls, servers and hardening standards as required by PCI, HIPAA, ISO 27001, etc.
Without properly implemented and maintained security technologies in place, it’s impossible to protect your perimeter from compromise. But are you truly clear on what that perimeter is?
The fact is, the traditional IT security perimeter has been replaced by an ever-changing landscape of mobile devices.
Mobile devices have expanded the IT security perimeter, making it necessary to redefine how network security is scoped and reviewed. As an example, employees utilize smart phones and tablets that have access to company email; there are apps on these devices that allow access to a secure portal where sensitive company information is stored; and who knows what else the organization has set up for company use.
Then your employees connect these devices to additional devices such as wearables, fitness bands, cars and home appliances, with more devices appearing daily. Keep in mind that these are typically connected to the same smart phones and tablets used for work.
What I’m referring to here, of course, is the Internet of Things (IoT). If you’re a person responsible for security or networks and IoT hasn’t got you worried yet, then you don’t have a pulse.
Most organizations don’t yet have the controls in place to face this new horizon, but the following 3-step process can at least put you ahead of the game:
Learn more about the current state of security threat management and best practices for protecting the perimeter. Check out the ControlScan webinar, “Managing Security Threats as Mobile, Cloud Supplant Traditional Infrastructure.”