The IT security perimeter is changing.
As an IT security assessment professional, my job is to look at companies’ data security zones and their network perimeter compliance. I am looking at the normal stuff: Firewalls, servers and hardening standards as required by PCI, HIPAA, ISO 27001, etc.
Without properly implemented and maintained security technologies in place, it’s impossible to protect your perimeter from compromise. But are you truly clear on what that perimeter is?
The fact is, the traditional IT security perimeter has been replaced by an ever-changing landscape of mobile devices.
IT mobility requires a whole new viewpoint.
Mobile devices have expanded the IT security perimeter, making it necessary to redefine how network security is scoped and reviewed. As an example, employees utilize smart phones and tablets that have access to company email; there are apps on these devices that allow access to a secure portal where sensitive company information is stored; and who knows what else the organization has set up for company use.
Then your employees connect these devices to additional devices such as wearables, fitness bands, cars and home appliances, with more devices appearing daily. Keep in mind that these are typically connected to the same smart phones and tablets used for work.
What I’m referring to here, of course, is the Internet of Things (IoT). If you’re a person responsible for security or networks and IoT hasn’t got you worried yet, then you don’t have a pulse.
Be prepared for a worst-case scenario.
Most organizations don’t yet have the controls in place to face this new horizon, but the following 3-step process can at least put you ahead of the game:
- Start by asking the question, “If someone got hold of a company- or employee-owned mobile device, what impact would it have on our organization?”
- Use the answers from number one above to review your mobility program and find the risks by testing the devices, users, apps and infrastructure to establish a baseline.
- From there, constantly review and update your risk posture to include new devices and threats.
Learn more about the current state of security threat management and best practices for protecting the perimeter. Check out the ControlScan webinar, “Managing Security Threats as Mobile, Cloud Supplant Traditional Infrastructure.”