2018 Goal: Re-position Cybersecurity As An Enabler

As long as cybersecurity is viewed as a pain, it’ll never be integrated into the fabric of an organization. Fortunately, there have been significant advances in cloud-based security services that enable new ways to embed cybersecurity into enterprise services people want.

Ever wonder why dentists re-positioned themselves as teeth whitening experts? Answer: no one likes cavities and, by association, the people who fix them. Similarly, as long as cybersecurity is viewed as a pain, it will never gain widespread organizational support. Fortunately, there have been significant advances in cloud-based data encryption, endpoint trust analysis and access control that enable security controls to be integrated into the application workflow.  Here are a few enterprise service ideas that will make you a hero in 2018:

Faster Internet @ The Office

Everyone wants faster Internet at the office. However, many enterprises backhaul Internet traffic to their data center to scan for malware as well as enforce usage limits. The backhaul approach is both inefficient from a network perspective as well as problematic since enterprise and Internet traffic are mixed together allowing for lateral moving cyberattacks.

As opposed to backhauling traffic, consider a new generation of cloud-based trust assessment and machine learning endpoint protection solutions – these have proven to be as or more effective than appliance-based solutions. Next, implement a software defined perimeter to create secure enclaves within your data center to protect enterprise apps from malware and inside attacks as a second line of defense. And if you still want to monitor usage, there are a number of cloud-based security brokers. The key thing is providing users the best Internet surfing experience while keeping risky traffic out of your data center.

Personal Phones For Corporate Apps

Everyone wants to utilize their phone to access corporate apps. Unfortunately, personal phones are basically impossible to protect from malware, which is why many enterprises have taken a hardline stance against them. The current approach of providing a free company phone, while simple, is viewed as cumbersome. Additionally the company phone approach doesn’t work for supply chain partners who need access to corporate apps.

Deploying enterprise apps in a secure enclave in a public cloud is a simple way to enable personal phone usage as the compute environment is physically and logically separated from other applications.  In the past, public clouds were considered not to have the reliability or security to handle enterprise apps, but that is no longer the case. Features such as integrated load balancing and transparent data encryption offer protection equivalent to legacy data centers. For the new apps that cannot be easily ported to the cloud, utilizing a cloud-hosted application layer connection from the mobile device to the data center is another solution to allowing personal devices.

Work Anywhere Telecommuting

People want to work from home without appearing so to their co-workers or customers.   The key to making telecommuting seamless is allowing the same level of access to applications and data both inside and outside the "perimeter". However, most enterprises have strict guidelines on the movement of sensitive data outside their walls, which has made true telecommuting a dream.

Public clouds now are able to support self-contained secure enclaves where a hosted virtual desktop is used to access a protected application via a role-based access control solution. Multi-factor authentication on the personal compute device ensures that it is in the possession of the authorized user. The combination of interlocked security controls ensures that only users with an authorized device can access the virtual desktop (from which data cannot be exported).

By packaging your cybersecurity projects as enabling faster Internet, easier mobile phone access, and flexible work environment you will get the political and financial backing of the entire organization. Even if none of these ideas are right for your organization, consider the value of packaging cybersecurity into enterprise services that users want. You’ll be more successful in advancing new security controls while making your organization safer.

Junaid Islam

CTO at Vidder
Junaid Islam has over 25 years of experience in network and security protocol design. In the early 90's Junaid developed the queing algorithms for Frame Relay at StrataCom which was used by the US military for multilevel precedence and preemption (MLPP). He later developed the first Frame-ATM integration protocol at Cisco which became the foundation for MPLS. After Cisco Junaid worked on a number of US Government research programs including surveillance system design and netcentric warfare.

Currently Junaid is leading the development of the Software Defined Perimeter (SDP) architecture at Vidder - which is developing Secure Enclave solutions for public cloud computing. Junaid is a well respected security expert and has been interviewed by publications such as the Wall Street Journal and Newsweek.

Leave a Reply