IT security changes fast, evolves, fluctuates and seldom remains a static practice for long. The threats are constantly changing and security professionals need to adapt to them. But users change as well, their habits and preferences don’t stay the same either. And now the cloud is upon us. This is a change that should shake the security world at its very foundation, but among the organizations I meet in my work, belief is strong that things really aren’t that different.
Perimeter defense has been at the very heart of every IT security strategy for many, many years. But perhaps this is about to change. I was at a conference recently where analysts from IDC took the stage and said just this – perimeter defense no longer has a role to play in modern IT security.
This statement is sure to be taken as pure provocation by quite a few people, but to me it was inspiring and got me thinking about just how true this actually is given today’s computing landscape.
Today, everybody seems to be moving towards different types of cloud architectures, be they public or private, hybrids or fully-hosted; their movement is swift and there are not many signs of this trend slowing down. This revolution does not rhyme very well with the views of many of the organizations I encounter. They feel that they have a rational, almost skeptical approach to the cloud – that they use the cloud sparingly, and that use within their organizations is isolated. In short, they have it all under control.
But, more often than not, this is simply wrong. They miss the large number of employees not sitting around waiting for consent from IT administrators to start reaping the benefits of the many different cloud services. These are the users who simply pull out their credit card to pay for a service that they feel makes their day-to- day work a lot simpler.
Come on, you might think, that’s the odd case, the fringe occurrences that just happen to play along very nicely with the theme of this blog post. Surely, it can’t be that common?
But oh yes it is – at Infoblox, we see this all the time through analysis of DNS traffic.
And it’s really not that odd. If you think about it, this is a very natural form of evolution. Just as nature will find a way around obstacles, users find ways around these kinds of arbitrary shackles put on them by traditional IT.
Clamping down on these users’ efforts to simplify work processes is not the way to go. You might think it is, you might even believe that you’re doing the right thing. But, in reality, this strategy will always be difficult to justify to casual users and something that will infuriate those with more knowledge and IT experience. And it stifles creativity. But it is true that cloud usage – sanctioned and carefully planned for as well as the unsanctioned and spontaneous – does present us with a new set of challenges.
You can dig down in the trenches and choose to keep your faith in that old perimeter-based approach, or you can choose to adapt and learn about the facts.
We must find a manageable way to simplify the user’s experience and accommodate their needs without having the increased risks often associated with doing just that.
It’s here that the traditional perimeter defenses show their weakness, as they don’t offer much in the way of risk reduction. To manage risk we need to manage user privileges – who gets to access what data, and what data gets viewed, stored and moved. In the traditional network, with its perimeter defense, proxies and DLP solutions, it’s naturally difficult to keep track of the traffic that does not go through the network itself.
But what’s easily forgotten, and too often overlooked, is that no matter who, what, where and why – traffic is routed through DNS.
The cloud is the perfect enabler for many businesses looking to take innovation to the next step and DNS should be the natural focal point for everybody looking to tackle the risks associated with cloud services.
At Infoblox, we’ve identified this opportunity to set up DNS as a core strategic component to make better – and safer – use of the cloud. For instance, stored DNS records are an excellent way to gather data for future analysis on usage of these services. We’re committed to helping organizations better cope with this cumbersome and oftentimes manual aspect of cloud usage. Infoblox automates the process and provides visual assistance for our customers to enjoy the many benefits of cloud services, while greatly reducing the risk of their data ending up in the hands of the wrong people.