Securing today’s highly distributed enterprise

Many organisations have multiple work sites that need to be securely connected to each other and the internet.

When it comes to information security, enterprises have a lot to worry about. Distributed Denial of Service (DDoS) attacks, ransomware, malware and cyber-espionage are all on the rise, and defending against these and other attacks is challenging.

But the job is getting increasingly complex for one simple fact: enterprises today are highly distributed operations with systems and data scattered across headquarters, branch sites, remote offices, in the cloud and elsewhere.

Securing today’s multi-dimensional and dynamic enterprise requires a similarly layered, vigorous approach. Every perimeter must be protected and networks must be continuously monitored to detect and mitigate attacks.

>See also: Enterprise security in the connected devices age

Firewalls can be used to block spam, viruses and phishing attempts, and even “phone home” requests made by malware. And cloud-based, integrated threat intelligence services can identify new and emerging attacks and help centralise and coordinate all the security elements, adding a layer of protection to firewalls and related applications, such as antivirus software and web filters.

Digital enterprises are distributed

In today’s digital economy, an enterprise’s traditional boundaries are constantly being stretched. It’s estimated that there are more than 1.6 million remote or branch offices in the United States.

A new Gallup survey of 15,000 adults found that 43% of employed Americans said they spent at least some time working remotely. And a recent Frost & Sullivan report estimated that by 2020, up to 1.55 billion workers around the world will be responsible for work that does not confine them to a desk.

>See also: Keeping the enterprise secure in the age of mass encryption

Public cloud is amplifying the growth in remote offices and workers by providing anywhere, anytime access to critical applications and data. A recent IDC survey of over 6,000 IT organisations found that nearly two thirds of the respondents were either already using or planning to use public cloud Infrastructure as a Service (IaaS) by the end of 2016, and the research firm forecasts that public cloud IaaS revenues will more than triple, from $12.6 billion in 2015 to $43.6 billion in 2020.

Remote office challenges

These growing legions of remote offices and employees accessing systems and data on corporate networks and in public clouds are the products of the today’s digital economy, and the hope is that they’ll boost productivity, time-to-market, agility and the ultimately the bottom line.

But they also are creating opportunities for cyberattacks by exposing new entry points and unsecured devices, data and applications. As such, businesses large and small struggle with the same underlying problem: keeping their IT infrastructures secure.

IT departments typically put a lot of focus on protecting the networks and systems within the four walls of their company headquarters. But the branch offices and remote employees can introduce risky exposures that, if breached, can cause a great deal of damage.

One of the biggest challenges in maintaining network security at both remote offices or branch offices (ROBO) and small offices or home offices (SOHO) is the lack of IT staff on location.

>See also: How the Internet of Things is impacting enterprise networks

In addition to the lack of onsite IT help, cost can be an inhibiting factor for organisations to take the extra network security steps. ROBO locations require the same security measures as the corporate office, like firewalls, virtual private networks (VPNs), intrusion prevention systems, and web and email security. The more of these solutions in use at the branch offices, the more challenging and costly it is to manage and maintain them.

While companies agree that it is in the organisation’s best interest to invest in solutions and implement best practices for all their offices and remote employees to prevent breaches, they often struggle to identify straightforward solutions to these network security challenges.

Often, remote workers and branch offices get short shrift. This is a dangerous position since attackers often target the weakest link in an organisation, including remote offices, in order to get to the larger corporate prizes.

Securing the distributed enterprise

Given the many challenges involved in securing highly distributed enterprises, organizations must choose carefully when it comes time to select a security solution. Here are some simple guidelines to help when it comes to evaluating candidates.

Look for a solution provider that has domain expertise in securing the network perimeter. Some secure gateways, like unified threat management solutions or next-generation firewalls, offer features above and beyond basic network security.

These services can provide a great deal more than off-the-shelf routers designed for simple internet connectivity, with onboard firewalls that are inadequate defenses at the gateway to the internet.

>See also: Enterprise navigation in the dark era of cyber attacks and cyber security

Even amongst these providers, not all firewalls are created equal. The best options include advanced features like cloud-based centralized management. These cloud services augment on-premise firewalls and can be used across all deployment sites to segment networks to protect sensitive information, create policies to define and manage network privileges, and get real time reports of anything suspicious occurring on each network.

Cloud services can not only provide the ability to centrally manage remote firewall deployments, but those vendors who offer cloud-based threat intelligence services can extend the protection of on-premise firewalls by providing insights into threat attempts seen across deployments.

Last but not least, be sure the perimeter security solution includes support for SD-WAN applications like dynamic routing of internet traffic via VPN tunnels. This will provide the flexibility to route traffic between locations, headquarters, cloud services or even third party privacy VPN providers.

While there are many challenges to securing the distributed enterprise, there are also more purpose-built solutions available to make the job easier. Since edge-of-network locations are often seen as soft targets by cybercriminals, the stakes for securing those locations have never been higher.

 

Sourced by Dirk Morris, chief product officer of Untangle

Avatar photo

Nick Ismail

Nick Ismail is a former editor for Information Age (from 2018 to 2022) before moving on to become Global Head of Brand Journalism at HCLTech. He has a particular interest in smart technologies, AI and...