locker-820088_1280.jpg

BYOD is Shifting the Security Perimeter for WAN Managers

By Erik KreifeldtOct 5, 2018

Share

Of all of the areas covered by the WAN Summit, cyber security has got to be one of the hottest topics.

This popular and important subject is being led by a niche core of security experts who are showing us the way.

Maybe this is best summarized by one response I received while recruiting our 2018 WAN Summit Singapore cyber security panel. A brilliant WAN professional who seemed like a great match for our conversation responded simply, “I’m not a security guy.”

If he wasn’t a security guy, then neither am I. But lucky for me and many others who were at our September event in Singapore, we had insight from Velocloud’s Brett Waddington, Rajah & Tann Singapore LLP’s Justin Lee, and Centurylink’s Ricky Chau.

For 40 minutes, we were all “security people.”

Led by our own Paul Brodsky, the panel dissected how new technology and workplace culture are changing WAN security requirements. I found myself an eager audience member who had a lot to learn.

The panel was quick to note that BYOD and remote workers are changing how enterprises are approaching security, ultimately shifting the security perimeter.

So where has the perimeter gone? According to our speakers, the right question is actually “where is the perimeter going?” As more employees work from remote locations, we find ourselves in transition.

“People go to massive pains to keep their computers secure on premise and then let people work from home where there is no security.”

Waddington said it better than I ever could: “People go to massive pains to keep their computers secure on premise and then let people work from home where there is no security.”

Truly, remote access to cloud service providers has circumvented centralized security architectures and complicated the definition of a security perimeter. Ringing a data center with firewalls isn’t effective when users are accessing cloud applications from mobile devices.

Security has morphed from box-based to a rules-based architecture, it seems. This has implications for the entire organization, as IT managers need to know whom should gain remote access to what.

Waddington came armed with advice: make a list, check it twice.

Ultimately, managers must make decisions about how to treat applications going over the public internet. What level of security does an application deserve? Does it need to be inspected? What level does it need?

Waddington’s approach was to list all applications in play and decide what to use internet transport for one by one. “Some apps, I might say, ‘I don’t trust that app to through a cloud-based security system; I won’t drop that directly from the branch out into the internet,’” he said. “I want to be able to selectively do that.”

All this to say: there’s more to talk about.

 

New call-to-action

Erik Kreifeldt

Erik Kreifeldt

Principal Analyst Erik Kreifeldt tracks the international network services industry, advising global operators on market trends. With more than 20 years of industry experience—including over a decade of research with TeleGeography—he specializes in strategic decisions that require genuine data, analysis, and insight. Before joining TeleGeography, Erik was an optical networking industry analyst, trade reporter, and optical physics science writer. He continues to draw inspiration from the profound-yet-underappreciated work of maintaining infrastructure essential for global commerce—and awe at how it all gets done.

Connect with Erik