Of all of the areas covered by the WAN Summit, cyber security has got to be one of the hottest topics.
This popular and important subject is being led by a niche core of security experts who are showing us the way.
Maybe this is best summarized by one response I received while recruiting our 2018 WAN Summit Singapore cyber security panel. A brilliant WAN professional who seemed like a great match for our conversation responded simply, “I’m not a security guy.”
If he wasn’t a security guy, then neither am I. But lucky for me and many others who were at our September event in Singapore, we had insight from Velocloud’s Brett Waddington, Rajah & Tann Singapore LLP’s Justin Lee, and Centurylink’s Ricky Chau.
For 40 minutes, we were all “security people.”
Led by our own Paul Brodsky, the panel dissected how new technology and workplace culture are changing WAN security requirements. I found myself an eager audience member who had a lot to learn.
The panel was quick to note that BYOD and remote workers are changing how enterprises are approaching security, ultimately shifting the security perimeter.
So where has the perimeter gone? According to our speakers, the right question is actually “where is the perimeter going?” As more employees work from remote locations, we find ourselves in transition.
“People go to massive pains to keep their computers secure on premise and then let people work from home where there is no security.”
Waddington said it better than I ever could: “People go to massive pains to keep their computers secure on premise and then let people work from home where there is no security.”
Truly, remote access to cloud service providers has circumvented centralized security architectures and complicated the definition of a security perimeter. Ringing a data center with firewalls isn’t effective when users are accessing cloud applications from mobile devices.
Security has morphed from box-based to a rules-based architecture, it seems. This has implications for the entire organization, as IT managers need to know whom should gain remote access to what.
Waddington came armed with advice: make a list, check it twice.
Ultimately, managers must make decisions about how to treat applications going over the public internet. What level of security does an application deserve? Does it need to be inspected? What level does it need?
Waddington’s approach was to list all applications in play and decide what to use internet transport for one by one. “Some apps, I might say, ‘I don’t trust that app to through a cloud-based security system; I won’t drop that directly from the branch out into the internet,’” he said. “I want to be able to selectively do that.”
All this to say: there’s more to talk about.