This is difficult and time consuming today. It will only be more difficult tomorrow as the march to the cloud and BYOD continues. The answer lies in the Software Defined Perimeter (SDP). SDP allows application owners the ability to deploy perimeters that can be deployed anywhere - on the internet, in the cloud, at a hosting center, on the private corporate network, or across some or all of these locations. SDP is a way to make the machines do the work of enforcing security policies. Instead of having large teams manage VLANS and firewalls, leverage an SDP model.
What can a security leader do to get started?
The first step is to take a hard look at what you are spending security dollars on. If you are continuing to invest in perimeter-based defenses, you may need to reconsider what return you are getting today and what you will be getting tomorrow as your perimeter continues to collapse. In my view, the better approach is to shift security dollars to hardening the interior.
The next step is to consider how your workforce is connecting to the resources you need to protect. The adversary has little problem obtaining valid credentials. The best investments are technologies that are "employee proof." Low-cost ways to improve user access controls with context-based authentication. These types of controls protect against the inadvertent, as well as the malicious employee action.
Lastly, CISOs need to take a hard look at the time and money they are expending to segment their networks. In the long run, the finer the segmentation, the more secure the network. We need cheaper and easier ways to do this. The best tools out today implement a SDP approach. Let the machines do the work.
Sign up for Computerworld eNewsletters.