Protecting corporate data in the future will be a lot harder
than it is today using the current methodology and solutions of IPS, Next
Generation Firewalls, DLP, and full packet capture.
The reason for this is most corporate IT departments assume
that when a user is at work they are using the corporate network (wired or
Wi-Fi). This idea predicates that all protections for the network and its data
be located on the link to the Internet service provider, the point at which
data leaves or comes in to the network.
The reality is that users do not need to use the
corporate network all of the time. With the migration to cloud services, users
can actually access most of their corporate data from the LTE Cellular network
on their device. This allows users to completely bypass the corporate network
and all of the controls and visibility solutions that IT has deployed.
There are many reasons why a user may choose to this:
1)
They honestly do not know the difference or forget
to turn on Wi-Fi when they get to the office
2)
They want access to services that IT is currently blocking
via the proxy or content filtering solution
3)
Their LTE connection is faster than the
corporate internet connection
To further complicate things, in the future I see a driver
being written for Android and iOS that will allow per-application routing to
either the Cellular Data Network or the internal Wi-Fi network, thus allowing
some applications to talk to internal systems, while others to talk directly to
the internet.
It will be interesting to see how IT, security, and risk
departments try to tackle this problem.
My guess is that it will first start with a draconic approach, then move
to strict policy enforcement, and then finally where it should go, and that is
private hybrid clouds with full identity and location aware networking. Each
hybrid cloud instance will also need full reverse perimeter protections like
IPS, Next Generation Firewalls, DLP, and full packet capture. It seems like the
old Identity Engines had the right idea, they were just 10 years early.
No comments:
Post a Comment