It's a strange paradox: we always lock our homes and cars because we are aware of the dangers. But when it comes to networks, we lull ourselves into a false sense of security. Companies urgently need to secure their networks.
We are all familiar with the following situation. If you don't have a smart meter, every few years an auditor from the gas and electricity distributor comes to take the meter readings. The person rings the doorbell and identifies himself. You accompany the person to the meters, have the meter read and you let him or her out again. Right? You don't just let the meter reader wander around your house and suddenly find them in your bedroom or bathroom. Yet that is what we often do with company networks. A visitor checks in at reception, enters a meeting room and connects his laptop to one of the network cables lying around. And hey presto, your visitor has access to your network. Unfortunately, this type of situation occurs all too often. It is all too easy to think that only 'the good guys' got in. But even then you don't just let them see everything on your network, do you? And what about your wireless network? Hacking a wireless password has become commodity. Additionally, your wireless network doesn't stop at your company's walls...
Fortress principle versus Zero Trust
The situation with the meter reader described above is remarkably similar to the way we prefer to deal with network security. When someone requests access to the network, we first perform an identity check, and based on that, we determine what that person will have access to or rights to. We check who it is, which device he or she wants to use on the network, whether the device has the most recent antivirus software, ... But it doesn't stop there. The moment someone wants to connect to an application, we check again who wants to make this connection, from which location, ... In other words, it is not because you once got in that you can now freely go poking around everywhere.
This is the Zero Trust principle we apply.
In the past, people used to use the 'Fortress principle': once a visitor passed the firewall, (s)he was allowed to do his own thing. As long as we were dealing with a cabled network and an on-premise datacenter, this was normally not a problem. But once cloud computing allowed both users and data to be spread over large distances, the Fortress principle no longer held. And it certainly doesn't anymore, as more and more people are working from home and want access to all the company's data and applications.
SASE is a philosophy
For us, SASE, or 'Secure Access Services Edge’, is the way we should deal with networks and their security in the future. SASE is not a product, it is a philosophy. It's about knowing at any given moment who is connecting, to where, whether they have access to the data or what the user is allowed to do with the resources they access. At that point it no longer makes any difference whether you are on-premise or in the cloud.
Because every company has a cloud component somewhere, even if it is only via software-as-a-service (just think of CRM, Office 365 or other applications), it is best to house the security layer in the cloud as well. That way, you can adequately secure both a central site and various remote sites. Zero trust and SASE go hand in hand and provide the basic secure connectivity from anywhere.
Choose an ecosystem
Companies can turn to various suppliers for secure networks. Based on our dual-vendor strategy, Simac works together with two A-brands, Cisco and Fortinet. Both suppliers have developed a real ecosystem in which various products work together seamlessly and reinforce each other. Traditionally, many IT departments use a 'best-of-breed' strategy, where they always choose the best technical solution to a problem. Unfortunately, this often results in the coexistence of various products, each with their own specificity, but without correlation between the various events that are logged. Those events are spread across five or six different consoles. The result: many threats slip through the cracks.
By choosing the ecosystem of one supplier where the products work well together and exchange information, you can get a good picture of what is happening on your network. You can constantly monitor what is normal and what is not, and you can discover suspicious data flows. Especially in the case of ransomware, it is very important to quickly identify suspicious activities.
Of course, not everyone starts from a clean slate to purchase such a mono-vendor ecosystem. When different products are present, we can provide integration with the necessary APIs.
Security is a mindset
Even more important than products is an awareness in all layers of a company. Most threats still come in via the laptops of end-users. Everyone should know by now that you shouldn't open all attachments or click on all links. Still this happens, just like many people leave laptops visible in their car.
Security is something that should be ingrained in everyone. Not only when you're at the company, but also at home. Security products aim to keep the 'bad guys’ out as much as possible, just like physical security on buildings. However, this does not mean that there can be no more burglars. Staying alert is the watchword!
Mia Dobbeni is Security and Network Architect at Simac ICT Belgium. Mia joined Simac ICT Belgium in November 2019. Previously she worked both in the IT industry and in education.Contact us