Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Partner Perspectives  Connecting marketers to our tech communities.
SPONSORED BY
1/16/2018
09:30 AM
Paul Martini
Paul Martini
Partner Perspectives
Connect Directly
Twitter
RSS
50%
50%

Top 3 Pitfalls of Securing the Decentralized Enterprise

Doubling down on outdated security practices while the number of users leveraging your enterprise network grows is a race to the bottom for businesses moving to distributed workflows.

The modern enterprise doesn’t live within four walls. It’s distributed, with companies leveraging digital communications to connect their brightest minds, and give teams the flexibility they need to successfully execute their most pressing tasks. But for all the benefits that decentralization promises, it also begins to blur the network perimeter, which forces security teams to think more critically and creatively about their defenses. When networks become distributed, there are numerous pitfalls that await them.

Pitfall 1: Devices and Users
The proliferation of mobile devices has put fully functional computers in the palms and pockets of virtually every modern worker. Whether part of a bring your own device initiative or delivered to employees directly by the company, employees use these essential work tools to access business-critical data, even when they aren’t plugged in at corporate headquarters.

The downside is that when employees connect to information systems and enterprise data from outside of the safety of the corporate network, it’s critical to keep tabs on where that traffic originates and if the device or user has permission to access enterprise data. Administrators need to be sure that they keep directories current to dictate permissions and proxy settings, while also doing all they can to monitor for traffic origins that could indicate illegitimate or malicious activity. By having an up-to-date registry of users, their devices and the associated permissions of that individual’s rank and role, teams will more easily be able to spot anomalous traffic patterns that indicate data theft.

Pitfall 2: More devices breed more applications – and threats
Part-in-parcel with the proliferation of mobile devices in the workplace is a boom in new applications and software – both for business and for pleasure – that employees are hungry to download. The problem here is twofold: For starters, non-essential applications can be a drain on bandwidth, so administrators need the ability to prioritize network capacity toward business-critical activity to avoid latency.

Further to that, just downloading any content onto the network from an outside source – whether a smartphone game or a word document – can open the floodgates to potential threats hiding in plain sight. Trojans – malware hidden within seemingly innocuous file types – can be unleashed on a corporate network via a personal email attachment, initiating a wealth of attacks – from DDoS to command and control callbacks – aimed at stealing data and disrupting network performance.

Pitfall 3: Bulky defenses only complicate security
Even security teams that are already meeting these challenges may not be taking the easiest or most effective route to securing decentralized networks. For instance, many teams will layer on security solutions by purchasing additional on-premises security appliances as bandwidth needs grow. While this approach will provide the additional security capacity needed to protect traffic, each piece of hardware will require dedicated security management, and put extra demands on IT to create costly and complicated backhaul networks.  

A better solution is for organizations need to simplify control and network pathways in order to give their business as much visibility into the activity taking place on their network as possible. Rather than installing hardware in a cumulative fashion, adopting additional consoles and vantage points into the network for teams to monitor, organizations need to strive to have all network activity presented from a single pane of glass.  

The decentralized organization isn’t a passing fad, but as costs pile up, a business that doesn't evolve its security strategy to enable it might be. Doubling down on outdated security practices while the number of users leveraging enterprise networks grows is an easy race to the bottom for organizations moving to distributed workflows.

Paul Martini is the CEO, co-founder and chief architect of iboss, where he pioneered the award-winning iboss Distributed Gateway Platform, a web gateway as a service. Paul has been recognized for his leadership and innovation, receiving the Ernst & Young Entrepreneur of The ... View Full Bio
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
COVID-19: Latest Security News & Commentary
Dark Reading Staff 8/3/2020
Pen Testers Who Got Arrested Doing Their Jobs Tell All
Kelly Jackson Higgins, Executive Editor at Dark Reading,  8/5/2020
New 'Nanodegree' Program Provides Hands-On Cybersecurity Training
Nicole Ferraro, Contributing Writer,  8/3/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Special Report: Computing's New Normal, a Dark Reading Perspective
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-15058
PUBLISHED: 2020-08-07
Lindy 42633 4-Port USB 2.0 Gigabit Network Server 2.078.000 devices allow an attacker on the same network to elevate privileges because the administrative password can be discovered by sniffing unencrypted UDP traffic.
CVE-2020-15059
PUBLISHED: 2020-08-07
Lindy 42633 4-Port USB 2.0 Gigabit Network Server 2.078.000 devices allow an attacker on the same network to bypass authentication via a web-administration request that lacks a password parameter.
CVE-2020-15060
PUBLISHED: 2020-08-07
Lindy 42633 4-Port USB 2.0 Gigabit Network Server 2.078.000 devices allow an attacker on the same network to conduct persistent XSS attacks by leveraging administrative privileges to set a crafted server name.
CVE-2020-15061
PUBLISHED: 2020-08-07
Lindy 42633 4-Port USB 2.0 Gigabit Network Server 2.078.000 devices allow an attacker on the same network to denial-of-service the device via long input values.
CVE-2020-15062
PUBLISHED: 2020-08-07
DIGITUS DA-70254 4-Port Gigabit Network Hub 2.073.000.E0008 devices allow an attacker on the same network to elevate privileges because the administrative password can be discovered by sniffing unencrypted UDP traffic.