CIO OPINION
providers, information integrity and any
potential intermediaries, as information is
persisted or retrieved?
The common factor across these
interpretations is trust: Secure Access to
corporate or IoT device information is rooted
in the establishment of mutual trust between
the provider (service) and consumer/subscriber
(client) of that information. This trust extends
to any intermediary service and connection
fabric. The client must trust that the provider
and its information is legitimate, maintains
its integrity and is protected. On the other
hand, the provider must trust that the client
(user, device, application) is legitimate and
authorised and doesn’t pose a threat to
compromise the provider or leak information,
either accidentally or intentionally.
The end-user experience plays a critical role
in establishing trust consistently. Usually,
users want to do the right thing to get
their jobs done but if security becomes
too cumbersome, users will find a way
around it. It is imperative that security is
pervasive while largely transparent. In the
end, corporate productivity depends on its
employees’ ability to collaborate internally
and externally, while minimising information
and security risks. That leads to another
key objective for Secure Access, whereby
we move from a pure controlling, restrictive
access model, based on a zero trust model,
to an enablement model (trust but monitor
and verify principle) such that the users/
devices can optimally get their jobs done.
Trends that redefine Secure Access
The enterprise IT environment is
increasingly shaped by four major trends
that have ramifications for Secure Access
to applications and information. First the
emergence of the multi-cloud corporation,
based on the explosive rate of cloud
computing and hybrid IT environment
adoptions. The main driving factors are:
• Cost benefit of using SaaS, PaaS and
IaaS providers.
• No or limited competitive
differentiation for infrastructure or
standard business applications.
• Agility; much faster Time-To-Value for
new business applications, with an
ability to respond to rapidly changing
market conditions.
52
INTELLIGENTCIO
• Data centre extensions into the cloud for
scale-out (peak demand) as well as on-
demand disaster recovery failover.
Hybrid IT environment
Very few companies, if any, will be exclusively
on-premise or fully cloud-based. Most
companies will have a blend of legacy data
centre, public and private PaaS/IaaS and
“
TO GAIN CONTROL
OF THE SECURITY
RISKS POSED BY
THE IOT DEVICES,
ORGANISATIONS
NEED END-TO-
END VISIBILITY,
CONTEXTUAL
AWARENESS,
REAL-TIME
ACTION AND,
PERHAPS
FOREMOST,
SECURE ACCESS.
SaaS-based applications and services. The
diversity and rapid evolution of the technology
stacks within the multi-cloud environment,
requires multiple methods of remote, mobile
and cloud secure access. A simple VPN
connection back into the corporate LAN can
be critical, but no longer sufficient.
Second, the consumerisation of IT is
revolutionising the nature of today’s
workplace. Millennials are accustomed to
a rich on-the-go digital experience in their
personal life, and they expect a similar
digital experience at work using their own
devices. Companies must provide this user
experience for their employees without
compromising key compliance and
security requirements.
Similarly, application developers in both the
IT organisations and business units operate
with a self service mindset, consuming
SaaS, PaaS and IaaS services without
being burdened by complex and slow (IT)
approval processes. Barriers to adoption
and the cost of initial development are
perceived to be minimal. Operational
effectiveness and security are generally
secondary considerations.
Third, users, applications, services, devices and
company networks are under increased and
focused attacks from hacktivists, individual
threat and nation state actors. Additionally,
the corporate multi-cloud environment with
its more open collaborative approach has
dramatically increased the exposure and
attack surface. Consequently, establishing
secure access must become the collective
responsibility of the NOC, SOC, Business-App
and DevOps teams.
Fourth, the Internet of Things (IoT) segment
is exploding. Printers, smart TVs, security
cameras, sensors, and other peripheral
devices are all connected to smartphones,
cloud services and enterprise networks.
Often, organisations are unaware of the
myriad of ways IoT devices connect to
their internal systems and external services.
Cyber criminals view IoT devices as a golden
opportunity for targeted attacks, taking
advantage of security weaknesses and
employee ignorance alike. To gain control of
the security risks posed by the IoT devices,
organisations need end-to-end visibility,
contextual awareness, real-time action and,
perhaps foremost, Secure Access.
www.intelligentcio.com