Data security is foundational to any organization that wants to protect its intellectual property. To combat ever-evolving security threats, the enterprise must continually evolve the security paradigm based on new systems, architectures, and models.
In traditional data centers, applications were hosted on-premises, where the security perimeter was well-defined and contained. The evolution of SaaS and cloud based applications, however, in addition to local and cloud data center delivery, requires a new approach. This new approach needs to change dynamically based on the user, device, applications, and location. This new world requires a secure digital perimeter.
Security Risks in a Hybrid Cloud environment
Accessing SaaS and cloud services requires strong user authentication and authorization policies, so systems can correctly identify and disseminate the information coming from and going to end users. Normally, this would not be a problem if the organization had applications deployed on-premises. However, that is not the case in most companies whose applications live in a hybrid cloud environment. IT needs to ensure access to these applications and that data is protected adequately. Having an inconsistent set of security policies not only results in inconvenience, but is also a security risk. Unauthorized access to confidential data can not only result in huge losses to the company, but it can also affect a company’s brand value. Take, for example, Target and, more recently, Equifax; their brands were deeply damaged by their respective security breaches and, in fact, many of their executives were fired as a result.
IDC recently surveyed 900 IT professionals to specifically address the issues of operating in a cloud-first environment. As expected, security of the infrastructure was the biggest ask for capabilities in a cloud environment.
Secure Digital Perimeter
One such approach for improving security in a cloud environment is a secure digital perimeter. In a traditional, on-prem approach, a user initiates a connection to an application farm, authenticates and, once authorized, gets access to an application. In this new paradigm, the end user is authenticated before initiating any connection to an application. This pre-authentication of users consists of checking device posture, verification of user identity, verification of the IP address of the user’s device, and so on. This pre-check of user identity helps mitigate most common network-based attacks, such as denial of service, SQL injection, man-in-the-middle, etc. The pre-authentication can be transparent to the end user and have no effect on the user experience. Once pre-authentication is complete, a user can initiate a session, further authenticate, and, if authorized, access applications or services.
The approach of a secure digital perimeter not only provides an identity-centric approach, with the pre-authentication of users, but it also allows security policies to change dynamically based on who the user is, their location, as well as the type and status of the end-user device, and the applications a user is trying to access, thus improving the overall security posture of the cloud infrastructure.
Allow one access point, implement Single Sign-On across all applications
A key requirement for implementing a successful secure digital perimeter is a consolidated approach and a solution that provides single sign-on across applications in a datacenter, cloud, or delivered as SaaS. This is important to not only providing a consistent framework for security and access control policies, but also providing a better user experience and ease of management for IT. The IDC study shows that 98% of customers are looking at addressing these challenges with a unified solution from a single vendor.
Providing a complete solution that can fulfill all these needs must be built around a secure platform. If even one crack exists in the security perimeter, the entire application infrastructure could be placed in jeopardy. Choosing a vendor that provides a complete solution to secure access to applications in datacenters and cloud is of the utmost importance for companies. For in-house staff, the security of the local system and cloud services should be addressed and built throughout each phase of any expansion. This is crucial to future migration into a hybrid cloud model.
Enterprises want to use a mix of local services and cloud-based services. From the IDC research, it is also clear where they need to focus their efforts to ensure the security, reliability and ease of management for future systems. This is where companies want to go, and this is where we, at Citrix, must lead.