Fluid boundaries spark security revolution

The increasing demand for fast and easy access to data, whatever the location, means traditional company borders are a thing of the past. Commercial enterprises and government organisations of all sizes are facing growing pressure to cut costs, increase revenue and/or meet efficiency targets. This is proving to be a major headache for IT directors and security officers, and is also now reaching the watchful eye of the Board. With security breaches in the UK alone costing £10 billion per year, it is little wonder organisations are exerting pressure on ensuring top level security policies and solutions are in place.

Under greater scrutiny, organisations are focusing on their core competencies to achieve these goals, and relying on partners to support their business in other activities. This approach is putting an ever-increasing amount of pressure on the IT department to find a way to share company information securely outside the corporate firewall. On top of this, the prolific use of mobile devices and flexible working practices mean that it is no longer possible to clearly define organisational network boundaries.

Organisations have traditionally protected themselves from information theft and ID fraud by tightly securing their network boundaries. They constructed an elaborate security infrastructure of gateways, subnets and portals, whilst allowing network access to clearly identify users. However this approach was standing in the way of business activity and productivity. It was workable when ten people were accessing the network from outside the firewall, but today with hundreds, if not thousands, working outside the corporate perimeter, it is simply not viable. Security restrictions are forcing remote workers to remember a new set of passwords every few months or get to grips with secure, but difficult-to-use, applications.

A recent survey of security professionals that we carried out revealed that more than 50 per cent of organisations support mobile working for over 10 per cent of their employees. With this figure rising continually (20 per cent of organisations support remote working for over 50 per cent of staff), as more people strive to find the elusive work/life balance, the pressures on information security from outside the network boundaries increases exponentially.

As a result, the IT department currently takes the brunt of the problem. They are the first port of call when employees cannot access information or things go wrong and the network is breached. Levels of sophistication in hacking continue to increase and, to combat this, there is an enormous amount of pressure upon technology infrastructures and resources to manage complex and cumbersome security solutions.

Even the trusted password is failing us in this regard. They have become virtually meaningless, with over 50 per cent of the working population now writing down so called ‘highly secure’ passwords to be able to remember them or simply forgetting them and bombarding IT helpdesks with password reset requests. Two-factor authentication is one way to pinpoint who is doing what and restrict access to crucial data.

When it comes to wider-reaching security solutions that combat issues of mobile and remote working, global collaboration and increasingly sophisticated or targeted hacker attacks, more flexible and robust security solutions are needed. Forward-thinking companies are now breaking down the artificial boundaries established by traditional security solutions and introducing the concept of ‘borderless’ security.

Borderless security integrates – into one solution – all the layers of network protection: authentication, authorisation, confidentiality and integrity. This allows users and administrators seamless – anytime, anywhere – network access, therefore, dissolving technology boundaries and minimising administrative procedures, thus resulting in security that easily transcends the network borders.

Not only does a borderless solution eliminate user frustration associated with remote access, but it offers network administrators easily deployed and managed access controls. After evaluating various levels of user credentials a borderless security system can grant or deny specific network and application resources.

In such an environment, granular authorisation can be personalised to each user depending on the needs and position of the employee. Access to company information and assets is granted based on three factors: strength of authentication, level of authorisation and location. For example, an employee is granted complete access to information when in the office, but partial access to when working securely from home and using two-factor authentication. Limited access could be granted when accessing the network from an Internet cafe. At any time, an organisation will know who is accessing what information and from where.

Crucially, this flexible approach does not weaken the security or require an expensive or major re-architecting of the existing IT infrastructures. The platform consists of smart cards, USB tokens, client software, server appliances, and management components, tightly integrated in easy-to-install packages which can be deployed enterprise-wide.

Borderless security ensures employees securely get access to the information they need, when they need it. For the IT team, it can reduce administration and lower the number of helpdesk requests. One additional, but vital, benefit is that the ability to control network access points and introduce ‘single sign on’ increases compliance with internal security policies, leading to a much lower level of risk when it comes to information fraud or theft.

We no longer live in an age where the firewall defines the boundary of the corporate network. Borderless security ensures privacy and integrity of organisational information while allowing flexibility to employees, customers, users, suppliers and partners to work effectively, regardless of location. The solution will adapt to changing business needs, with minimum fuss, ensuring users can share information securely and without constraint.

As things stand, organisations all too often know nothing about security breaches until the damage has been done and the hacker’s curiosity is satisfied, especially in the large scale networks that are now needing protection.

We are living in a more fluid and flexible age. Organisations’ security strategies need to keep up or they will have to face the consequences – often at either financial cost, or at irreparable damage to the company’s brand and reputation.