Security is not a point in time or a project-based initiative. Just because you have implemented next gen firewalls or intrusion prevention tools today does not mean you are safe tomorrow.
Networks have been built with the assumption that internal traffic between applications is safe and can be trusted. However, networks are no longer static and neither are the applications that live within them. The dynamic nature or modern applications and cloud have expanded the horizons of the computing environment, but security controls remain mostly outward-facing.
External traffic into applications faces firewalls and antivirus scanners, but 80 percent of internal traffic receives no vetting at all. The front door of an agency’s digital assets may be secure, but the windows and backdoors have most likely already been compromised. How should the government adapt?
Step 1: Assume the Worst
As hacking attempts grow in sophistication, it’s no longer safe to assume the perimeter intercepts all threats. Without any countermeasures on the inside, malware, spyware and malicious threats can move laterally once they clear the first hurdle of traditional perimeter defenses. Instead of focusing all security efforts on external threats, assume that the perimeter of your environment has been breached and the bad actors are within the wall of your data center. Whether it’s embedded malware, a disgruntled employee, malicious actor or foreign state, sooner or later the data center will be compromised and, most likely, already has been compromised.
Step 2: Adopt the Zero Trust Approach
Instead of waiting until it’s too late, adopt a zero trust approach to security. Implement additional safeguards as close to the application as possible. Implement application-based rules to limit the lateral movement within and across servers. If the application cannot communicate with an unrelated data center to begin with, the odds of bad actors using it to steal information lower substantially. Agencies need security controls that allow them to be both reactive and proactive to respond to the dynamic nature of today’s networks and applications.
Step 3: Automate and Micro-Segment
If everything is potentially compromised, automating security protocols can preempt many of these breaches. When a new application is installed on a server, instant controls can define what data and network resources it should access before the platform ever comes online. Then, administrators can implement more customized policies. After all, if you can no longer trust your border defenses, the ability to contain the bad guys once they’re inside the network is as critical as being able to keep them out. Even if a hacker finds a back window, micro-segmentation will prevent that bad actor from gaining unilateral access.
At present, 80 percent of application traffic doesn’t pass through a firewall once it’s inside the data center. Restructuring systems to route that traffic through existing firewalls via traditional networking adds insurmountable cost and complexity to our data centers. Instead, automating the implementation of internal boundaries around existing assets, that are not only deployed with your application, but are aware of the applications’ intent, can quickly solve this challenge. Using automation and micro-segmentation – agencies can build a security approach where 100 percent of traffic traverses a firewall – without having to re-architect the system, or impact user experience. This approach, at its core, creates a new perimeter around the application itself.
Step 4: Adapt
The Zero Trust philosophy has been a foundation of defense within the military and government long before computers were part of our daily lives. It is the philosophy that should be a first step toward a more adaptive cybersecurity solution. This approach, on its core, builds off the “assume the worst” step and responds to threats before they appear – or even exist. When you believe your system is already breached, then security becomes a continuum of evolving responses and mitigation. Automation and micro-segmentation will contain threats today, but government will need to find the next tools tomorrow.
Read more about the Zero Trust approach and micro-segmentation’s ability to mitigate existing threats outside and inside the data center in this FCW article, and learn more about threats facing federal agencies in this tech brief from VMware.