Life outside the perimeter – mobility and cloud impact on enterprise security
As far as enterprises are concerned, perimeters are disappearing. The rise of a more mobile workforce, working wherever and whenever is convenient, and cloud computing means that what a business considers vital - data, applications, people - is no longer contained within its four walls.
As we’ve pointed out so many times before this has huge benefits: workers are more productive and happier, IT can reduce costs associated with device hardware and the cloud offers a cheaper and more agile and flexible infrastructure.
Sounds good, doesn’t it? But having so much critical infrastructure and information operating and residing outside a traditional business perimeter can make some organisations fearful about losing control of what’s important to them and raise questions over responsibility should something go wrong.
Security is a big issue for some... if something is with a third party provider and hosted outside your own data center, how does one know how well it is being protected? How does a business know who is accessing its data? How does a business keep track of what data was accessed by its workers as well as where and from which device?
In fact, we at F5 see the rise of mobility and cloud computing as an excellent opportunity to regain control of enterprise security. The technologies available can help organisations to understand the who, what, where and when of connections to its network, as well as ensure that any internal policies relating to security are enforced externally as well (meaning outside the perimeter).
The focus for security has shifted from protecting devices to protecting data, wherever it is. This means controlling who - and where from and with what devices - can access certain data and applications; it also means any policies that govern users or certain applications/data will still apply. Remote workers will be able to access any corporate application they are allowed to regardless of their location or device.
The emergence of cloud computing and a more mobile enterprise does not have to mean a disconnect in security access and policies. Consolidation of security policies and access control at the application delivery tier means a uniform approach to security. It also means an increase in the layers of security: device, location, application.
So what I’m really saying here is that cloud and mobility have simply extended the traditional enterprise perimeter. Instead of being fixed within an organisation’s data centre it is a flexible, evolving and moving perimeter, going wherever a business needs it to go. And the good thing about that is that the technology is there to ensure security moves with it, so your critical data, applications and services are just as secure as you need them to be.