Intelligent CIO Europe Issue 4 - Page 37

+ EDITOR’S QUESTION SCOTT GORDON (CISSP), CHIEF MARKETING OFFICER, PULSE SECURE A s more information and applications become Internet connected, the vast volume of data held and processed through online systems has made them a prime target for attacks. Securing online resources is a case of reducing risk through the creation and enforcement of risk mitigating controls along with sensible day-to-day secure processes combined with constant testing and vigilance. Security solutions have a major role to play and the number of ways they can help is increasing. Two major areas of focus are; securing accessibility to systems and data, along with securing data during transit and at rest. Secure access is as fundamental as having a door with a lock and key. VPN – a security cornerstone The prevailing technology used by the clear majority of web connected systems is some form of authentication process that uses a combination of validated digital certificates alongside a multi-factor method of authenticating user authority to access secure systems and data. Under the catchall of Virtual Private Networks (VPNs), the vast majority of connected systems will require a Secure Socket Layer (SSL) connection to be established between the person requiring access and the target website of the remote server. In the case of more secure applications, additional login processes such as two factor authentication (2FA) will need to take place to ensure that the person attempting to gain access is a legitimately authorised person. Secure Access is a broad collection of systems that handle many of the intermediary steps within the chain. This can include validating that the device used to make the connection is up to date with its www.intelligentcio.com operating systems and patches, as well as checking that the various digital certificates and encryption keys are valid, properly exchanged and verified. ///////////////// Policy-based management is vital This process leads neatly to the protection of data in transit and at rest. Also, within the purview of VPN, this means protecting data between users, devices and online systems. While process is mature and increasingly automated, secure access management tools enable organisations to enact flexible policies that ensure controls are followed and when needed, can instigate additional security measures. These controls can be based on factors such as where the user is connecting from, the type of systems being accessed or even heightened due to a vulnerability, new threats or regulation such as PCI DSS or GDPR. Automated security policies are also vital as information starts to reside between multiple on-premise, cloud and SaaS applications. As users and data flows within this hybrid environment, security policy must fluidly adapt to the different access and security models that each platform mandates. For example, federated login and single-sign-on technologies are a practical way to reduce the friction of users moving between these hybrid structures while enforcing centralised control over access and user privilege. Mobile security – defending data at the last mile smartphone, tablet or laptop. Secure Access technologies can invoke device health checks to ensure device defences are current and active. Additional controls, such as the use of containers to segregate personal from corporate apps and data, can be added for appropriate cloud-based apps and data protection. A marathon not a sprint With all the talk about data in the cloud, it is possible to question what exactly is accessing that sensitive data; chances are, it is possibly an insecure mobile device. What happens to the data when that device is lost or compromised? As such, security policy and controls must be seamlessly extended to the As more information heads online, CIOs must continually assess their organisations security posture, compliance and readiness. This takes ongoing vigilance and as threats and regulations progress, so must secure access controls, policy and end-user education continually evolve as well. INTELLIGENTCIO 37