IT News - Security

In a hybrid and multicloud world, identity is the new perimeter and a critical attack surface for bad actors

"As organizations prioritize digital transformation," writes David Mahdi in Dark Reading, "they are moving services to the cloud at a rapid clip. Yet when making this shift, many companies fail to make the necessary updates to their security programs and solutions to protect the new cloud perimeter. Rather than redesigning their security infrastructure for the cloud, many organizations are simply wrapping the cloud around their legacy technologies, relying on legacy network security solutions to protect their data..."

Despite gains in budget and a strategic priority for SOCs, burnout, overload and chaos persist in many organizations during the worldwide pandemic. Here are some best practices for enterprise security leaders to reform/re-energize SOC teams.

"Recently The Wall Street Journal published an article titled 'Cyber Chiefs Watch Their People for Burnout as Pandemic Rolls On,' which posited that IT security teams are burning out even more quickly than before the COVID-19 pandemic. With IT security teams supporting a vastly new remote workforce - and an even wider attack surface - that increases sophisticated cyberattack attempts by adversaries, the scales have tipped even more but not in the security operations center (SOC) teams' favor..." - eWeek

The most secure network is one that has no connections. Of course, that idea is not only impractical, it defeats the purpose of a network

Peter Newton writes in CSO Online, "The reality is that no network is an island, and as businesses become more digital, networks inevitably become more complicated and dispersed. Today's networks now have many 'edges,' so it's much harder than it used to be to create a single defensible boundary. In the face of these changes, the traditional network perimeter is dissolving, and it's far more difficult to tell who and what can be trusted.

To respond to increasing threats, best practices now stipulate a "trust no one, trust nothing" attitude toward network access. Protecting the network with this zero-trust access (ZTA) approach means that all users, all devices, and all web applications from the cloud must be trusted, authenticated, and have the correct amount of access privilege (and no more.)..."

See all Archived IT News - Security articles See all articles from this issue