Today's businesses have global operations and numerous trusted partners constantly accessing their corporate resources. Many of these business-to-business (B2B) interactions are evolving beyond the bounded traditional network perimeter, overcoming the sometimes limiting methods of data exchange and communication. And with this evolving nature, security controls need to advance as well — especially as new access methods emerge to create an entirely new partner ecosystem.
With new challenges ahead, it's useful to recognize the evolution of network security architecture in order to understand the future. In the past, the perimeter was hardened with static controls. This architecture was suitable for static and known communication interfaces, and there wasn't much coordination between the appliances and the application layer.
Today, security controls get past the perimeter to service specific needs. Technologies span from perimeter to core applications, server farms, and databases that harden critical applications and data. The DMZ-based deployment is not replaced, but rather complemented with controls at critical demarcation points for applications and data. The security appliances are more identity-aware as they frequently communicate with backend infrastructure to enforce controls.
In the future, cloud-based services will complement application and data security, with the emergence of application and data controls in the cloud. Technologies such as antimalware, script analysis, URL filtering, IPS and web application firewall in the cloud will be high on the security professional's wish list for securing B2B transactions. At the same time, organizations will look to more distributed enforcement methods that require network and physical technologies to be still on-premises.
“The threat landscape has evolved over the last couple of years, driven by organised crime syndicates trying to steal sensitive data. You need to protect just of points of entry into your network but points of exit as well,” says Florian Malecki, Enterprise Marketing Manager, Sonicwall.
Venturino Intrieri, VP of Marketing, Allied Telesis, echoes a similar opinion: “Security is something you can’t approach step by step. So you can’t just secure applications, and not secure the rest of the network. We see that most threats come from inside the network, so you have to make sure every access to the network, every Ethernet port is secured.”
Additionally, today's cloud offerings provide new ways to share applications with B2B partners. It's a compelling option that businesses can't ignore due to its scale, flexibility and cost structure. But as a security professional, it's your job to recognize the security and privacy concerns.
Are firewalls still relevant?
With the increasingly disappearing perimeter, firewalls are under scrutiny. While in the good old days you could just put a firewall in front of the public network access gateway and call it day, the changing threat landscape is threatening to make the technology obsolete. Has firewall really outlived its usefulness? Malecki from Soniwall says because the nature of the threat has evolved, the good old firewall looking at the IP address and ports is not good enough.
Ahmad Zeidan, Channel Sales Manager, Netgear, adds that though firewalls will still remain, they will be more than just walls being placed at network gateways. “What you need is barriers protecting every aspect of the network.”
As of yet, little thought has been given to an architecture that will address these key inflection points that are affecting network security. Forrester has recently devised four tiers of access control that are essential for secure future B2B interactions:
1. Application Access Control: App control will emerge at the perimeter with IAM integration. When applications and services are hosted via cloud–application access, authorization and authentication become ever more important. Identity and access management (IAM) will play an important role, as it works with entitlement management to define roles, duties and access levels to applications. Another central point to application control is identity federation. Since B2B security relies on this federation, it will be important to control access to the critical resources.
2. Data Access Control: Encryption and endpoint control features are critical. Although there's no concise definition of data access control, I'll essentially define it as the authorization and protection of data when it's being shared with multiple parties. Several technologies will make up this tier, driven by organizations wanting to classify, extract, encrypt, discover and control who accesses the data. It will be necessary to create a policy to enforce rights management at different points in the network.
3. Network Access Control: Fabric access control will define the network tier. B2B interactions rely on tools such as intrusion detection systems, intrusion prevention systems and security information management to mitigate diverse threats. So the fabric access control will enable use of enforcement mechanism at different parts of the network and secure a B2B environment from multiple interfaces.
4. Physical Access Control: Identity-based control will become the new frontier. Customers are increasingly demanding that physical control systems like badges and IP–based cameras become fully integrated with their corporate network and IT security controls. For instance, some organizations will not allow employees who don't badge in at the premises entry point to connect to the corporate network. There is also traction with other physical devices, such as global positioning system (GPS), radio frequency identification (RFID), sensors, and smart cards to provide location–based services that will link the user's identity to the physical systems.
“There is no easy solution to B2B security — it will require multiple technologies at each tier of access control to develop a comprehensive architecture. Your organization would need to define common set of technologies like NAC, antimalware, IPS, DLP, and IAM, can help you implement controls for multiple entry points. And integrate them using APIs like TNC IF–MAP, Open Virtual Format (OVF) and SAML at the physical, network, data, and application tiers,” says Usman Sindhu, analyst at Forrester Research.