By: Brian DeVault

There are many elements to consider for a good Cybersecurity posture. In this week’s episode we are going to be talking about cloud on premises and why this is an important feature for security. The way that cloud providers deal with networking is completely different than the way traditional networking works. We want to make sure that when we’re implementing cloud based strategies, there are qualified infrastructure architects that help to create secure environments.

View Video Transcript

Architecture

While security architecture has many definitions, ultimately it is a set of security principles, methods and models designed to align to your objectives and help keep your organization safe from cyber threats. Security architecture translates the business requirements to executable security requirements.

One way to quickly understand it is to liken it to regular architecture. An architect of homes, schools and office blocks has much the same job as a security architect. They examine the property, take into account such factors such as client preference, soil type, topography and climate and then produce a plan to achieve the desired outcome. Other individuals, in this case builders and contractors, then construct the building itself, under the guidance of the architect to ensure it meets the objective.

Security architectures typically share the same purpose – protect the organization from cyber harm. In order to achieve this, architects will often try to install themselves in your business for a period of time while they learn what makes you and your people different. They will talk to your leaders and employees seeking to understand your individual business goals, the requirements of your systems, the needs of your customers and other critical factors. From here, they can produce a plan and offer guidance that is aligned to your business objectives and suits your cybersecurity needs.

Multi-Factor Authentication

Multi-factor Authentication (MFA) is an authentication method that requires the user to provide two or more verification factors to gain access to a resource such as an application, online account, or a VPN. MFA is a core component of a strong identity and access management policy. Rather than just asking for a username and password, MFA requires one or more additional verification factors, which decreases the likelihood of a successful cyber attack.

MFA works by requiring additional verification information. One of the most common MFA factors that users encounter are one time passwords, (OTP). OTPs are those 4-8 digit codes that you often receive via email, SMS or some sort of mobile app. With OTPs a new code is generated periodically or each time an authentication request is submitted. The code is generated based upon a seed value that is assigned to the user when they first register and some other factor which could simply be a counter that is incremented or a time value.

Zero Trust Access

Zero Trust is a network security model, based on a strict identity verification process. The framework dictates that only authenticated and authorized users and devices can access applications and data. At the same time, it protects those applications and users from advanced threats on the Internet. This model was first introduced by an analyst at Forrester Research and although not entirely a new theory, it has become more and more important for modern day digital transformation and its impact on business network security architecture.

With the modern workforce becoming increasingly on the go accessing applications from multiple devices outside of the business perimeter, enterprises have adopted a “verify, then trust” model which means if someone has the correct user credentials, they are admitted to whichever site, app, or device they are requesting. This results in an increasing risk of exposure, dissolving what was once the trusted enterprise zone of control and leaving many organizations exposed to data breaches, malware and ransomware attacks. Protection is now needed where applications, data, users and devices are located.

Users, devices, applications, and data are moving outside of the enterprise perimeter and zone of control. New business processes driven by digital transformation increase the risk of exposure. “Trust but verify” is no longer an option, as targeted, advanced threats are moving inside the corporate perimeter. Traditional perimeters are complex, increase risk, and are no longer compatible with today’s business models. To be competitive, businesses need a zero trust network architecture able to protect the enterprise data, wherever users and devices are, while also ensuring that applications work quickly and seamlessly.

Assess

One way to secure IT assets, maintain an awareness of the vulnerabilities in an environment and respond quickly to mitigate potential threats is through regular vulnerability assessment (VA). A VA is a process to identify and quantify the security vulnerabilities in an organization’s environment. A comprehensive VA program provides organizations with the knowledge, awareness and risk background necessary to understand threats to their environment and react accordingly.

Your business should regularly assess, doing vulnerability scanning against all security threat environments. There is also port scanning to make sure that those environments stay secure through the process of change. This is something that any mature IT Department is going to know. Any mature Managed Service Provider (MSP) is also going to be experienced with this. Any time you execute change management, you always have to go back and assess.

Report

After a vulnerability assessment, the only outcome of the work is a vulnerability assessment report. Without a clear and well-structured report, your company might not understand the scale of the threat they are facing, or understand what steps they need to take to decrease the threat.

One of the most important sections of a vulnerability assessment report is the executive summary. The executive summary section should include:

Assessment Date: The assessment date range is important as this will show the current state of the scope, tested vulnerabilities and the time required to eliminate these vulnerabilities.

Scope: This is the summary of the general scope. The scope is not separately written as an IP or domain name. A number or the project name of the scope can be assigned.

Assessment General Status: The summary section must make a general assessment in terms of risk for the readers. Here, you can summarize the vulnerability categories or general status.

Limitations and Methodology: This section is important to have the same perspective as your company. In this section, you need to provide information about the software you use or software methodology. The outcome of your vulnerability assessment is directly linked with the software and methodology you use.

Integrate

Your business can use software like Microsoft Active Directory to integrate with your cloud applications so that you can get single sign on. You can also use your native MFA that’s built into the Active directory. You can use your domain security that’s integrated as well. Whether your data is on Prem or cloud, have a security minded approach towards how you store your data. Where you store your data, the ways that you allow your data to transmit, whether that’s HTTPS or FTP or SFTP or whatever it may be, make sure it’s secure and encrypted.

This blog post is part of NETRIO’s weekly Whiteboard Wednesday series. Follow along on Linkedin and YouTube each week as Brian and Mike discuss use cases, new technology, and trends.