Opinions expressed by Entrepreneur contributors are their own.
Key Takeaways
- The old “perimeter defense” model of cybersecurity no longer works. With remote work, cloud platforms and AI, there is no clearly defined perimeter left to guard.
- Identity is now your company’s first line of defense. You should adopt a Zero Trust Network Access model, manage authentication and issue company-owned devices to keep your digital environment secure.
- Instead of completely denying your employees access to tools that help them work smarter, weigh the risks of each tool and put the right safeguards in place.
Cybersecurity used to be simple: You just locked down the network, guarded the perimeter and called it a day. But that was a different world; one where your business was made up of cubicles, Ethernet cables and neatly siloed data centers.
Today, you’ll find that the traditional notion of cybersecurity — the one hyper-focused on “perimeters” — has collapsed under the weight of cloud platforms, remote workers and artificial intelligence. It’s become difficult to even define a new perimeter, let alone develop strategies to protect it. In fact, the perimeter, as we used to know it, is likely gone forever.
In an era where your business networks are not owned, employees are working from everywhere and applications live who-knows-where, the old security playbook is futile. Still, the fundamentals of cybersecurity have not vanished; they’ve just evolved.
Related: Your Company’s Security Strategy Has a Glaring Hole. Here’s What’s Causing It — and How to Fix It.
How did we get here?
To understand how today’s cybersecurity commotion came to be, it helps to rewind to a time when things were more grounded — literally.
In any iteration of security, there are three aspects in play: the network, the user and the application. In what feels like a distant age — when employees would come to a physical office building and sit tethered to RJ45 connectors and Ethernet — security was naturally baked into the network.
With tools like firewalls and intrusion detection systems, it was simple and ritualistic to draw a perimeter around the workspace and lock down everything inside. But now, as remote work, cloud applications and AI become the norm, we’ve stretched the perimeter so far that it’s time to face a simple fact: Our old “defend the perimeter” strategy must evolve.
What do we do now?
With the network largely outside of our control, security today is supported by the remaining two pillars, the user and the application. The key to making new strategies is simple: Pick one and be prepared to master its intricacies. True security lies in deeply understanding the terrain you’re defending, but they are not built the same.
With the rapid adoption of “Software as a Service” (SaaS), managing applications has become a daunting task. Previously, applications were protected because organizations built and hosted the data within their own centers. Now, third-party providers host applications — such as Google Drive, Slack, Dropbox, ChatGPT and more — over the internet, making them easier to access for employees with minimal IT oversight.
With SaaS only growing in popularity, navigating total application security can seem like following a spinning compass. While there are certainly techniques and platforms designed to help businesses tackle pitfalls like Shadow IT and Shadow AI, wouldn’t it be easier to start with what you can control? For simple security success, shift your attention from the application itself to the person who’s accessing it: the user.
Related: The Pivot to Remote, and What It Means for Security
How do you manage identity?
Adopt a “Zero Trust Network Access” (ZTNA) model. Though popular in the past, today, it’s critical to reject the idea that anything inside a network is automatically safe — redefining the way security professionals think about trust in a borderless world. If the network is a free-for-all, everything within is a potential threat vector. Now, trust can only be built at the individual level by putting a microscope on every user, their identity, the devices they use and the access they’re granted.
Implement a mechanism that authenticates: With no clearly defined perimeter left to guard, identity is now your company’s first line of defense. It’s imperative to make sure users are who they say they are, and sometimes, just asking for a password isn’t going to cut it. Today’s authentication methods are smarter and stronger, like multi-factor authentication, biometrics, security tokens and Role-Based Access Control.
Control users through devices: Letting employees bring their own devices might seem convenient, but it also opens the door to vulnerabilities. You can’t control what you can’t see, and allowing personal devices in the workspace is a surefire path leading to zero visibility. While it’s impossible to control the actions of every single employee, issuing company-owned devices puts IT back in control through visibility.
With insights into employee behavior, security teams can establish more effective acceptable use policies (AUP), block risky applications, flag dangerous behavior in real-time and understand what their security posture really is. Maintaining visibility over users is the new means for keeping your digital environment airtight.
Balance security with productivity: The pressure to be productive, modern and agile is exacerbating the security crisis. Though nightmares of breaches may tempt leaders to put down the iron fist, that may do more harm than good. Throw down too many roadblocks, and people will seek out ways around them.
Instead of flat-out denying access to tools that help employees work smarter, ask them to make the case. If a new application or workflow improves efficiency and shows real ROI through solid, quantitative data, don’t be afraid to say yes after weighing the risks and putting the right safeguards in place. The trick is knowing where to flex and where to hold firm.
Related: Employees Can Be Insider Threats to Cybersecurity. Here’s How to Protect Your Organization.
You are still in control
As controlling the network has become difficult in today’s decentralized cloud-driven world, a strong cybersecurity strategy must instead focus on the user — even if they don’t physically sit within the walls of your business. The network itself is no longer a trustworthy boundary, and in turn, the ability to assume safety based on location or device has become antiquated.
Instead, security must be built around your employees and their identity. Even though you can’t lock down the network, you can control what people can access. Focus on authentication, own the user and embrace a strategy that fits today’s borderless reality.
Key Takeaways
- The old “perimeter defense” model of cybersecurity no longer works. With remote work, cloud platforms and AI, there is no clearly defined perimeter left to guard.
- Identity is now your company’s first line of defense. You should adopt a Zero Trust Network Access model, manage authentication and issue company-owned devices to keep your digital environment secure.
- Instead of completely denying your employees access to tools that help them work smarter, weigh the risks of each tool and put the right safeguards in place.
Cybersecurity used to be simple: You just locked down the network, guarded the perimeter and called it a day. But that was a different world; one where your business was made up of cubicles, Ethernet cables and neatly siloed data centers.
Today, you’ll find that the traditional notion of cybersecurity — the one hyper-focused on “perimeters” — has collapsed under the weight of cloud platforms, remote workers and artificial intelligence. It’s become difficult to even define a new perimeter, let alone develop strategies to protect it. In fact, the perimeter, as we used to know it, is likely gone forever.
The rest of this article is locked.
Join Entrepreneur+ today for access.
