We like to challenge the traditional view of a perimeter because today’s users -- with access to multiple devices and digital services -- have transcended that perimeter. Having said this, it does not fully define the cybersecurity problem facing the modern enterprise. First, the old perimeter is still in place, as many businesses continue to see the so-called private network perimeter as their primary battle line. In addition, businesses are increasingly relying on data that is transient and flows easily across boundaries. Adequately protecting the enterprise has become a very costly affair, leading many organizations to make serious compromises.
So what should the enterprise do? While it might seem counterintuitive, the emergence of public -- not private -- networks might provide businesses with the solution they need in the new digital age. In other words, the cloud could help shrink, not expand, the enterprise’s perimeter.
How We All Got Here
Before we look at how the cloud might do this, it’s helpful to understand how the enterprise got to this point. The reality is that the private network was not designed to operate in the age of digital. The importance of digital interactions outside our traditional corporate boundaries has forced our network perimeter to become highly extended and perforated, while the overall surface area we are protecting has increasingly spilled over this traditional boundary as organizations try to manipulate the private network into supporting the digital enterprise.
Our private networks -- which in most cases are global and support numerous offices and locations comprising tens of thousands of endpoints -- continue to expand. Mobility then enabled workforces to become more transient while encouraging businesses to integrate third-party resources into their environments. Businesses have also connected their networks to business partners, service providers, supply chains and other organizations.
The problem with private networks is that they are based on a many-to-many model. Most devices on the network can reach almost every other device. Mathematically, this is an exponential (n2- n) problem. A network with just 10,000 endpoints or nodes would require a business to watch 99,990,000 potential connections.
In today’s enterprise, data flows easily across traditional network perimeters. With the rapid growth of data -- and the replication of that data -- the true surface area that an organization needs to protect is typically unknown. As soon as the data moves outside a database that sits inside a data center, an organization loses control and knowledge of where the data exists, how many copies have been created and where it travels. As IDC noted in a whitepaper back in 2013, the modern enterprise has a “copy data” problem.
Why the Cloud?
This article is not the first to make the case that the cloud may be more secure than an on-premise, private network.
The reality is that cyber leaders today are supporting businesses that increasingly need to embrace trends that challenge traditional security models. The traditional models are failing and are extremely costly to support in the new digital age. At the same time, the fears of the cloud have not materialized. As a 2015 report by Gartner observed, “CIOs and CISOs need to stop obsessing over unsubstantiated cloud security worries and instead apply their imagination and energy to developing new approaches to cloud control.” The real question that needs to be answered is, "How do we reverse the growth of the surface area while enabling businesses to take advantage of the significant value created by the digital age?"
The cloud comes with a different security model that was perfected in the late 1990s during the dotcom boom. The model has protected applications that support billions in transactions daily. Cloud applications are only exposed to the network through a well-defined port. Securing access is done independent of the network and secures the users directly to the application. Add strong authentication to that connection, and you have a highly secure and trusted way of delivering information and services anyplace, anywhere and at any time. To better understand this model: An enterprise with 10,000 users and 100 applications would have a total of about 1 million potential connections that must be monitored. Recalling the scenario we looked at earlier, this is a 99% reduction in potential connections, vastly reducing the surface area, complexity and costs of security.
The cloud enables the enterprise to take advantage of the value provided by the digital transformation of today’s modern enterprise. The cloud increases the speed at which companies can create partnerships, open sales offices in remote countries or purchase companies, all without the need to connect private networks. Our traditional security models were not designed to support the modern enterprise, but the cloud can help. The transition will take time, but to paraphrase the famous Apple call to arms, it all starts by “thinking different.”