Security beyond the Edge

As a Security Architect for Mobile and Cloud within Intel IT, I’ve seen sweeping changes to the security landscape. For example, the proliferation of personally owned small form factor devices and social media has irrevocably changed the speed at which information flows.

Another such “sea change” is already well underway—the growing tendency of enterprise data and applications to be hosted in public clouds or “beyond the edge” of the traditional enterprise perimeter and corporate owned and managed devices, such as phones and laptops. But taking enterprise security beyond the edge raises three challenges.

BLOG-pillar-protectingthedata.pngThe first challenge lies in protecting the data and applications no matter where they’re hosted. I like to use the analogy of a castle. Historically, enterprise data and applications were stored in the data center—the treasure room of the “castle” so to speak. They were well protected with gates and walls and guards and “we” were in charge of the entire security protocol. Now, as data and applications move to the cloud, we have many castles. We are not sure how thick those castles’ walls are, how experienced the guards are, or how many locks are on the gates. The security protocol is no longer in our possession.

Bring-your-own devices, which access the enterprise network and host company data, raise another challenge. These user-owned devices often lack the necessary security controls, and the operating systems that manage these devices are controlled by a third-party software or hardware company. But productivity demands that we allow these devices to access enterprise data and applications.

The third challenge—and this is one people aren’t talking much about, yet—is how to provide a consistent security and user experience whether or not the data or application is in our possession. Maintaining the necessary security beyond the edge while still providing a good user experience is important. The user shouldn’t have to know or care where the data or application is hosted.

Screen Shot 2015-10-14 at 7.34.00 AM.pngSo what is Intel doing to solve these challenges? Our white paper, “Taking Enterprise Security beyond the Edge,” describes our hybrid cloud security strategy and ways to enable applications and services to move smoothly in and out of any cloud, such as:

  • Building secure applications using security APIs.
  • Managing identity in a multi-identity world.
  • Performing an online trust check—establishing trust without control.
  • Using attributes (information points) to determine the trust level of a device. Which network the device is using, what sort of device it is, what controls exist on the device, which OS version is installed, and physical and logical location—these all impact trust.
  • Establishing a secure termination point that ingests information points and other core information, compares those information points to policies, and makes a decision to establish a session or not, based on the information received from the attributes.
  • Performing remediation and healing. That is, if a session is not established, what needs to be done to fix the problem automatically?

I’ll also be presenting on this topic at Intel Security FOCUS 15. In the meantime, I’d like to hear from other security professionals—how are you meeting the challenges of beyond-the-edge security? What suggestions do you have? Please share your thoughts and insights with me, and other IT colleagues, here on the IT Peer Network.