Story image

Identity: The new common language of data - and the new security perimeter

04 Dec 17

According to IT provider Empired, the digital world has opened up a new world of possibilities for enterprise security. Data is no longer bound by four walls and firewalls are now open to business partners, suppliers and cloud services.

Even web-facing consumer cloud services are more vulnerable to hacking than ever, and it is important that organisations move beyond their conventional views, the company says.

“The reality is there are no more boundaries for corporate data. With so many services in so many locations it’s no longer possible to draw a line around the network, which calls into question how to protect it,” explains Empired’s national business manager of cloud design and integration, Jaen Snyman.

“With data stored on-premises, in permitted cloud services, in unknown cloud services, on corporate devices, and on un-managed devices, data has moved beyond the network, which means we need a new security perimeter.” 

Identity could be the new common language of data – or the new control plane. It should also make up the new security perimeter, Empired explains.

Identity is also about who a user is rather than where they are. Digital identities are, in fact, about much more than a simple username and password.

“With identity as the control plane who you are can be used to get access to different data within the organisation whether users are in the office, at home, or somewhere else,” Snyman says.

“Further, using identity provides an additional layer of protection. For example, if an employee usually accesses particular data in the office and is suddenly trying to access this from a different location, this could raise a red flag and prompt the system to ask further questions to verify the identity of the person accessing the data.” 

The company says there are three approaches to identity-driven security.

1.        Protecting the front door: Safeguard resources at the front door with innovative and advanced risk-based conditional accesses. 
2.        Providing layered protection: Gain deep visibility into user, app, devices, and data activity on-premises and in the cloud. 
3.        Detecting attacks before they cause damage: Uncover suspicious activity and pinpoint threats with deep visibility and ingoing behavioural analytics. 

Hillstone CTO's 2019 security predictions
Hillstone Networks CTO Tim Liu shares what key developments could be expected in the areas of security compliance, cloud, security, AI and IoT.
Can it be trusted? Huawei’s founder speaks out
Ren Zhengfei spoke candidly in a recent media roundtable about security, 5G, his daughter’s detainment, the USA, and the West’s perception of Huawei.
Oracle Java Card update boosts security for IoT devices
"Java Card 3.1 is very significant to the Internet of Things, bringing interoperability, security and flexibility to a fast-growing market currently lacking high-security and flexible edge security solutions."
Sophos hires ex-McAfee SVP Gavin Struther
After 16 years as the APAC senior vice president and president for McAfee, Struthers is now heading the APJ arm of Sophos.
Half of companies unable to detect IoT device breaches
A Gemalto study also shows that the of blockchain technology to help secure IoT data, services and devices has doubled in a year.
Huawei founder publically denies spying allegations
“After all the evidence is made public, we will rely on the justice system.”
Malware downloader on the rise in Check Point’s latest Threat Index
Organisations continue to be targeted by cryptominers, despite an overall drop in value across all cryptocurrencies in 2018.
IoT breaches: Nearly half of businesses still can’t detect them
The Internet of Thing’s (IoT’s) rapid rise to prominence may have compromised its security, if a new report from Gemalto is anything to go by.