SecurityBrief Asia - Technology news for CISOs & cybersecurity decision-makers
Story image
Why endpoint security is critical in a post-perimeter era
Thu, 22nd Nov 2018
FYI, this story is more than a year old

The refrain of the non-existent perimeter is one that security professionals are hearing more often - but what does it mean in today's context?

Today, business apps and data have moved to the cloud and employees have gone mobile.

Threat actors are acutely aware of this trend and are already taking full advantage of it.

The acceleration of BYOD (Bring Your Own Device) policies only compounds this risk, as social media and mobile messaging apps used for personal purposes can be compromised to phish employees and steal corporate data.

For most businesses, this means their data may be accessed from devices they don't know or trust, over unsecured Wi-Fi networks they don't control.

Traditional perimeter-based security strategies – once the backbone of enterprise security – simply no longer apply because it can no longer be monitored with the same tools.

However, that doesn't mean critical information can't be protected.

It just means a different approach is required –  a post-perimeter approach.

What to protect when there's no perimeter

Gartner predicts that 80% of worker tasks will take place on a mobile device by 2020.

As a result, organisations must rethink their security policies to follow the endpoints wherever there are.

Post-perimeter security is a new approach to enterprise security centred on the protection of corporate data when accessed by devices outside the corporate perimeter.

It is a security model for the modern, perimeterless, cloud-delivered, and privacy-focused world.

Post-perimeter security controls access to both the Internet and corporate data based on continuous assessment of risk.

It then modifies access to protect data and users if risk levels are exceeded.

Why we need a zero trust model

The zero trust model was created in 2010 by an analyst at Forrester Research.

The model is centred on the belief that organisations shouldn't automatically trust anything, whether inside or outside its perimeter.

To establish trust and gain access, users must both prove their identity and validate that their device is free from cyber threats.

A device that has been compromised cannot be trusted and should not be granted access.

In order to monitor the health of a device based on an enterprise's risk tolerance, the enterprise must have a solution that is able to see into the full spectrum of risk.

Lookout security telemetry from over 170 million devices and 70 million apps informs whether an employee should be allowed to authenticate to corporate resources using the enterprise's identity solution.

To learn more, download this white paper.

Lookout also delivers phishing and content protection, that addresses phishing attacks beyond email which are more difficult to identify such as SMS, social media apps, messaging apps, and more.

Securing corporate data and protecting employees can no longer be accomplished by legacy security technologies – no matter how many bolt-ons or workarounds you add.

With security at the endpoint, ongoing monitoring for risks can be achieved in real time at the point of contact, wherever that exposure may be.

Contact Lookout for a free demo or to find out how Lookout can help you protect your organisation's data.