The complexity of connections

1 April 2020 Infrastructure

The complexity and span of devices on the network continues to develop at an astounding rate and many organisations are struggling to address the growing attack surface. A plethora of devices are being brought into the workplace and while all these new devices are designed to drive collaboration and connection, when they become connected to the company networks, they can become an insider threat and another possible entry point for hacking.

IDC declares that 55 billion devices will be connected worldwide by 2022, while Forbes Technology Council reports that up to 90% of these devices will be unmanaged or un-agentable, meaning that these devices will not be able to be protected by traditional cybersecurity solutions. Furthermore, with the growing everywhereness of device ability to send and receive data via the Internet, the adoption of IoT to improve operational efficiencies and outcomes has taken precedence over critical security and compliance best practices. Forbes Technology Council describes that currently companies cannot see 40% of the devices in their environments.

South African’ organisations are no exception, from IoT to an always-on mobile workforce, many business networks around the country are connecting to more and more devices while struggling to see, manage or secure them, these organisations are more exposed to hack-attacks than ever before.

Building an edge-capable IT function

The network edge represents the culmination of all users, devices and technologies. According to Gartner, edge computing will be a necessary requirement for all digital businesses by 2022. With potentially trillions of Rands being invested in the hope of generating huge economic returns, the argument for paying attention to the edge opportunity is clear and the window for learning and action is narrowing. From a network security perspective, the challenge for IT teams is to lead the pursuit of these edge-based strategies across the business and manage the edge environments, from user devices to operational technology – all with data security as a priority.

In the findings of the e-book commissioned by Aruba entitled ‘Opportunity at the Edge: Change, Challenge, and Transformation on the Path to 2025’, many interviewees and survey respondents highlighted the sheer scale of the technology ecosystem that IT must manage in an edge environment. The edge represents a massive increase in security risks as every device and network touchpoint becomes a potential point of vulnerability and source of threat.

The InfoSec Institute highlights a number of critical risks that need to be managed, including weak device access passwords; insecure communications; data collected and transmitted by devices being largely unencrypted and unauthenticated; physical security risks for individual devices; and poor service visibility, with security teams unaware of the services running on certain devices.

The solution: an edge with built-in zero trust

With these developments, findings and projections on hand, networks will be more vulnerable to insider hacking than ever before and organisations are forced to adopt Zero Trust and Zero Risk Tolerance models that are built-into their network edge.

Sometimes it takes a while for the market to put a name on what you have been doing for a long time. For those not following the latest in security trends, Zero Trust is simply defined as not trusting either the endpoint or the network in terms of granting access.

When Aruba was founded in 2002, we identified security as one of the key challenges for organisations adopting wireless connectivity. That’s why we introduced a Policy Enforcement Firewall (PEF), a firewall that enforces role-based access control across the network, independent of the method of connection. At that time, the market didn’t call it Zero Trust, but essentially that is what it was: the user or device must be authenticated and once that happens, application-layer IT access is granted based on the role of that endpoint. PEF is the enforcement point.

We’ve shipped millions of Policy Enforcement Firewalls that run on both Aruba access points and gateways. As such, they are embedded in our network infrastructure and protect not only wired and wireless LAN connections, but also anchor the Zero Trust security in our edge-to-cloud Software Defined Branch solution. Our Zero Trust protection is so effective that in September 2019 PEF was the only firewall designated by the insurance industry as Cyber Catalyst based on its demonstrated ability to reduce risk.

PEF is the critical component for Aruba Zero Trust that works in conjunction with other elements of the Aruba network ecosystem to implement the management and visibility needed by both the operations and security teams. Aruba’s ClearPass Device Insight harnesses the power of artificial intelligence (AI) to automatically discover and profile everything that is connected to the network without using device agents, all while furnishing a continuous profiling platform that embeds machine learning methods to detect and respond to any change in that profile. When integrated with ClearPass Policy Manager, access policies with precise IT access rights can be created to define the exact role of that device on the network at that moment in time, thus minimising the attack surface. To close the loop, the policy is passed to PEF for control of wired, wireless and WAN access and dynamically segmenting the traffic. This is how Built-in Zero Trust should be.

It doesn’t take a security expert to know that spearfishing, ransomware and denial-of-service attacks are an ever-present danger and the explosion of mobile devices and IoT are increasing that attack surface and creating an ever widening blind spot. To deal with this threat environment, Zero Trust is a must-have foundational element in any enterprise security system. But remember, you can’t simply paste Zero Trust onto your edge, you must have Zero Trust built-in.




Share this article:
Share via emailShare via LinkedInPrint this page



Further reading:

The hidden cost of cheap networking gear
Duxbury Networking Infrastructure
When it comes to building a network, price is always a consideration, especially in the current economic climate, but there is a difference between smart spending and short-term savings with long-term losses.

Read more...
Open source code can also be open risk
Information Security Infrastructure
Software development has changed significantly over the years, and today, open-source code increasingly forms the foundation of modern applications, with surveys indicating that 60 – 90% of the average application's code base consists of open-source components.

Read more...
Fastest PCIe Gen 5.0 NVMe SSD
Products & Solutions Infrastructure
Sandisk has unveiled the WD_BLACK SN8100 NVMe SSD with PCIe Gen 5.0 technology, an internal SSD delivering speeds up to 14 900 MB/s and capacities up to 4 TB, with 8 TB solutions available soon.

Read more...
Unified storage solution
Products & Solutions Infrastructure
CASA Software has announced the local availability of Nexsan’s upgraded unified storage solution, Unity NV4000, which is ideal for mixed workloads, from virtualisation and video surveillance to secure backup and recovery.

Read more...
Suprema unveils BioStar Air
Suprema neaMetrics News & Events Access Control & Identity Management Infrastructure
Suprema launches BioStar Air, the first cloud-based access control platform designed to natively support biometric authentication and feature true zero-on-premise architecture. BioStar Air simplifies deployment and scales effortlessly to secure SMBs, multi-branch companies, and mixed-use buildings.

Read more...
Back-up securely and restore in seconds
Betatrac Telematic Solutions Editor's Choice Information Security Infrastructure
Betatrac has a solution that enables companies to back-up up to 8 TB of data onto a device and restore it in 30 seconds in an emergency, called Rapid Access Data Recovery (RADR).

Read more...
Advanced surveillance storage from ASBIS
Infrastructure Surveillance Products & Solutions
From a video storage solutions perspective, SkyHawk drives, designed for DVRs and NVRs, offer high capacity, optimised firmware, and a reliability workload rating of hundreds of terabytes per year.

Read more...
Power surges are killing our networks
Duxbury Networking Infrastructure
With power surges and lightning strikes becoming an all-too-familiar threat to South African infrastructure, Duxbury Networking is calling on local installers and network integrators to follow proper grounding protocols.

Read more...
A passport to offline backups
SMART Security Solutions Technews Publishing Editor's Choice Infrastructure Smart Home Automation
SMART Security Solutions tested a 6 TB WD My Passport and found it is much more than simply another portable hard drive when considering the free security software the company includes with the device.

Read more...
Five tech trends shaping business in 2025
Information Security Infrastructure
From runaway IT costs to the urgent need for comprehensive AI strategies that drive sustainable business impact, executives must be prepared to navigate a complex and evolving technology environment to extract maximum value from their investments.

Read more...










While every effort has been made to ensure the accuracy of the information contained herein, the publisher and its agents cannot be held responsible for any errors contained, or any loss incurred as a result. Articles published do not necessarily reflect the views of the publishers. The editor reserves the right to alter or cut copy. Articles submitted are deemed to have been cleared for publication. Advertisements and company contact details are published as provided by the advertiser. Technews Publishing (Pty) Ltd cannot be held responsible for the accuracy or veracity of supplied material.




© Technews Publishing (Pty) Ltd. | All Rights Reserved.