Drowning in your own network?
November 2020 by Brian Trzupek, Senior Vice President of Emerging Markets, DigiCert
The network is no longer as simple as it was. Where there once was a geographically defined perimeter, walled in with bricks and mortar and propped up by a handful of endpoints and servers - there now sits something much more complex. As Enterprise IT has evolved so too has the difficulty in managing it. For all of the benefits that technological advancement has wrought, each has created new problems.
Modern networks sprawl far past effective human reach, glittering with endpoints, devices and users. Amid that tangle, it is quite easy to leave a component exposed or a credential lying around - unfortunately an attacker needs only one of those to bring an otherwise well secured network tumbling down.
This problem has dogged enterprise security for years, and it has enlarged instep with digital transformation.
Take digital certificates. System administrators have to deal with tonnes of certificates in order to keep data secure. The task of actually overseeing, tracking and managing all that can be a burdensome job for many enterprises.
It’s not just hundreds of one kind of certificate they’re dealing with either. Each comes with their own idiosyncrasies, expiration dates and endpoint vulnerabilities. Admins must often contend with lost or forgotten certs, which can then lead to them unknowingly expiring and opening up downtime that can be critical to a business’ bottom line, whether it be the lack of e-commerce or a network intrusion not being detected, as seen in the Equifax breach. That brings added cost to time, energy and budget not to mention the fact that new documents must be submitted every time a publicly trusted certificate goes through the vetting process. That’s a lot of work and as digital transformations grow the IT infrastructure of the average enterprise, the demand for certificates is ever growing. While enterprises are struggling under that weight - adversaries can slip in.
That’s true of a variety of elements within the enterprise. IoT rollouts are commonly constructed of vast numbers of devices and can be notoriously hard to manage consistently. As the IoT explodes into enterprise IT, it deals with several similar concerns, separate from the all too common in built vulnerabilities that we hear so much about.
Many IoT devices don’t possess the kind of computing power necessary to handle strong encryption on their own. Furthermore, IoT usage often outpaces how quickly IoT security can scale up and with hordes of devices coming online every day, enterprises security has trouble effectively managing them.
Similar problems abound in user identities too. Roles and access privileges proliferate far beyond what users actually need them for and shadow accounts - unmonitored and set up clandestinely - cripple organisations.
These are all headaches of the moment. The fact is that the requirement for quick, ad hoc infrastructure to be spun up and experimental rollouts to be deployed is scaling exponentially with cloud computing. Enterprises increasingly require the agility of cloud computing and CI/CD workflows (Continuous Integration/Continuous Development) to do business, and they require a similar kind of agility in the systems that secure it.
While it might affect multiple parts of the enterprise, this problem has to do with one thing: Management. Enterprises need a scalable architecture that can accommodate the complexity of a modern network and quickly provide a way to integrate PKI services with business processes. And then from there, they can centralise and automate the management of these strong identities, certificates, and devices.
IoT manufacturers need to start provisioning and embedding strong device identity early in the device’s lifecycle while enterprise users can onboard large IoT rollouts by seamlessly deploying identities. The same is true of user identities which can be deployed to large workforces quickly and with little burden on the user. This can all be achieved by using centralised management platforms combined with modern PKI that enables fast deployment across a variety of environments, whether on premises, in the cloud, in-country for government regulatory compliance or a combination of these.
It might be tempting to withdraw when faced with the overbearing weight of a network. With the perimeter heading out of sight and new devices, users and credentials making their way into the enterprise every day - enterprises face a difficult job. But they couldn’t run away from that challenge, even if they wanted to. Centralised PKI management platforms that integrate with server orchestration and management systems are available to ease the load.