The Death of a Firewall...

The internet’s role and dynamic is ever evolving; as a result, the technologies to make it secure certainly has to keep pace.  Perimeter-based security options like firewalls and access controls just will not cut it for new technologies that expand beyond corporate networks.  "Identity is the new perimeter," said Andi Mann, a vice president at CA Technology, during a Google Hangout with other cloud experts sponsored by Datamation recently. "You can't lock down by firewalls any more you can't even really lock down by application access anymore because you're getting portions of an application from different services and different providers."

What does she mean?  Well, a good analogy would be to really secure a facility like an

amusement park is not to just put up a state of the art fence, but give your patrons ID cards to use it’s facilities.  That way, if there is a breach of the fence, the use of your assets will not be abused.  This concept is similar to what identity base security promotes.

Users are accessing these beyond-the-firewall services without IT knowing about it (shadow IT), employees are using their mobile phones to handle corporate information (BYOD). Those use cases and more are causing a rethinking of security approaches. "It's much more complex," said David Linthicum a vice president at consultancy Cloud Technology Partners, who also sat in on the Hangout.

Migrating to an identity-based security approach will be better for most organizations in the long run because it can be cheaper than investing in hardware and allows more flexibility, Mann and Linthicum agreed. Using an identity-based approach allows organizations to focus on who the person is and what they are allowed to access, rather than are they allowed through this barrier point. "It's a whole different mode and one that opens you up to be able to use multiple services from multiple providers, to take a best of breed public plus private approach," says Mann.

Take hybrid cloud computing: Many define it as any combination of on-premises and off-premises cloud resources. So, a database that's serving information to a cloud-based Salesforce.com customer relationship management tool, or a virtualized environment in a company's data center drawing on spare storage capacity in Amazon's cloud could be considered hybrid clouds. But when developers are spinning up virtual machines in the public cloud, the traditional firewall may not protect against corporate data flowing back and forth unprotected.

And hybrid cloud is where organizations are looking. Linthicum, who consults with customers on

cloud adoption strategies, says most customers see hybrid cloud as an end goal. They want to retain their legacy installations, while moving hesitantly toward using outsourced options because of perceived lack of security and privacy.

"Pretty much everyone has it on their radar screens now," he says. Mann found that 94% of respondents from around the globe reported they're already using a combination of both on-premise and off-premise resources to create a hybrid environment. "This is even sooner than the near future, it's right now," he says.

Federated identity access management is not new, but the move to using cloud-based services makes the need for these systems greater, says IDC security analyst Sally Hudson.

"The traditional IT perimeter no longer exists, hence neither does the traditional perimeter defense posture," she wrote in an e-mail. But, that doesn't mean implementing these systems is just a plug-and-play and you're ready to go. "Next generation security monitoring, maintenance and management is expensive and requires highly skilled professionals," she says. "It will rely more on real time information profiling and back end analytics and less on passwords and simplistic access methods."

Vendors in this market include IBM, CA Technologies, RSA the security division of EMC, Oracle, Covisint, NetIQ and Ping Identity, among other newer companies like Okta, OneLogin, ForgeRock and Symplified, she says.

Source(s):  

• http://www.itnews.com/configuration-maintenance/65355/how-hybrid-cloud-hastening-demise-traditional-firewall-security#sthash.VaXlFIWQ.dpuf

So “Once more unto the breach, dear friends, once more;”

____________________________________________________________

About Rick Ricker

An IT professional with over 21 years experience in Information Security, wireless broadband, network and Infrastructure design, development, and support.

For more information, contact Rick at (800) 399-6085 x502