Computer security has long been thought of in terms of castle with a border to cross – the ramparts – which played the role of filter. Although immune, the internal activities were necessarily considered healthy. No need for protection. And outside no matter, since the ramparts were there to protect. An approach called perimetric, considered a few years ago as satisfactory to counter the majority of cyber threats. It was enough to set its firewalls to estimate, or more accurately believe, its data, servers and PC safely.
The disappearance of the perimeter
VPNs, firewalls and antivirus remain key components of any security policy, but they are no longer enough. And the very notion of “security perimeter” appears absurd in a world where many of the company’s data and services are hosted outside its cloud walls, where most employees are nomadic and have a constant need for connection to the Internet. Internet, where everyone brings into the company connected devices (laptops, tablets, watches, smartphones, USB keys, external drives, etc.) that are all vectors of additional attacks.
The ultra-mobility of users and their devices renders obsolete the notion of perimeter defense as it was conceived before. It no longer makes sense because the digital enterprise of today has no borders, no longer has a definable perimeter. In fact, the company is no longer defined by its walls, but by a digital continuum that extends from the data to the Cloud via networks, machines and employees.
It is therefore necessary to change the ways of thinking and conceiving of security. Critical data must be protected by all possible methods. Think of the network as a set of end-to-end secure point-to-point links. It must be ensured that each device connected to the information system is known and secure and isolates those deemed doubtful. It must be ensured that each connected device is protected by current tools and receives critical updates. Not only PCs, but also Macs, smartphones, tablets, cameras, network devices and IoT.
It is necessary to protect the user himself, his identity, by generalizing strong authentication (by smart card or dual device) and not be satisfied with passwords. These new tools for monitoring the digital continuum must be used to analyze all behaviors and to detect, by machine learning, deviant behaviors and weak signals betraying cyberattacks.
Finally, it is illusory to believe that, because we have put in place protective tools, the company is safe from intrusion. It is not and will never be the case. The question that must be asked is whether one is sufficiently well armed to ensure that successful attacks and other intrusions have little or no impact on the information assets of the enterprise and on the capacity of the latter to continue its activities normally.