Express Computer
Home  »  Guest Blogs  »  Modernising Enterprise Security for an Application-Centric World

Modernising Enterprise Security for an Application-Centric World

0 12

By: Mani Sundaram, Executive Vice President, Security Technology Group, Akamai Technologies

Over the past 20 years, enterprise IT infrastructure has evolved significantly. Modern applications now operate across on-premises, cloud, and SaaS platforms, with access methods expanding beyond traditional user interfaces to include machine-to-machine interactions via APIs. This evolution has brought numerous business benefits: reduced IT complexity, streamlined processes, enhanced third-party partnerships, improved user experiences through better integration, and optimised application performance by transitioning to microservices.

All this good news comes with a stark reality: Threat actors are also innovating. The distributed and interconnected nature of modern applications, along with new and unique attack vectors like APIs, create new opportunities for novel attacks that traditional enterprise security capabilities were not designed to protect against.

For enterprise security teams, this will require a shift in mindset from a perimeter-centric view of security to a strategy focused on modern application delivery and consumption models.

Rethinking the security perimeter

For decades, enterprise security has primarily focused on preventing attackers from breaching defenses. While maintaining strong perimeter security is still crucial, the landscape has evolved. Core IT assets, whether on-premises or cloud-based, must be secured against external threats. However, many attackers now exploit vulnerabilities in modern application delivery, such as compromised credentials or flawed APIs, allowing them to bypass traditional defenses altogether.

This new threat landscape requires a two-pronged security strategy: ’Find and eliminate gaps in security controls before they can be exploited’ and ’Recognise that breakdowns are inevitable and take steps to limit the “blast radius” and accelerate detection and response when security incidents inevitably occur’.

A modernised enterprise security architecture

Around 20 years ago, most enterprise environments had a well-defined perimeter with firewalls acting as the primary control points (i.e., castle-and-moat network security). Beyond this perimeter was typically a very flat network and this made breaches an all-or-nothing proposition. Once a threat actor successfully gained access, little would prevent them from discovering vulnerable internal systems and using them to move laterally toward higher-value IT assets.

In some cases, security teams attempted to mitigate this risk by adding additional firewall choke points within the internal network to slow threat actors’ progress. Unfortunately, often these architectures did more harm than good. They added significant cost and administrative overhead for security teams. They also introduced performance bottlenecks and the policy enforcement they offered was often far too coarse to slow the advance of a sophisticated threat actor.

Essential elements of a modern security architecture

Today, there is no perimeter. Accordingly, modern security architecture must include the following elements:

* A Zero Trust Network Access (ZTNA) model that can defend against north-south attacks, including scenarios in which a threat actor compromises a legitimate user’s device and/or credentials

*An identity-based authentication and authorization to ensure that human and machine identities continuously verify their identity and can access only the resources needed to perform their essential functions 

*An adaptive and granular micro-segmentation framework that mitigates east-west attacks by preventing threat actors from using an initial point of compromise to advance toward high-value on-premises or cloud assets

*Advanced protection against the new and complex threats introduced by growing API use

*Protection of applications against fraud and other vulnerabilities

*Scalable defense of hybrid environments against distributed denial-of-service (DDoS) and DNS-based attacks

This type of modern enterprise security architecture drives a strong layered defense-in-depth approach but increases the level of focus on application-level controls, such as web application and API protection (WAAP). But the recognition that breaches can never be avoided completely is equally important. This is why it is crucial to advance Zero Trust principles from theory to real-world implementation using techniques like ZTNA and micro-segmentation to mitigate lateral movement.

Get real time updates directly on you device, subscribe now.

Leave A Reply

Your email address will not be published.

LIVE Webinar

Digitize your HR practice with extensions to success factors

Join us for a virtual meeting on how organizations can use these extensions to not just provide a better experience to its’ employees, but also to significantly improve the efficiency of the HR processes
REGISTER NOW 

Stay updated with News, Trending Stories & Conferences with Express Computer
Follow us on Linkedin
India's Leading e-Governance Summit is here!!! Attend and Know more.
Register Now!
close-image
Attend Webinar & Enhance Your Organisation's Digital Experience.
Register Now
close-image
Enable A Truly Seamless & Secure Workplace.
Register Now
close-image
Attend Inida's Largest BFSI Technology Conclave!
Register Now
close-image
Know how to protect your company in digital era.
Register Now
close-image
Protect Your Critical Assets From Well-Organized Hackers
Register Now
close-image
Find Solutions to Maintain Productivity
Register Now
close-image
Live Webinar : Improve customer experience with Voice Bots
Register Now
close-image
Live Event: Technology Day- Kerala, E- Governance Champions Awards
Register Now
close-image
Virtual Conference : Learn to Automate complex Business Processes
Register Now
close-image