By: Mani Sundaram, Executive Vice President, Security Technology Group, Akamai Technologies
Over the past 20 years, enterprise IT infrastructure has evolved significantly. Modern applications now operate across on-premises, cloud, and SaaS platforms, with access methods expanding beyond traditional user interfaces to include machine-to-machine interactions via APIs. This evolution has brought numerous business benefits: reduced IT complexity, streamlined processes, enhanced third-party partnerships, improved user experiences through better integration, and optimised application performance by transitioning to microservices.
All this good news comes with a stark reality: Threat actors are also innovating. The distributed and interconnected nature of modern applications, along with new and unique attack vectors like APIs, create new opportunities for novel attacks that traditional enterprise security capabilities were not designed to protect against.
For enterprise security teams, this will require a shift in mindset from a perimeter-centric view of security to a strategy focused on modern application delivery and consumption models.
Rethinking the security perimeter
For decades, enterprise security has primarily focused on preventing attackers from breaching defenses. While maintaining strong perimeter security is still crucial, the landscape has evolved. Core IT assets, whether on-premises or cloud-based, must be secured against external threats. However, many attackers now exploit vulnerabilities in modern application delivery, such as compromised credentials or flawed APIs, allowing them to bypass traditional defenses altogether.
This new threat landscape requires a two-pronged security strategy: ’Find and eliminate gaps in security controls before they can be exploited’ and ’Recognise that breakdowns are inevitable and take steps to limit the “blast radius” and accelerate detection and response when security incidents inevitably occur’.
A modernised enterprise security architecture
Around 20 years ago, most enterprise environments had a well-defined perimeter with firewalls acting as the primary control points (i.e., castle-and-moat network security). Beyond this perimeter was typically a very flat network and this made breaches an all-or-nothing proposition. Once a threat actor successfully gained access, little would prevent them from discovering vulnerable internal systems and using them to move laterally toward higher-value IT assets.
In some cases, security teams attempted to mitigate this risk by adding additional firewall choke points within the internal network to slow threat actors’ progress. Unfortunately, often these architectures did more harm than good. They added significant cost and administrative overhead for security teams. They also introduced performance bottlenecks and the policy enforcement they offered was often far too coarse to slow the advance of a sophisticated threat actor.
Essential elements of a modern security architecture
Today, there is no perimeter. Accordingly, modern security architecture must include the following elements:
* A Zero Trust Network Access (ZTNA) model that can defend against north-south attacks, including scenarios in which a threat actor compromises a legitimate user’s device and/or credentials
*An identity-based authentication and authorization to ensure that human and machine identities continuously verify their identity and can access only the resources needed to perform their essential functions
*An adaptive and granular micro-segmentation framework that mitigates east-west attacks by preventing threat actors from using an initial point of compromise to advance toward high-value on-premises or cloud assets
*Advanced protection against the new and complex threats introduced by growing API use
*Protection of applications against fraud and other vulnerabilities
*Scalable defense of hybrid environments against distributed denial-of-service (DDoS) and DNS-based attacks
This type of modern enterprise security architecture drives a strong layered defense-in-depth approach but increases the level of focus on application-level controls, such as web application and API protection (WAAP). But the recognition that breaches can never be avoided completely is equally important. This is why it is crucial to advance Zero Trust principles from theory to real-world implementation using techniques like ZTNA and micro-segmentation to mitigate lateral movement.