Legacy threat | Pentest7

top cybersecurity companies

When the IT infrastructure collects dust, it becomes a security risk. It is important to identify and defuse contaminated sites in the network, explains Nathan Howe, VP of Emerging Technology at Zscaler, in a guest post.

For years, companies have accumulated IT mortgages in their networks, which can become a security risk due to the change to hybrid working models. The comparison with the private purchasing behavior is obvious: Everyone knows the fact that after buying inventory, the old item, which you might need again, wanders into the corner and collects dust there. When applied to IT, a similar approach can be seen. Even if new infrastructure is purchased, it is not yet possible to completely part with the old. However, you don’t necessarily pay much attention to these components anymore.

Due to the pandemic, holding onto contaminated sites can turn into a powder keg. Technical debts that have not been lurking in the infrastructure increase the target for attack by companies. In the course of the “Work from Anywhere”, many companies were forced into a digital world, for which they were hectically investing in new infrastructure or the development of Internet-based services. This was the only way to maintain the productivity of companies. The main focus of the IT teams was on the new investments in remote connectivity, multicloud environments and web servers for a digitized offer. Companies easily lost sight of the fact that technical debts were being piled up at the same time.

In order to defuse this dangerous situation, it is advisable to regain an overview of the contaminated sites in the company network. A distinction should be made between two types:

  1. Internal long-lived debt: the components that have long been in the company’s ecosystem but exist on open networks with no controls or restrictions. Often there is no overview of which components of the network are exposed to the Internet without appropriate security precautions and can become a target there. These legacies are one of the main sources of attacks by cyber criminals who now have the tools to find these loopholes on unpatched systems or misconfigured servers.
  2. External, Newly Added Debt: This includes those components that have been hastily piled up in favor of the connectivity required over the past 18 months. These include VPNs, remote desktops, jump boxes, but also hastily configured web offers or cloud workloads. They all pose risks for companies, especially if they are not accompanied by the necessary security mechanisms. An assessment is required here of which new components have been added in order to address the risks that may be associated with them.

Reduce technical debt

Since the employees had to leave the offices in droves and were only able to return temporarily in phases, depending on the ebb and flow of infection waves, a lot of the hardware infrastructure has gathered dust. Many companies today have adjusted to the new reality of the working world and offer the necessary high-performance connection to the applications that the user needs for his work. Hybrid workplace models allow you to work from the office as well as from the home Office to. But to get there and build the appropriate infrastructures, it is not enough to relocate applications to multicloud environments. In order to set the course for mobile working and digital offerings in the long term, the network infrastructure and the security strategy must also be adapted. Because in order to maintain secure operation for two system worlds in the long term, companies will not be able to provide the necessary resources.

The first step should be to do your homework. Both types of technical debt need to be cleaned up. If only part of the workforce regularly returns to the office, companies have to ask themselves what infrastructure is still required at the company headquarters. On the other hand, after almost two years of pandemic events, it is urgent to regain an overview of all assets. Is the inventory of all components up to date and has the company’s risk assessment been adapted to the new circumstances?

In a second step, it is urgent to regain an overview of all data streams and to evaluate the company’s attack surfaces on the Internet. What does not necessarily have to be presented openly on the Internet for the function of a service must no longer offer a possible attack vector there. Modern security concepts based on Zero Trust not only regulate the access rights of employees on the basis of Least Privilege, they also ensure that lateral movements in the network can be prevented. In addition, those components that are no longer needed in office environments should be dismantled. In this way, not only can operating costs be reduced, but administration costs can also be reduced.

If hybrid work is taken further, the focus should be on modernizing the IT infrastructure, which leads from the model of connected branches to an internet-only approach for branches. The user is already familiar with this type of work: he knows nothing else from the coffee shop. The internet connection is sufficient to be able to work from anywhere. And 5G with its connection speeds will only fuel this trend. The security in such a working model shifts from the network perimeter to the edge – and thus to the cloud, which enables the application or user to be close. The advantage: the performance is given and the safety is constant regardless of the place of work. With such a zero trust approach, company policies act as a gatekeeper at every step.

Conclusion

The successful introduction of Zero Trust begins with the openness to new possibilities of the cloud and an associated change in the infrastructure. In a cloud-based ecosystem of applications and platforms, cloud-only connectivity is the key to success, which can also be secured via the cloud. Such a model scales smoothly up and down – and cannot collect dust.

Leave a Reply

Your email address will not be published. Required fields are marked *