Storming the Castle

One of the true benefits of the cloud is the ability to reconfigure and create a stronger, more active asset protection strategy than you might be able to otherwise afford. But let’s look beyond the cost factor for a moment and analyze a true best practice that gives an organization a true advantage within the cloud and an overall strategic deployment of security resources.

And to look at the future of security configuration we have to look back 500 years into the mists of history to see a model that worked well then…and works just as well today. I’m talking specifically of the castle. In terms of a current strategic deployment let’s call it the layered prevention model. In its day the castle was a state of the art defense strategy. In the center you have the king (and the king’s most precious possessions). Surrounding the king are his elite and trusted guards armed and armored. Beyond the guards there are a variety of buildings in which the ministers and other important assets are stored. Go a bit further and you have the castle walls. In fact, some of the greatest medieval castles had an inner wall (called a curtain wall) to ensure if the perimeter is breached, there was another strong line of defense. Now along the tall, imposing and impregnable walls, archers line the battlements and parapets scanning the horizon for any intruders. More guards protect the gate monitoring everyone coming in. Beyond the castle wall, there is typically a moat containing nasty beasts ready to chomp on a leg of anyone trying to bypass the drawbridge and sneak across. Now in the medieval world, protection extended beyond the castle. There were miles and miles of land surrounding the castle held by vassals promising fealty and soldiers to the king.

Pretty imposing, right? These castles created multiple layers of defense and kept themselves safe from attack. And it is also the best strategy to protect your IT environment.

Ah, you say, there are always castles being attacked and overrun despite these impressive defenses. But like any defensive strategy, you are only as safe as your weakest link. If endpoints are left exposed, (a guard sleeping on duty, a blight kills the man-eating fish in you moat, the slighted and scurrilous minister gives a key to an assassin) the castle can fall. There is no perfect system, but if you are not vigilant and are not watching every flank, even the most layered defense is helpless. And the smartest of enemies is not looking to knock on the front door, they are going to find and exploit the entrance not being watched.

If you equate anti-virus software to your archers and your firewall to one castle wall, there are still too many endpoints exposed to consider your situation secure. What about log monitoring? What about SIEM, SSO and other access management strategies, identity management? These are the tools that build the double walls, arm the soldiers, lock the jewels in the sub-dungeon.

There are many organizations out there that only build a single perimeter and hope it is sufficient. In today’s corporate world, that is simply not enough. It would be the equivalent of having the king sitting in the middle of a little wooden cottage all by himself.

But there’s a cost to all these layers; in terms of solutions, licenses, resources and the manpower to truly monitor and guard the castle gates. Many companies need to sacrifice portions of security based on their perceived risk assessments. And that’s where the cloud comes in!

Security-as-a-service allows companies with more modest budgets and/or limited in-house resources to add layers of protection without adding equivalent in-house costs. But more importantly, it provides a 24/7 layer of monitoring, correlating, alerting escalating and remediating. It not only scans the horizon watching for the horde of enemies, but more importantly monitors the back door where the serfs deliver the wheat. It allows you to add any combination of SIEM, SSO, log management , identity management depending on the need. There are so many intrusions from so many different corners of the network in so many different guises that it is highly unlikely one person or even one department could spot them unless these being specifically looked for. And if found, would it be recognized as friend or foe? If all of a sudden a MAC address, does anyone notice or know why it changed? It could be harmless, but it could also be symptomatic of a larger issue. If a dormant network account suddenly gets repeated pings at 2:30am, is it a problem? Cloud-based security gives you enterprise-class tools and expertise to cover these bases and better understand the flow of data in and out of your network. And it gives you the bandwidth to deal directly with only the issues that truly pose threats to your network.

Bottom line is that cloud-managed security allows you the freedom to run the kingdom because you know that the all the nooks and crannies of the castle are being watched and protected. So, when you think of the cloud, don’t think of a vaporous mass that ruins sunny days, but a complex of layers that can help support and drive a strong security initiative.

Kevin Nikkhoo

Tags: , , , , , ,