4 Questions to Ask Before Investing in a New Network Security Solution

By Don Boxley, CEO and Co-Founder, DH2i (http://dh2i.com)

“Digital transformation”—it’s a term used so often that it’s starting to lose its meaning. But before your eyes glaze over and you click to another page, let’s think about one of the biggest challenges that workforce digitization can bring about for those charged with digitization and other IT initiatives: data security.

As businesses morph faster than we can keep up with them and new industries spring up practically overnight, security is under more pressure than ever. A massive issue has emerged in conjunction with this: many companies have third-party vendors and other partners that require digital access to corporate data, yet the cloud-based nature of much business today creates new risks for enterprises that allow these third parties free rein of their network.

This isn’t news, but what is news is that many companies are currently struggling as they try to get a handle on how to manage partner data access in a hybrid and multi-cloud setting. You don’t want to put critical data at risk simply by trying to conduct digital business as usual with vendors and partners that need some level of network access to help you reach your shared corporate goals.

In this scenario, business as usual often means relying on a virtual private network (VPN)—yet the fact is that this isn’t the most appropriate technology solution anymore when it comes to perimeter security. So I’ve developed the four questions below to help IT and security professionals make smart choices when it comes to investing in new technology for this purpose:

Question 1: Have you taken time to rethink your traditional security strategy for remote-user access?

The first step in determining your security needs when it comes to your partner network is to examine what’s working and what’s not within your current system. Data breaches are on the rise, and when remote users and vendors are allowed on your network, you open yourself up to the possibility of a data compromise should any of these third parties assume the identity of other users or take other steps that weren’t authorized, such as accessing confidential data.

If you’re among the companies that are still using a VPN for the purpose of establishing secure web connections, I challenge you to view this decision through the lens of how data is shared and managed today. VPNs excelled when an organization’s biggest security problems revolved around on-premises virtual machines and physical servers. Today—when cloud deployments are the norm and are often blended with on-premises data strategies—VPNs have become limited and much riskier.

Question 2: Does our current solution give our vendors access to data and services they need for our mutual business purposes—yet keep our sensitive data secure?

By removing remote users from your network completely to avoid the security problems inherent in giving third parties full network access, you’re left with the imperfect solution of cutting your own partners off from the ability to do digital business on your behalf. This is often the only way to mitigate the risk of access controls and broken authentication if you’re using VPN technology.

A more updated and relevant solution—called software defined perimeter or SDP—stymies popular methods for unauthorized identity assumption and data access. An SDP solution does let your partners access your system if you choose—but they don’t have the run of the house. Instead, they can only access the exact services that you’ve determined and defined in advance. The key advantage here is that less area is open to the potential of a lateral attack, which helps companies meet their security needs and their business needs alike.

Question 3: Does your current solution segment by network, or by application?

This isn’t a trick question, it’s just one designed to make you see clearly the way that your VPN, if you’re still using one, maybe foiling your best efforts at security. A VPN allows third parties access at the network level, exposing your system to potential lateral attacks on the network.

An SDP solution, on the other hand, gives IT administrators much more control over what vendors and other partners can actually access. It does this by segmenting at the application level, so that only specific services, files, and data can be accessed—the ones that each specific partner needs to conduct your business.

Question 4: Have you found yourself dealing with lock-in by a router vendor?

VPNs have become synonymous with a number of IT management headaches, one of which is that by using this technology, you may inadvertently end up confronting a lock-in requirement with your router vendor. Think about the implications of this strong possibility when considering your options for the best remote-access solution.

Your VPN may result in a number of hassles and expenses that you could do away with if you used a more modern SDP solution—from configuration complexities to a requirement for a dedicated router. When weighing the pros and cons of various remote-access solutions, your goal should be to find one that doesn’t limit you to a single router but instead supports an environment of multiple heterogeneous routers that can scale a cloud environment and various hybrid configurations.

The common link between all of these questions is that they should get you thinking about whether or not your current approach to third-party remote access is really working or not. If you still use a VPN solution, take the time to consider whether you’re getting the flexibility—and the security assurances—that your business demands today.

Don Boxley Jr is a DH2i co-founder and CEO. Prior to DH2i, Don held senior marketing roles at Hewlett-Packard where he was instrumental in sales and marketing strategies that resulted in significant revenue growth in the scale-out NAS business. Boxley spent more than 20 years in management positions for leading technology companies, including Hewlett-Packard, CoCreate Software, Iomega, TapeWorks Data Storage Systems and Colorado Memory Systems.  Boxley earned his MBA from the Johnson School of Management, Cornell University.