Trends that oppose cyber security
06/17/15 Category: Thoughts
It's no wonder we have a cyber security problem when you look at the trends.
Lets look at some interesting trends in data networking:
- Flat networks
- Converged networks
- Use of cloud services (SaaS)
- SSO (Single Sign On)
- Wireless networking
- SDN (Software Defined Networks)
The above trends are all the rage now and yet they directly oppose being able to have a strong cyber security architecture.
1) Flat networks
All we have to do is look at the internal zoning via secured doors/entry points within buildings that do various research or defense to know that having large flat networks is a major problem. We used to do more layer 3 networking, but for performance and simplicity now do flat networks. That's a major problem for being able to slow down, detect or ideally contain an attack. While there are some approaches that can be used to add additional security in flat layer 2 networks, I would say I've seen them in far less than 10% of the networks out there.
2) Converged networks
In general voice networks tend to have less security. Mostly due to the lack of cyber security expertise, but also due to the misunderstanding that converged networks are one single network subject to the risk of the least common denominator in terms of security. See another blog post.
3) Use of cloud services (SaaS)
While SaaS has the potential to increase security in terms of defense and responsiveness, they generally don't allow for good detection of breaches. They rarely provide detection knowledge of potential breaches underway to the actual end customers. Certainly solutions exist to strengthen their weaknesses, but few customers properly augment key SaaS solutions with proper security.
Sure, Single Sign Ons are convenient and ease uniformity of login credentials, but that is also their weakness. If passwords are cracked on a local LAN due to weak passwords or other methods, those same stolen credentials can now be used to access all SaaS data unhindered without even considering the possibility that a local breach (detected or not) can be used to access even more sensitive data hidden behind SaaS systems (Email, files, documents, etc.).
Personal devices present an array of challenges from a cyber security perspective including opening up potential wireless concerns. See another blog article. Login credentials remain a concern too.
6) Wireless networking
Wireless isn't as secure as wired. While many solutions are available, the continued trend of wireless access creates additional security risks and certainly increases the footprint that needs to be secured.
7) SDN Networking
SDN will either end up being a savior or the destroyer of cyber security. It's too early to tell, but the very idea of rapidly evolving software that spans multiple aspects of networking creates an enormous potential for new threats.