Firewalls Irrelevant

Why the Firewall is Increasingly Irrelevant

It will take a dramatic reimagining of security to dedicate focus to the areas where company data actually resides. It starts with tearing down the firewall.

Firewalls only protect what work used to be, not what it is today: a distributed collection of employees connected by mobile devices, in turn connected to the cloud. The only way to secure all company data, then, is to extend enterprise-grade security to these employees' devices and cloud applications. The truth of the matter is that business data is rarely confined to corporate network perimeters anymore. So why are IT professionals still using this vestige of a simpler time?

Inertia has a lot to do with it. Consider the firewall's long tenure in the enterprise: The firewall first started protecting network perimeters in the late 1980s. Couple that with the amount of sweat that IT puts into it (There's no need to remind you of how messy firewall implementations can get.) many companies continue to see the firewall as the cornerstone of their security efforts and increase the firewall investments with the new level of security risks. But whether on-prem or next-gen, the firewall increasingly isn't the cornerstone of security -- and it's time for IT to take steps to expel it.

In environments in which the firewall is still considered one of the primary lines of defense, security threats increasingly have a way of creeping in. To truly dedicate focus away from the firewall and into the areas where company data actually resides, it will take a dramatic reimagining of security. That starts with tearing down the firewall.

There are two key aspects of the new security reality that makes perimeter-based security so irrelevant:

Data resides on company servers and unsecured employee devices.
Employees are increasingly doing whatever it takes to get their jobs done quickly and conveniently. Often, that means they're sharing and syncing company data on a cloud like Dropbox or Office 365 from their corporate computers and personal mobile phones or tablets. IT, meanwhile, remains unaware: A recent Ponemon survey found that 81 percent of IT organizations don't know how much sensitive data resides on mobile devices and the cloud. These devices and cloud sharing applications do not necessarily even cross the corporate network at all and use available public hotspots and high-speed cellular data plans.

Your company data ends up everywhere.
Extrapolate that habit to all everyone who works with your company—from in-house staff, contractors, suppliers, partners, clients—and it's clear that data is ending up everywhere. These people need help to secure the data. Worse, when such habits are playing out in the shadows, you can bet that the extra security measures you need (or require) aren't being implemented.

That, in turn, means that data today is sitting unencrypted—and totally vulnerable—on employee private devices, which hold the same amount of company data that used to be on the network. But the firewall is not protecting them.

Businesses—and enterprises are especially guilty of this—are building a higher and higher wall around their network. However, the data is no longer confined to that network. Instead, reliance on the firewall has increasingly become a noxious threat of its own.


Read original article