Creating a Holistic Security Strategy from Edge to Core to Cloud
As organizations become increasingly digital, cyberattackers have taken notice, finding more opportunities to tap into security vulnerabilities at every level of the network. When thinking about cybersecurity, it’s important to consider your organization’s entire threat landscape – from edge to core to cloud – and create a strategy that addresses your network at each level.
Recently, Zayo held a webinar entitled Network Security, as Unique as Your Business where some of our greatest security leaders joined forces to discuss key considerations in building a holistic security strategy that addresses security challenges from edge to core to cloud.
During the webinar, Ed Loveless, Director of Product Management, Aaron Werley, Vice President of Technology, and Shawn Edwards, SVP, Chief Security Office share their insights into protecting all levels of your network.
Securing the Edge
A Transient, Distributed Workforce Creates New Vulnerabilities at the Edge
The pandemic and the shift to a dispersed workforce are causing new IT challenges. Shawn Edwards emphasizes, “The pandemic is changing the landscape, opening up a lot of exposure and increasing our footprint to protect.”
More employees accessing online resources remotely creates new vulnerabilities. Each device connecting to the public Internet becomes a potential target for cyberattacks, making it easier for bad actors to discover and access unsecured Internet resources.
Without the right tools, implementing security at the edge can carry risks. Zero Trust architecture is gaining popularity for securing remote workforces, but, as Ed Loveless points out, “Zero Trust is becoming the new ‘cloud.’ It works great in a PowerPoint, looks great on a whiteboard, it’s easy to write… It’s really hard to implement.”
Inadequate or ineffective Zero Trust strategies often leave teams more vulnerable, potentially resulting in unauthorized access and data breaches.
Zero Trust is becoming the new ‘cloud.’ It works great in a PowerPoint, looks great on a whiteboard, it's easy to write... It's really hard to implement.
Implementing Security at the Edge: A Multi-Layered Approach
Organizations must wholeheartedly embrace Zero Trust to secure endpoints effectively. According to Edwards, “When done well, it changes the game for your organization,” making it essential in today’s landscape.
Implementing Zero Trust correctly entails deploying the right identity and access management (IAM) tools, comprehensive user and device monitoring, and effective policy enforcement. Workforce training and awareness are critical for success.
In addition to securing users and devices, organizations must focus on endpoint security, including endpoint protection, antivirus encryption, and data protection through remote wiping.
Network configurations at the edge play a vital role in enhancing security. Secure SD-WAN and SASE are key components, offering improved performance, security, and network visibility when properly installed.
SD-WAN tools with AIOps capabilities further enhance network efficiency and security. Loveless notes during the webinar that AIOps is crucial for scalability and rapid anomaly detection, streamlining operations.
In summary, with the expanding workforce and growing device presence, edge security gains complexity and significance. Embracing Zero Trust and implementing edge security tools like SD-WAN and SASE should be integral to your edge security strategy.
Securing the Core
The Importance of Safeguarding the Heart of the Network
The core is the heart of the network, the vital link between all other components of the network – servers, databases, and devices. The most critical data often passes through this part of the network. It keeps resources and services up and running, and any attacks on the core network disturb all other components.
That said, any vulnerabilities at the core of the network are critical to fix. However, if other areas are not secured correctly, the core can be easier for bad actors to reach since it’s so interconnected with other areas of the network. Companies must also consider the privacy of data in transit from the core to other areas of the network.
How to Keep the Core Secure
While core network security primarily falls under the responsibility of the network service provider, there are essential considerations for customers to ensure their reliance on a secure core network.
In the current landscape, network providers are placing a strong emphasis on countering route hijacking, a threat that Aaron Werley highlights as a daily occurrence during the webinar.
One such route hijacking countermeasure is Resource Public Key Infrastructure (RPKI), which authenticates BGP route advertisements, complemented by two-factor authentication for BGP updates. However, it’s crucial to note that not all Internet service providers implement these protective measures.
Securing data in transit is equally vital to core security. Layer-1 wavelength encryption, coupled with protocols like SSL and TLS, plays a pivotal role in safeguarding data as it traverses the network.
In addition, DDoS attacks can be devastating if they reach the core network. Implementing upstream network-based DDoS protection serves as a formidable defense, ensuring the safety of network entry points during attacks.
You may consider private packet networking to be inherently secure, and its private nature does place barriers between your attacker and your data. However, if breached, an attacker now has an open conduit to your entire infrastructure.
Therefore, another essential strategy is network segmentation. By segmenting the network and implementing distinct policies, access controls, and security measures for each segment, critical assets such as servers and databases can be isolated. This containment prevents attackers from gaining access to the entire network and allows for granular access control at segment boundaries, reducing overall risk.
For the highest level of core security, private dedicated networks offer an ideal configuration. These networks establish direct fiber routing between customer locations, minimizing interception points while enhancing network performance. Private dedicated networks are particularly popular among financial institutions, healthcare organizations, and schools.
Securing the Cloud
New Security Challenges in the Cloud Era
While the Cloud has provided organizations with unprecedented scalability, access to resources from almost anywhere, and pathways to new innovations, it’s also created more opportunities for cyberattackers.
The responsibility for securing cloud environments lies both with the cloud service provider (CSP) and the customer. The CSP is responsible for securing the underlying infrastructure whereas the customer is responsible for securing data, applications, and cloud configurations.
Data vulnerabilities often arise from lenient access controls, insufficient encryption for data in transit and at rest, poor monitoring, vulnerabilities in third-party applications and APIs, and misconfiguration. These poor practices can not only lead to security breaches but also can hinder your organization’s ability to meet industry compliance and regulatory requirements, possibly leading to costly penalties.
Making Security a Priority in Cloud Environments
Firstly, identity and access management (IAM) solutions should be implemented for all users. “Being able to protect the organization’s data really comes back to who has access to it,” Edwards says.
Implementing IAM solutions across your organization is one of the quickest ways to keep access to key resources to only those who should have access. IAM tools enable organizations to control user permissions, implement multi-factor authentication, and easily manage user identities.
In the Cloud, encryption responsibility is shared between CSPs and users.
Most CSPs offer strong encryption and monitoring services. CSPs provide encryption features, but customers must actively use these tools and manage encryption keys. Customers should classify their data, prioritizing encryption for sensitive information like financial records and personal identifiable information (PII).
Integration and Collaboration for Security from Edge to Core to Cloud
Every business and every business’s network looks different – there is no one-size-fits-all approach to network security. However, this blog should serve as a guide to your options and the aspects to consider when securing your network at every level – from edge to core to cloud.
Get more security strategies from our experts
Check out our recent webinar