4 Key Network Security Considerations For Midmarket Solution Providers
Security Help Wanted
Cybersecurity remains a chief priority for North American businesses in an age of ransomware and evolving threats, and Gartner research has shown that to be especially true for midsize enterprises whose networks touch an increasing number of mobile, Internet of Things and employee-owned devices.
CIOs who spoke with CRN this week at the Midsize Enterprise Summit, hosted by The Channel Company, echoed that sentiment, saying that security is at the top of their minds when it comes to spending priorities.
"I have one security guy on my team," said the CIO of an APAC-based broadcast company, who asked not to be identified. "We do top-to-bottom services – Level 1, Level 2, Level 3. He does it all. It's really hard for us. I'm trying to take that function and give it to the expert. Management, detection and response services. They are all experts and compliant not just on the infrastructure side, but also the business side."
Speaking to some 50 IT leaders attending MES Monday, HPE Aruba Consulting Systems Engineer Dave Oldenkamp outlined four areas the midmarket needs to consider when looking at network security solutions.
Authentication And Authorization
Wireless networks enable a diverse array of users and devices to easily access a company network, but IT needs to be able to verify the identity, device, location and access time of each user, Oldenkamp said. Those analytics can then be combined to create an access policy.
This is especially relevant to midmarket companies as more IoT-enabled devices are connected to networks. Oldenkamp cited IDC research that 80 percent of new IoT projects will be deployed with wireless architecture. An estimated 17.9 billion IoT endpoints will have been installed between 2015 and 2020, as well.
But IoT devices present a security risk, he said, because hackers can use them as a back door into company networks.
"IoT devices are headless. They have don't have a username or password. You put them on a pre-shared key network, and once they're on, they're on. There's no other authentication mechanism for the network," Oldenkamp said.
NAC Services
While Oldenkamp notes that deploying network access control (NAC) solutions can be a complex ordeal, particularly when dealing with wired networks, he maintains that they're an effective way to ensure all devices connected to a given network are secure.
In addition to analyzing software, anti-virus and firewall installations, NAC solutions can enable BYOD policies through a web portal-based on-boarding process that gathers user credentials and grants device-specific authentication certificates. Mobile device management applications can extend these capabilities to mobile users. IT administrators can then grant varying levels of network permission to each device.
The NAC can be a crucial security tool, Oldenkamp said, because of how workplace technology has evolved. He highlighted research that found less than half of all employees are satisfied with their workplace tech options. Corporate laptops without admin privileges, for instance, do not allow employees to install apps.
The result: BYOD has become much more prevalent in the workplace. Oldenkamp found research that showed 67 percent of employees use BYOD technology regardless of corporate policy. This too makes networks more likely to be compromised.
"They're still going to do it, whether or not you allow it," he said. "You need to put enforcements in place to make sure employees follow policy. Educate the workforce on those vulnerabilities."
Architecture And Coverage
Enabling IT administrators to gain real-time context of devices on their networks – knowing user location and the type of access he or she needs – is also a critical part of understanding the security standing of a network, Oldenkamp said, along with scalability and third-party integration capabilities.
These are needed because of another trend he sees shaping modern security challenges: the decentralization of the workplace. By 2020, Gartner projects that more than 50 percent of the global workforce will be millennials, 63 percent of whom are currently employed by companies that permit flexible work environments.
"They're not going to work in the traditional model," Oldenkamp said. "They're going to work in collaborative environments with bean bags and community areas. They're going to come in, work in an office for four hours and go home."
Visibility And Control
Forrester and Gartner research indicates that 70 percent of workers think a mobile device makes them more productive. By 2018, an estimated 60 percent of users in mature markets will own more than three personal devices.
As workforces become more reliant on mobile devices, workflow automation, intelligent reporting and template simplicity become more important, Oldenkamp said. That means IT needs to maintain consistent control for mobile requirements, where log-in processes are the same across devices, locations and business units, as are dashboards, web-based GUIs and reporting platforms.
"My user experience is common. My authentication method is exactly the same," Oldenkamp said.