Today’s security professionals have the challenging job of protecting their organizations from persistent security threats while fostering a collaborative and flexible environment for workers. When the security community comes together and puts our collective knowledge and experience into action, important idea-sharing and learning can take place. A good example of this happened last week at the InfoSec World Conference in Orlando. At the event, professionals from across the industry and the world shared their expertise, advice, and lessons learned.
I was fortunate to be among those who spoke at the conference, participating in a fast-pitch technology showcase that focused on emerging mobile security strategies and AT&T’s mobile security solutions. Attendees were interested in solutions for their mobile workers, and we discussed the latest on adding more security options for customers who have our Toggle BYOD Solution.
In the session I conducted on replacing legacy perimeter security with network/cloud-based solutions, mobile, and per-app controls, I challenged participants to take a fresh look at their most essential business applications and data. Designing around mobile workers who are accessing data from a private cloud environment is an effective solution for some. We also discussed the benefits in using APIs to give developers flexibility in using multiple factors to confirm user identities. Some key take-aways from my session follow:
- There is general agreement today that the perimeter model is no longer effective – so, what do we need to do moving forward?
- Consider filtering web traffic using a cloud based / virtual security service – expect malware to send non-web traffic over web ports.
- Consider filtering mail traffic using cloud based / virtual security services – expect malicious links and attachments.
- Consider making a jump from legacy internal systems to mobile front-end / cloud back-end apps where an application-specific security policy can be more restrictive (i.e., no web, mail, VPN, etc.).
- Keep data that is consumed on mobile devices encrypted at rest and in transit. Consider using encrypted private network connections to a private cloud environment versus clear text over the Internet.
To top off a great learning experience, I had a chance to touch base with colleagues from AT&T’s Chief Security Office. Together with attendees from across the industry, we’re working to solve today’s evolving security challenges.