Security: Cover All Bases to Protect What Matters

May 5, 2014, Kuala Lumpur - Today’s technology landscape is in a constant state of flux. While developments in IT are offering businesses increased efficiency with smarter solutions, businesses are also increasingly being exposed to more sophisticated security threats.

Critical business information is stored and accessed across multiple channels and devices. This means more points of entry for security threats. The speed, sophistication and implications of today’s security attacks are not something traditional compliance-based or perimeter-oriented security strategies can manage.

Organizations need a holistic security strategy that is intuitive, yet simple for both the IT team as well as business personnel to manage. Security strategies should be able to intelligently protect intellectual property, ensure data privacy and meet compliance mandates.

In a nutshell, security strategies need to keep up with the rapid pace of IT development and be one step ahead to pre-empt and be prepared for potential security risks. Mark Micallef, Area Vice President of Citrix ASEAN, shares key steps organizations need to take to step up their information security game and make technology work for them.

1.Secure delivery of data from beginning to end
Understanding the many layers of security is pivotal to formulating a comprehensive and robust security strategy. Starting from the control point – the network from the datacenter, there are three different layers of security; application security; network and infrastructure security; and identity and access management.

2. Assured delivery of applications
Organizations exchange business critical data internally and externally on a daily basis. Executives, sales personnel, and administrative staff access both corporate and personal applications while at work over various devices. It is a feat to keep track of each and every website employees access, thus opening the floodgates to security attacks.

Enforcing full-featured firewalls at the application layer will provide the IT team the visibility and control required to protect against the majority of internet attacks that target app-layer vulnerabilities, and counteract a broader range of security threats. In the app-layer, IT teams can also equip the organization’s datacenter with data loss protection by being prudent and actively guarding against unexpected leakage of sensitive data in application server responses.

For example, Palo Alto Networks VM-Series next-generation (next-gen) virtualized firewall and threat prevention technology combined with Citrix NetScaler SDX enables users to spin up virtualized application delivery control (ADC) and next-gen firewall instances for individual applications on a multi-tenant platform.

Having a data check feature that provides administrator-configurable protection for sensitive business information is equally important. With customized and defined rules, the application firewall can take appropriate action such as blocking responses, masking protected information or removing the protected information from the responses before sending it to the user.

3. Identity and access management to data/apps with granular access control policies
To top it off, IT security teams need to also explore another dimension – the user layer. Identity and access management encompasses three major pillars; authentication capabilities for validating user identities; authorization for verifying and enforcing which specific resources each user is allowed to access; and auditing capabilities to keep a detailed record of each user’s activities.

This is achieved mainly by supporting password changes and a wide variety of authentication mechanisms, to help ensure no attacks on the user layers.

Take for example, the planned collaboration to enable the integration of the Citrix Netscaler SDX service delivery networking platform with CA SiteMinder, CA Technologies’ leading access management solution. The strategic partnership consolidates the capabilities of CA SiteMinder Secure Proxy Server onto the NetScaler appliance, creating a solution for customers that will solve the issue of device, application and information diversity, all while simplifying user authentication and providing secure, high performance access.

4. Tying up back-end datacenter security
There is the network and infrastructure security to consider, too. Adopting a ‘secure by design’ approach, enabled by desktop virtualization, allows all data to reside in a centralized datacenter. This equips the IT team with complete control to ensure secure delivery of mission-critical data with customized encryption capabilities within the network, routing all connections to back-end servers.

Configured policies applied to incoming and outgoing Secure Sockets Layer (SSL)-based traffic, protects critical applications from protocol and denial-of-service (DoS) attacks at both L4 and L7 layers. In addition, it enables the logging and reporting of user activity in real time. This helps in monitoring and alerting any action that demonstrates a potential threat to data security or breach in compliance standards. Ultimately, there are many advantages to deploying an all-in-one secure network.  Server performance can be improved and security can be added to legacy apps, all while ensuring a consistent user experience with zero disruption.

5.All for a defense-in-depth strategy
All in all, enforcing a full-fledged security policy for everything Bring Your Own (BYO) is an essential element for organizations looking to pursue mobility. All gaps in security have to be kept in check. Organizations should also keep in mind to train end-users, in this case, employees, and educate them on how to work safely from any location on any device. Ultimately, this creates an informed, security-conscious work force – the company’s first line of defense against security threats. All these elements combine to provide organizations with a comprehensive defense artillery with which to combat attacks.