You learned a hard lesson over the last year. Your assets lost most of their defenses once they left your perimeter. You could no longer:
- Identify, inventory or monitor your devices and applications.
- Patch, update or harden your applications and operating systems.
- Measure and manage the asset-based risk within your environment.
In short: You learned that perimeter-based security fails in remote environments.
And now — as you plan your return-to-work — you must decide what to do with this lesson. You can ignore it and continue to rely on your perimeter (despite its limitations). Or you can take this lesson to heart and find a new way to defend your assets.
“You look at this distributed workforce, and where’s the perimeter? Do you put a perimeter around every single employee’s house? How do you properly secure these devices so they are able to connect to your company’s resources in a way that’s not obstructive to your employees, while also addressing any risk you have with a workforce that’s completely remote?” – Stephanie Aceves, Tanium, Director of Technical Account Management
Here’s our perspective on which choice to make and how to bring it to life.
Our perspective: Assume your perimeter is gone for good
We consider this the safer option, because maybe your return-to-work goes smoothly. Maybe you’ll bring everyone back to the office and the borders of your security perimeter. And maybe those users and their assets will never leave again.
Maybe.
However, it’s more likely your return-to-work will proceed with starts, stops and stumbles. You will probably:
- Continue to wait indefinitely for return-to-work to happen.
- Eventually return some — but not all — of your users and assets to the office.
- Complete your plan, only to one day have to send everyone home again.
That means:
- Your current assets might remain out of your perimeter for a long time.
- You will always have many assets outside of your perimeter.
- Your assets might move in and out of your perimeter at any moment.
And if your return-to-work plan assumes a return to perimeter-based security, then:
- Your current assets will remain unsecured, indefinitely.
- Your assets that never return to the office will not be protected.
- If you send all your assets home again then they will lose their protections again.
It’s a grim picture, and it makes one point clear: Perimeter-based security just can’t meet the demands of your return-to-work realities.
Instead, your return-to-work plan must leverage a new approach to security — one that can defend assets without placing them inside a perimeter.
Let’s examine what that approach looks like.
How to perform security without borders: Core capabilities
You don’t need to overhaul your plan. You just need to tweak your assumptions and develop a few capabilities.
- Remote Visibility: Maintain continuous, comprehensive visibility into all remote assets — including unmanaged devices on remote networks — and every assets’ patch, update and configuration status.
- Remote Control: Apply security controls onto remote assets — such as patches, updates and configurations — without physical contact and without consuming large amounts of bandwidth.
- Remote Risk Management: Define an accurate, real-time picture of your risk position by mapping the spread of sensitive data, defining exposure from unmanaged assets and identifying the potential impact of an incident.
Build your return-to-work plan around these capabilities — not a perimeter. You will always be able to protect your assets (no matter how your return-to-work reality plays out).
To learn more, download this Minding the IT Gaps whitepaper, which discusses how a unified approach to IT management closes major gaps in business resilience, visibility and accountability.