IBM simplifies zero trust approach to security
has introduced a new Software as a Service (SaaS) version of IBM Cloud Pak for Security, designed to simplify how organisations deploy a zero trust architecture across the enterprise. The company also announced an alliance partnership with leading cloud and network security provider, , and new blueprints for common zero trust use cases.
The COVID-19 pandemic has meant a huge shift to remote working, with businesses having to change the way they work and how they deal with their data, ensuring it is secure. A recent found that 45% of organisations who were more mature in their zero trust strategies had a very smooth transition to employees working from home, as compared to only 8% of those that were the least mature.
"With a mobile workforce and data residing everywhere, the Internet has become our primary network," , CISO for The Dow Chemical Company. "Embracing a zero trust architecture enables us to add new capabilities and strengthen security. Working with partners like IBM Security and Zscaler can help us provide users with secure remote access to all of our locations, as well as access to applications wherever and however they are hosted."
The new IBM Security zero trust blueprints offer a framework for building a security program designed by applying the core principles of zero trust: least privilege access; never trust, always verify; and assume breach. These blueprints can offer companies a prescriptive roadmap of security capabilities along with guidance on how to integrate them as part of a zero trust architecture.
The IBM Security zero trust blueprints help address the following business initiatives:
- Preserve customer privacy: The capabilities and integrations in this privacy blueprint tie together the security and compliance capabilities that help organisations protect the integrity of customer data and manage privacy regulations. Using this blueprint, organisations can enforce limited and conditional access to all data and help reduce exposure in the event of a compromise.
- Secure the hybrid and remote workforce: With the hybrid workforce blueprint, organisations can build a workforce that can securely connect to any application on any network, from any location using any device.
- Reduce the risk of insider threat: With the insider threat blueprint, organisations can proactively manage insider threats from every vector, helping to strengthen resiliency and limit business disruption. The integrated capabilities outlined in this blueprint are designed to detect user behavior anomalies, adaptively enforce security policies with automation, and insulate your most valuable data.
- Protect the hybrid cloud: The hybrid cloud blueprint can help organisations modernise their security program with visibility and control over the most sensitive data and activities as they migrate to the cloud. The capabilities included in this blueprint are designed to enable continuous compliance, reporting, and response while monitoring for cloud misconfigurations and building consistent enforcement of security policy across all cloud workloads.
"The only way to truly secure today's digital businesses is to adopt a zero trust security model where validated user identity is combined with business policies for direct access to authorized applications and resources. Our alliance partnership with IBM Security, as part of the Zscaler Zero Trust Ecosystem, is helping organisations and their employees fully embrace working from anywhere while protecting enterprise data." , Chairman, CEO, and Founder of Zscaler.
Fastly's CDN Reportedly to Blame for Global Internet Outage
A huge outage has brought down a number of major websites around the world. Among those affected are gov.uk, Hulu, PayPal, Vimeo, and news outlets such as CNN, The Guardian, The New York Times, BBC, and Financial Times.
It is thought a glitch at Fastly ─ a popular CDN provider ─ is causing the worldwide issue. Fastly has confirmed it’s facing an outage on its status website but fails to specify a reason for the fault ─ only that the problem isn’t limited to a single data centre and, instead, is a “global CDN disruption” that is potentially affecting the company’s global network.
“We’re currently investigating potential impact to performance with our CDN services,” the firm said.
What is Fastly?
Fastly is a content delivery network (CDN) company that helps users view digital content more quickly. The company also provides security, video delivery, and so-called edge computing services. They use strategically distributed, highly performant POPs to help move data and applications closer to users and deliver up-to-date content quickly.
The firm has been proving increasingly popular among leading media websites. After going public on the New York Stock Exchange in 2019, shares rose exponentially in price, but after today’s outages, Fastly’s value has taken a sharp 5.21% fall and are currently trading at US$48.06.
What are CDNs?
Content delivery networks (CDNs) are a web of small computers, or servers, that link together to collaborate as a single computer. CDNs improve the performance of internet-connected devices by placing these servers as close as possible to the people using those devices in different locations, creating hundreds of points of presence, otherwise known as POPs.
They help minimise delays in loading web page content by reducing the physical distance between the server and the user. This helps users around the world view the same high-quality content without slow loading times.
Without a CDN, content origin servers must respond to every single end-user request. This results in significant traffic to the origin and subsequent load, thereby increasing the chances for origin failure if the traffic spikes are exceedingly high or if the load is persistent.
The Risk of CDNs
Over time, developers have attempted to protect users from the dangers of overreliance through the implementation of load balancing, DDoS (Denial of Service) protection, web application firewalls, and a myriad of other security features.
Clearly, by the state of today’s major website outage, these measures aren’t enough. Evidently, CDNs present a risk factor that is widely underestimated ─ which needs to be rectified with haste. Content delivery networks have become a key part of the global infrastructure, and so it’s imperative that organisations start to figure out risk mitigation strategies to protect companies reliant on the interconnected service from further disruption and disarray.