April 29, 2019
Zero Trust

Like the Night King, Perimeter Defense is Dead

Corey Williams – Idaptive
Corey Williams Vice President, Marketing
Castle walls

If you’ve been following the return of Game of Thrones (warning: show spoilers ahead) then you know winter has arrived.

Last season, on the back of some serious firepower in the form of an undead Dragon, the White Walkers finally breached the Great Wall and descended upon the seven kingdoms. The iconic scene and subsequent fallout this season reminds me, in many ways, of how the castle-and-moat strategy has also failed against the growing sophistication of today’s cybersecurity threats.

For so long, cybersecurity has been an industry driven by barriers. Perimeter defense was king, and so were the technologies that established walls, gates, and moats that kept evil forces at bay. But today, the number and scale of cyber attacks continue to grow. The Great (fire)Wall is no longer the end-all, be-all to stop threats and keep the kingdom safe. Here’s why…   

Like a Wight Dragon, the Cloud has Blown Up the Perimeter

In the age of digital transformation, a growing number of business resources must now exist outside the traditional perimeter. As companies embrace more cloud services — and move everything from infrastructure, applications, and data to the cloud — they’re blowing more holes (or at least introducing more weak points) in their own firewalls. With so many new entry-points, even the strongest perimeter defense strategy today can’t alone keep the castle from being infiltrated.

While the majority of company leaders prioritize reinforcing their cybersecurity defenses against malware, bad guys continue to walk right through the front gates. Eighty-one percent of breaches today involve compromised credentials (weak or stolen passwords). These are essentially the “keys to the kingdom” since traditional castle-and-moat strategies were never meant to account for what happens once the walls have been breached. Once they’re inside, what’s in place to stop them from accessing even more services?

Information, the Secret Weapon Against the Dark

None of this even takes into account the growing sophistication of today’s cybersecurity threats. Like the Night King’s undead army, threats from malicious actors have grown in number and power. Whether it’s phishing, brute force attacks, or keystroke loggers, they don’t even need a fire-breathing zombie dragon to put a hole in your barriers and leave the business at risk of being overrun. So if perimeter defense is dead, what can be done to stop their march?

In the absence of effective barriers, the biggest weapons companies have to wield against malicious actors is information. The future of identity relies on having enough information, or “context,” to verify every user, on every device, for every login. With growing cloud adoption and more apps, users, and devices seeking access on the go, from across the globe – there’s so much now that exists beyond the traditional perimeter. Security today can’t be as binary as determining whether an access request came from within or outside of the firewall.

Winter is here, and the wall has been breached. To win the ultimate battle of good and evil, we’re going to need to regroup and rethink our approach when it comes to identity and access management.

One increasingly popular approach to cybersecurity is Zero Trust. Click here to see more on the importance of this strategy today, then tune in for our next installment of this blog series where we’ll break down the core tenets of Zero Trust, starting with how to verify every user.

Corey Williams

Corey Williams – Idaptive
Corey
Williams
Vice President, Marketing

Corey Williams is the Vice President of Marketing & Strategy and lead evangelist for Idaptive, leading all marketing functions, as well as market development and strategy. Corey served as the Senior Director of Products and Marketing for more than a decade at Centrify where he was the visionary behind, and the first product manager of, the set of products that were ultimately spun out of Centrify to become Idaptive, including leading SaaS services for Single Sign-on (SSO)Adaptive Multi-factor Authentication (MFA)endpoint and mobile context, and User Behavior and Risk Analytics (UBA).

 While at Centrify, Corey defined and brought to market seven net-new product offerings directly contributing to the growth of the existing customer base from less than 400 customers to over 5000 customers. He also led efforts with major industry analysts that directly resulted in Centrify being named as a leader in all of the major analyst reports including the Gartner Magic Quadrant and Critical Capabilities reports for Access Management, Worldwide; Forrester IDaaS Wave; KuppingerCole Cloud MFA Leadership Compass; and Network World Clear Choice Winner for Single Sign-on Solutions.

Corey is a frequent speaker and commentator on IT Security and IT Management. He has authored several publications, including “Zero Trust Security for Dummies”, a leading guide for enterprise managers.

Prior to Centrify, Corey led products and marketing for SpikeSource (acquired by Black Duck Software), Syndera (acquired by Tibco), and Journee Software (acquired by Initiate Systems). Earlier in his career, he managed pre- and post-sales consulting for Active Software (acquired by webMethods). 

Corey holds degrees in Mathematics (BS) and Computer Science (BS) from New Mexico State University, as well as an MS in Engineering and an MBA from San Jose State University. 

CHAMELEON-LIKE SUPERPOWER

If Corey could have any chameleon-like superpower, it would be the chameleon's tongue, which is ridiculously fast. Some of the world's smallest chameleons have the world's fastest tongues. In automotive terms, the tongue could go from 0 to 60 miles per hour in a hundredth of a second! “I would be able to complete webinars in 4.5 seconds instead of 45 minutes!”