There are few things that can damage a company’s reputation and bottom line as severely as a big data breach. Yahoo!, for example, was hit with what transpired to be the biggest ever hacking incident in history, and the company has never really recovered.
Normally, these data breaches occur when a hacker manages to gain access to a company’s internal network and their servers. This gives them almost free-reign over the company’s IT system and can lead to enormous damage.
However, Cyxetra, based in Coral Gables just outside Florida, believes its new AppGate technology might make network-level data breaches a thing of the past. We spoke to Kurt Glazemakers (pictured), Cyxetra’s CTO of Software-Defined Perimeter security, to find out more.
The internet is, essentially, one big network of computers. Starting out of US military defence contracts and American universities, the internet and its core communication protocol TCP/IP wasn’t created with security in mind, as Glazemakers explains:
“The TCP/IP protocol was never invented with security in mind, so networks don’t have any security content from a design point of view, that was something that… had to be add[ed] later by adding network appliances and tools on top of that, and really the secure network concept just isn’t there.”
This lack of inherent security has helped lend the internet a sense of freedom and, despite its military origins, a sense of anarchism. This, of course, is not conducive to good business, but is also a real and present danger for everyday users. We trust companies with enormous amounts of personal data — just imagine, for a moment, if Google was to suffer a large data breach — and this data needs to be secured.
AppGate — how it works
And so, Cyxetra has created AppGate, a new type of security known as a software-defined perimeter (SD).
“When we created AppGate,” Glazemakers says, “the term SDP hadn’t been invented yet.” This new kind of security flips the traditional method of connecting to a network on its head:
“You were always connecting first, and then authenticating later… I would say what we are trying to do change with SDP is to really reverse that.” At the moment “They [users] start with their own credentials, so you [the company] add a second factor.”
“really turns it around and says ‘Hey, the second factor, let’s do that first and use your device, that you want to connect to any network and port it and say hey, this device belongs to this user because of that second factor, right? I cannot use another device or I need to go through a loading procedure, so that’s the first thing to change. Secondly, if you use that authentication with a device, you can have the credentials but they have to match the device you’re connecting from. And once you have those in place — and you haven’t made the connection yet — we can create an identity in context around your user device and, once we have that, we will look and see where your applications are, and build an individual perimeter for that device… which means that every user and device context will generate a completely different view of the network.”
In short, this means that AppGate creates a unique view of the network for every user. If a user doesn’t have the right context to access a part of the network, they simply cannot see it. Imagine, for example, you entered an office and, after scanning your pass, you entered the lift to go to your floor. But, instead of being able to visit every floor, you could only see the floors you had access to beforehand.
This makes AppGate a completely dynamic security system which, rather than applying blanket rules to the entire network, applies different rules to different people based on the context that their device is operating in. These rules, as Glazemakers explains, can even be issued on a ticket-by-ticket basis.
AppGate in Action
Currently, companies are securing their networks through assigning different rights to different user profiles, and different rights for devices within and outside the companies’ local network. This relies on VPNs and memorized alphanumeric string passwords — neither of which are completely secure.
In fact, according to Glazemakers one of the “main entry points” for hackers into company networks is through stolen VPN credentials. AppGate does away with this risk by restricting users to “smaller, completely isolated micronetworks” and “connecting the network to multiple locations, which can be a cloud, my own network, or a third-party data center,” rather than connecting multiple different locations to the network.
So, is anyone actually using this tech? Glazemakers wasn’t able to discuss all of Cyxetra’s clients, but said that Norwegian Cruise Line has been using AppGate to completely transform its ticket-buying service:
“They mainly use it for their… freelancers, because they use a lot of them that can work from home, connect to the AppGate and then use a softphone to help them out in the call centers to book tickets…
“So here, you want to make sure, first of all , that the voice quality and performance [of the network] is totally fine because, if it’s not, you obviously can’t book tickets. Secondly, you want to make sure it is done in a secure way so nobody else can hijack the call or book tickets from your device… So [with AppGate] you can use a device which is completely outside the network which doesn’t even have administrative access, it’s not controlled by the company, but it’s still safe and there are no [negative] effects from using SDP.
So, why aren’t more businesses using AppGate and SDP technology? Glazemakers blames market awareness. As it’s still such a new technology it’s taken a while for companies to learn about and understand the benefits it could have for their IT infrastructure.
Where Next for AppGate and SDP?
While network security is important and is the cornerstone of Cyxetra’s business, it’s hardly sexy. However, one area where ordinary consumers could see SDP in action is with their IoT devices.
As more connected devices enter people’s homes, it’s important that there is a level of control over the devices that connect to a home wifi network. At the moment, if a router is hacked, everything connected to it becomes incredibly vulnerable.
With an SDP-like solution however, users will be able to secure their devices “based on context” easily and without any performance downsides.
That’s still a long way off, though, as Cyxetra is focusing on the corporate market at the moment. However, we should all take some heart in the knowledge that companies are investing in better security to protect our data, as well as their bottom lines. Hopefully, one day, thanks to AppGate, big data breaches will be just another tale of internet past, like bulletin boards and chatrooms.
Read more about privacy and security on Tech.co