The limits of the perimeter security paradigm and on-prem infrastructure in crisis situations

The current Covid19 situation is exposing the limits that perimeter security and on-prem infrastructure can take organisations, and their people, in this critical time of #stayinghome.

Are you staying home? Considering the current Covid19 / Sars-Cov-2 / Corona situation, this is what we should all be doing, especially if you have white-collar office role and can have the ability to easily take your laptop home with you. #StayHome to #FlattenTheCurve.


See the chart here.

 

The Mercury News has designed an amazing interactive chart which documents and tracks the growth in coronavirus cases for China, the United States and six other countries. Unfortunately, it appears that many countries have to invest more effort in order to contain the internal outbreak. 

While the containment efforts may be disrupted by contaminated residents returning home, “social distancing” may be one of the most effective measures to slow and starve the spread of infectious diseases with a high R0

 

See simulation here.

 

In cases where you have a positive PCR test result, many countries will enact a forced 14 day quarantine on you with strict penalties in case of non-compliance where countries like Singapore and Taiwan have achieved remarkable success. For the rest of us, we are likely to be working from home to do our part. 

Are you working remotely from home right now?

In your effort to combat COVID-19 virus, you’re likely sitting on your couch in your underwear and booting up your Lenovo. You still have about 30 minutes until all of those new daily scheduled video calls and teleconferences to keep up with your colleagues.
The first emails pop into your Outlook. Your company migrated to Office 365 last year. You had some concerns about The Evil Cloud (™) back then, but it has been a big improvement in many ways (e.g. no more 150 MB limited mailbox sizes) and you got used to it. The call starts and you try to log on to Microsoft Teams, but nothing works as we exhausted the server

The meeting organiser sends around alternative phone calls in detail. When you dial in, you just get a busy signal. Ok, call canceled for now... An email from your boss pops up to create today’s TPS reports in SAP until eob (whatever that means during remote work). The system is behind the company firewall, so you have to login via the VPN.

This might be a familiar picture now for many people who have suddenly shifted from on-premise work to virtual (Is that kind of like a “work cloud”?). VPN infrastructure might especially turn out to be the main bottleneck of our new home working reality.

Their capacity was originally planned to support only the typical number of people dialing in from the road or the few teleworkers. Now that everyone is trying it at the same time, you’re creating a kind of bank run on the limited resources.

Expanding this capacity is often not easy if you have to order additional user licenses. But it gets even worse, if you’re at the physical capacity limit. These devices are often still physical metal in the legacy data centers or even in your office building’s basement.

 

In such case, it is downright impossible to expand now in the short-term and with current supply chain disruptions, in the mid-term too (where do you think these boxes are manufactured?). It is one of those things, which can be replaced by cloud services, but this is a major project, if you haven’t even started.

But I have to ask: Why have you not started?

Google’s BeyondCorp Manifesto is already 5 years old. The path has been clear on where this needs to go, even in a normal mode of operations. The current extraordinary situation exacerbates the problems you already had to begin with.

My suggestion: Start Now.

PreviousNext
Stefan Sulistyo

Related Posts

Blog thumbnail

SOX Compliance – Background, Requirements and Facilitating Technology

After some of the worst accounting scandals in history, the United States Congress passed the Sarbanes-Oxley Act (SOX) in 2002. In this article, we will discuss the background of SOX, the requirements of internal controls mentioned in Section 404 of the Act, and how compliance technology can facilitate a more efficient and agile process.
Blog thumbnail

IT Vendor Management - Achieving Risk Transparency and Collaboration

The goal of digitalisation, automation and cost-reduction lead many organisations to outsource IT services, resulting in the next hurdle: how to effectively manage these vendors and associated vendor risk. This article looks at the obligations organisation's face in the management of these suppliers, and ways in which Alyne can assist in making your vendor management processes more transparent, collaborative and efficient, all within a centralised platform.
Blog thumbnail

Alyne RegTech Partnerships - Lessons Learned to Take into 2021

Alyne's Partnership program has developed significantly over the course of the last few years. 2020 proved to be a successful testing and learning experience for Alyne and our partners. It was a year for sense-checking and putting in place structure and strategy for our partnerships that can scale with Alyne and our ambitious global growth plans for 2021 and beyond.