The limits of the perimeter security paradigm and on-prem infrastructure in crisis situations

The current Covid19 situation is exposing the limits that perimeter security and on-prem infrastructure can take organisations, and their people, in this critical time of #stayinghome.

Are you staying home? Considering the current Covid19 / Sars-Cov-2 / Corona situation, this is what we should all be doing, especially if you have white-collar office role and can have the ability to easily take your laptop home with you. #StayHome to #FlattenTheCurve.


See the chart here.

 

The Mercury News has designed an amazing interactive chart which documents and tracks the growth in coronavirus cases for China, the United States and six other countries. Unfortunately, it appears that many countries have to invest more effort in order to contain the internal outbreak. 

While the containment efforts may be disrupted by contaminated residents returning home, “social distancing” may be one of the most effective measures to slow and starve the spread of infectious diseases with a high R0

 

See simulation here.

 

In cases where you have a positive PCR test result, many countries will enact a forced 14 day quarantine on you with strict penalties in case of non-compliance where countries like Singapore and Taiwan have achieved remarkable success. For the rest of us, we are likely to be working from home to do our part. 

Are you working remotely from home right now?

In your effort to combat COVID-19 virus, you’re likely sitting on your couch in your underwear and booting up your Lenovo. You still have about 30 minutes until all of those new daily scheduled video calls and teleconferences to keep up with your colleagues.
The first emails pop into your Outlook. Your company migrated to Office 365 last year. You had some concerns about The Evil Cloud (™) back then, but it has been a big improvement in many ways (e.g. no more 150 MB limited mailbox sizes) and you got used to it. The call starts and you try to log on to Microsoft Teams, but nothing works as we exhausted the server

The meeting organiser sends around alternative phone calls in detail. When you dial in, you just get a busy signal. Ok, call canceled for now... An email from your boss pops up to create today’s TPS reports in SAP until eob (whatever that means during remote work). The system is behind the company firewall, so you have to login via the VPN.

This might be a familiar picture now for many people who have suddenly shifted from on-premise work to virtual (Is that kind of like a “work cloud”?). VPN infrastructure might especially turn out to be the main bottleneck of our new home working reality.

Their capacity was originally planned to support only the typical number of people dialing in from the road or the few teleworkers. Now that everyone is trying it at the same time, you’re creating a kind of bank run on the limited resources.

Expanding this capacity is often not easy if you have to order additional user licenses. But it gets even worse, if you’re at the physical capacity limit. These devices are often still physical metal in the legacy data centers or even in your office building’s basement.

 

In such case, it is downright impossible to expand now in the short-term and with current supply chain disruptions, in the mid-term too (where do you think these boxes are manufactured?). It is one of those things, which can be replaced by cloud services, but this is a major project, if you haven’t even started.

But I have to ask: Why have you not started?

Google’s BeyondCorp Manifesto is already 5 years old. The path has been clear on where this needs to go, even in a normal mode of operations. The current extraordinary situation exacerbates the problems you already had to begin with.

My suggestion: Start Now.

PreviousNext
Stefan Sulistyo

Related Posts

The Importance of Diversity & Inclusivity in the Workplace

At Alyne we strongly believe in diversity and inclusivity, as they foster creativity and highlight new perspectives in the workplace; translating into innovative ideas that ultimately benefit the organisation. In the last couple of weeks, many countries and companies across the globe have been celebrating and supporting LGBTQ+ Pride bringing awareness to all that has been accomplished in terms of equality, identity and inclusion, and all that is yet to be done. In this article, we analyse the importance of representation in the workplace and we take you through our rebranding decision for the months of June and July.
Read more

Automating Risk Assessments with Alyne

At Alyne, we are focused on providing cyber, compliance and risk professionals, as well as their clients, with next generation technology, expert knowledge and actionable risk insights, powered by Artificial Intelligence, to seamlessly identify, qualify and quantify their risks. Learn how Alyne’s solution will transform your risk assessment process and generate operational efficiencies, while providing your clients with an optimised, personalised and positive digital experience.
Read more

Facebook Data Privacy, Protection and Security Concerns

Data privacy is a global issue. As the world gets more connected, data privacy, protection and security concerns are gathering greater attention. It is concerning to observe that organisations are falling behind in their efforts to protect the privacy of users’ personally identifiable information (PII). In this article, we will provide a summary into the recent Facebook data breach and how Alyne can help global companies respond to increasing privacy, protection and security threats.
Read more