several common attack vectors,  VPNs limit operational flexibility in that they  don’t allow for dynamic
            access based on conditions and user context.

            Make Secure Remote Access a Business Enabler

            For data center operators, maintaining building management systems is a non-negotiable requirement.
            Many data center operators are looking for an alternative to the VPN. The answer for many operators of
            sensitive industrial systems, including data centers, is the Software Defined Perimeter (SDP). One of the
            big advantages of SDP is the ability to enforce least privilege access to third-party support organizations.


            Unlike  with  a  VPN,  SDP  can  allow  access  to  specific  systems  included  in  a  contractor’s  support
            agreement  without  giving  them  wide  access  to  the  network.  As  an  example,  the  RF  code  wireless
            temp/humidity sensors in some data centers are supported by specialized service providers. Using SDP,
            CISOs can limit the contractor’s access to those servers without opening up our other BMS platforms.
            CISOs can also use SDP to ensure that the contractor’s machines meet security requirements before
            they connect. If the laptop is not sufficiently updated and protected by antivirus software, SDP will block
            the connection. These additional audit and security controls are a far superior solution than legacy VPNs.


            As data centers look to fortify their security posture, there is the realization that a full-scale overhaul isn’t
            economical. Incremental refreshes are, however, so as components and systems such as humidifiers or
            cooling systems are updated or replaced, cost, efficiency, and security must be paramount. Outmoded
            systems that require people onsite to run them open enterprises up to future vulnerabilities to threats that
            are known, unknown, or unforeseen — such as a pandemic.

            Designing ICS and data center systems that are naturally and organically configured for secure remote
            access produces a number of benefits. First, remote access can result in cost savings over on-site access
            requirements as the latter incur additional travel and head-count costs. Second, modern remote access
            tools  improve  security  flexibility.  Lastly,  remote  access  allows  for  separation  between  operators  and
            vendors  that  adds  to  resilience  against  operational  interruptions  caused  by  pandemics  and  natural
            disasters.

            Planning for the future means moving secure remote access toward the top of the list of criteria for IT
            investments. The world has changed dramatically. We must ensure our security solutions keep pace.



            About the Author

            Leo  Taddeo,  Chief  Information  Security  Officer,  Cyxtera  Technologies  and
            President, Cyxtera Federal Group, is responsible for oversight of Cyxtera's
            global  security  operations,  investigations  and  intelligence  programs,  crisis
            management, and business continuity processes. He provides deep domain
            insight into the techniques, tactics and procedures used by cybercriminals, to
            help Cyxtera and federal agencies defend against advanced threats. Leo can
            be  reached  at  @LeoTaddeoCZ?  and  at  our  company  website
            https://www.cyxtera.com.






            Cyber Defense eMagazine –June 2020 Edition                                                                                                                                                                                                                         28
            Copyright © 2020, Cyber Defense Magazine.  All rights reserved worldwide.