A Look at 2022 Enterprise Security Strategy

Confirming the identity of users before they access critical applications and data is an absolute necessity for securing hybrid IT infrastructure.

Managed web application firewalls filter, monitor, and block HTTP traffic to and from an enterprise’s web application. Look for more of these firewalls in 2022, to the extent that each request to the WAF is inspected against a rule engine that is continuously updated with signature-based heuristics, IP reputation, and threat intelligence curated from global networks.  Suspicious requests can be blocked, challenged or logged, while legitimate requests are routed to the destination. Integrated load balancing and caching can speed the delivery of content and enhance the overall end-user experience.

Create a zero-trust security platform

Confirming the identity of users before they access critical applications and data is an absolute necessity for securing hybrid IT infrastructure. Multifactor solutions add an additional layer of access control to enterprise-hosted IT systems by making sure users are who they say they are and protecting you against phishing and other access threats.

As data centers and enterprises move into 2022, two-factor authentication platforms will become more prevalent, confirming any user on any type of device, anytime, and anywhere. This allows enterprises to create a true zero-trust security profile where all users—whether inside or outside of the infrastructure—must be verified. It also provides the endpoint visibility that companies need to get control of devices and the policy management needed to maintain compliance.

Those tools should include:

  • Multifactor authentication: Utilizes a variety of methods to verify user identities including Universal 2nd Factor (U2F) tokens, mobile passcodes, or phone confirmation.
  • Policy enforcement: Allows enterprises to set fine-grained policies to grant or block access attempts based on a user’s role, device hygiene, location, network, and a host of other contextual factors.
  • Compliance enablement: Confirms users’ devices meet your security standards before granting them access, helping you meet compliance requirements.

Compliance is pivotal and remains complex and ever-changing. Accreditations are critical in measuring standardized approaches to security and risk assessment, authorization, and continuous monitoring, essential for organizations in the digital age. Leaders from companies like DataBank point to the primary importance of ensuring compliance to make sure that customers have the tools, resources, and solutions they need to keep their data private and secure.

Among these, and possibly most important, FedRAMP is General Services Administration’s (GSA) Federal Risk and Authorization Management Program, providing a standardized approach to security and risk assessment, authorization, and continuous monitoring, which are essential for organizations in this digital age. For this, data centers need an authorization to operate (ATO) from multiple U.S. federal agencies, as they support healthcare organizations, financial services companies, merchants, and SaaS providers, helping them to keep their infrastructure, websites, and applications compliant. Key certifications come from organizations like FISMA, SSAE18, SOC1, SOC2, HIPAA, PCI-DSS, and Privacy Shield—GDPR and the PCI Report on Compliance (ROC).

Looking ahead, a new certification will soon be available, building on the FedRAMP requirement. The Cybersecurity Maturity Model Certification (CMMC) will review and combine various cybersecurity standards and best practices under one security framework for the entire DoD. Although the DoD is going with the CMMC as their standard, it is not discontinuing the FedRAMP model and will view certain levels of FedRAMP as compliant with the CMMC. These standards will be mapped across levels that range from basic cyber hygiene to advanced. For a given CMMC level, the associated controls and processes, when implemented, will reduce risk against a specific set of cyber threats.

Even with the specter of malware and security breaches as a bit of an industry overhang, the prognosis is good. Data will be stored and shared more safely and the relationship between the data center and the enterprise will only strengthen in 2022, as both use an increasingly diverse and sophisticated set of managed services and security tools.


Latest Updates

Subscribe to our YouTube Channel