SASE & Service Mesh for enterprise security | Pipeline magazine

By: Srini Addepalli

The rapid adoption of automation and interconnected systems has transformed modern enterprises, providing efficiencies and improved functionality. However, these developments also bring unique security challenges. This article examines the complex landscape and highlights the larger attack surface and potential vulnerabilities in automated and interconnected environments. It then identifies key features of a comprehensive security solution for these interconnected systems, highlighting critical features and benefits that organizations should consider when selecting a security approach for their evolving automated landscape.

Automation and interconnection mean the use of technologies such as artificial intelligence, machine learning, cloud computing, internet of things and edge computing to streamline processes, connect systems and share data across different domains and platforms.

Communicating systems can be software entities, such as microservices, or hardware entities, such as IoT devices. These communications systems can be housed in data centers or distributed across multiple geographic locations in Edges, Clouds, data centers, IoT networks, and others. Automation typically involves workflows in which one system output is passed to another system for processing. That is, an input to the front-end system can initiate a chain of events (data flows) across multiple systems, potentially spanning multiple locations, domains, and environments.

Communication systems can include containers, VMs, bare-metal services, public cloud services such as IoT platforms, SaaS services, IoT devices, or third-party services. With different environments such as hypervisors, Kubernetes, serverless platforms, AI and ML platforms or GenAI frameworks, any poor security configuration of hosting environments can affect both the performance and security of the automation systems.

Some components may not have the latest and most secure software installed. For example, IoT systems may not be able to update the software at all. This means they must be protected by security systems that limit their access to only approved connections.

When human users interact with a front-end system, they must authenticate themselves on request and the system learns their identity. For services, there are different types of identities that need to be taken into account for different access controls. Identities and related credentials include certificates, API keys, and long-lived JWTs. If credentials are compromised, attackers can more easily move laterally.

This means that while automation between connected systems helps companies improve their operations, increase their efficiency and give them an edge over competitors, it also poses serious security concerns.

Automation and interconnection increase the number and diversity of devices, systems and networks that cyber attacks can target. For example, a single hacked IoT device can compromise the entire network or allow access to confidential data in the cloud. Attackers can also use advanced and persistent threats to penetrate and control the processes of automated systems.

Automation and interconnection also create a diverse and dynamic environment that is difficult to monitor, manage and secure. For example, different devices and systems may have different security protocols, standards, hosting environments, and configurations, creating inconsistencies and security gaps.

Once they have breached an organization’s network by abusing its front-end system or even compromised third-party systems that share the same network as automated systems, malicious cyber actors often move laterally through the network and gain access to more confidential data and vital systems.

Traditional network security relies on a layered defense strategy; However, most companies mainly invest in protecting the network with perimeter security. When network users or components access the network from within the boundary, they often have broad access to various corporate resources. If network users or components are compromised, attackers can gain access to resources within the network. Because automated systems can perform actions involving multiple interconnected systems in an automated manner, it is important to ensure that security is built with a zero-trust mindset. Zero-trust security requires the following to comprehensively address security challenges:

You must authenticate and authenticate the client systems or users, and continuously monitor user activity patterns when granting or denying access to destination services. Minimal access (or granular access) is another part of zero-trust and ensures that only the required resources are accessible to the client systems based on their identity.