How to Protect the Network When it’s a Moving Target

Moving goods over long distances from manufacturing facilities and distribution centers warehouses to retail locations requires coordinated workforce mobilization and communication. Remote access to the corporate network is a critical component for logistics and inventory management, including course-plotting and corrections, field updates, and supply chain data feeds.

Protecting the security and privacy of this data, when it is being created, shared and accessed across company headquarters, supply chain partners, branch offices and remote workers is more complicated than ever with the advent of cloud computing and mobile access devices.

With the lack of a defined security perimeter, preventing security breaches in transportation cannot be achieved by simply mandating the use of the corporate VPN. An outlying security challenge remains beyond your network hubs and physical sites. With a large base of many mobile employees that often use their personal devices for remote access to the network, companies are now forced to provide digital security wherever users go.

In many ways, for transportation companies a secure network handshake can resemble a long service haul.

That’s because a lot of network hops have to occur before a message or data download from a remote location arrives. For example, traditional VPN-protected traffic and transactions have to be hair pinned back to a VPN concentrator before being delivered. Often, users are tempted to bypass security to overcome performance bottlenecks introduced by remote VPN devices. This can open the door to cyber attacks.

Unprotected, remote users can be lured to phony landing pages, tricked into infecting their devices which leads to the spread of malware laterally across the corporate network. With a toehold established, bad actors can patiently scan, test, and compromise user privileges to access and steal sensitive resources and data.

For transportation, and many other industries, a new approach to network security has emerged. Instead of rerouting all user traffic to headquarters for inspection and policy enforcement, quality of service and advanced security is being applied at the network edge. By placing security as close to users and applications as possible, namely at the remote device level where access is sought, performance is maximized while protection is maintained since controls cannot be bypassed.

Research firm Gartner calls this new network security model the secure access service edge (SASE) because it places access control and authentication, network segmentation, secure cloud access, the principle of firewall as a service and an always-on VPN on the endpoint device.

SASE provides another important benefit for transportation companies, a ready-made architecture for implementing Zero Trust security. This concept is based on the principle that organizations should not automatically trust any user or device inside or outside the network and instead must verify every entity trying to connect to its systems before granting access.

By enabling network security policy to follow users and devices wherever they go, SASE can treat every connection with zero trust. It protects against infection, unauthorized access, and lateral spread by orchestrating access in a way that ensures trust is earned, not given.

Moving security to the edge of the network using the SASE principle is tailor-made for the transportation industry whose life-blood is the movement of goods, information and people.

About the Author: Tricia Bonora is Vice President of OPĀQ, a provider of security as a network service known as SASE (secure access service edge). She has more than 20 years of experience in security and networking.