Iconium Software’s Rick Jones explains how geolocation services can bolster your company’s defenses in today’s ever-changing business landscape.
By Dava Stewart
When it comes to security, change is the only constant. Regardless of how carefully planned and meticulously implemented the security strategy of an enterprise with mainframe operations, the need to continually assess, update and protect operations remains constant. This is a change from the not-so-distant past, when on-premises mainframe operations were, by their nature, as secure as they could be.
As the centerpiece of business, data must be protected, and the way that’s accomplished is always evolving. Rick Jones, founder of Iconium Software, says geolocation should play an important role in securing data in the modern age, especially for organizations that store personal information or intellectual property.
Every enterprise has a unique combination of services or products offered, size, location(s), regulatory requirements, company culture and more. This variability makes it impossible for security experts to create security strategies that can be replicated successfully across companies. In other words, the security strategy that works for a nationally recognized bank is unlikely to work for a large insurance company. Although that may seem obvious, it’s a fact that can be lost in the chaos of attempting to secure data in the modern world.
Compliance requirements and security strategy maturity levels are two factors that indicate whether an organization is using or should be using geolocation as part of their security program. To cite an old example, NASA has a mature security strategy, and geolocation is an important part of it. Anyone accessing NASA’s system from outside of Huntsville, Alabama, must have very specific access credentials.
On the other hand, a regional bank may have a security program that’s compliant with the regulations for their industry, but it likely doesn’t include geolocation. “They’re not thinking about this because they think they don’t have that vulnerability,” says Jones. A comprehensive security strategy varies enormously from one organization to another, and from one industry to another.
— Rick Jones
Jones says very few organizations currently include geolocation in their security strategies. Even for those that do, in many instances, geolocation security is based on an IP address that can be spoofed. Newer technology is changing that. Just as communication changed with the development of the cell phone, so will security change and evolve with the use of artificial intelligence (AI), machine learning (ML) and the ongoing development of geospatial technology.
Security professionals and CEOs often have a false sense of security because they use networking devices to verify IP addresses. However, Jones notes that using a free VPN can evade such security measures. “You can use a free VPN, put in an IP range and it’ll plow right through,” he says.
Having a false sense of confidence regarding security ignores the fact that the threat landscape is evolving daily. He offers advice for maintaining a robust security strategy:
SPONSORED CONTENT
Converge Enterprise Cloud is an IBM Platinum Business Partner and leading infrastructure services provider. We offer flexible and customized private, hybrid or public cloud solutions that are supported by experienced talent and enhanced through unparalleled customer service.
Scalable and secure services enable our clients to focus on their core business while ensuring cost-effective, high-quality service and support. Explore our Mainframe-as-a-Service, Disaster Recovery-as-a-Service, Backup-as-a-Service and networking services in support of your recovery requirements.
Host your production processing in one of our SOC 2 mainframe data centers in a public or private cloud. Our mainframe team can provide a total dedicated cloud solution. In addition, our mainframe architects, system Ppogrammers and storage administrators are available 24-7-365 to manage your environment either on-premises or remotely.
With Converge Enterprise Cloud, you can move your CapEx expenses to OpEx, align your business requirements and reduce overall cost while utilizing the latest technology.
Converge Enterprise Cloud Mainframe DRaaS allows you to recover and test workloads in our secured cloud environment, providing cost-effective data replication and recovery options, generating faster recovery times and superior data security.
Our DRaaS program provides the necessary platforms and peripheral equipment to recover your business ATOT or ATOD. Recovery hardware is based on the overall recovery strategy and business requirements, and mainframe and storage hardware can be provided on a shared or dedicated basis.
Experience ease of mind knowing your data is being replicated in our secure SOC 2 Type II data center facilities environment. Converge Enterprise Cloud's backup services can utilize disk replication and/or virtual or physical tape, and we can provide all the necessary technology to support your recovery requirements. Through our network, mainframe environments can be connected to all distributed environments including IBM i, Power Systems, Intel and external clouds.
Download our free catalog of services to learn more.
Along with bad actors constantly looking for new ways to infiltrate security systems and steal data for nefarious purposes, organizations must also figure out how to keep things secure in an ever-changing security landscape. Prior to the pandemic, remote work was on the rise, but COVID-19 accelerated that trend in ways no one had ever really considered. Remote work increases the attack surface available. The risk of data breaches and cyberattacks is greater when people work from remote locations.
Richard Schoeberk, PhD, program chair and director of graduate studies, criminology and homeland security at the University of Tennessee Southern, told Security magazine, “[The COVID-19] pandemic has generated a surge of security threats in a variety of industries—there will be no return to normalcy. Security and risk professionals alike must be prepared with a plan, but also be prepared to adapt it for the current situation.”
Consider this scenario: A trusted employee, who has worked with the company for many years, and even has some privileged access, works remotely. But they get bored at home and begin working from the local Starbucks. Suddenly, the risk of cyberattack or credential theft, or other negative incidents, is far higher and it’s likely the employee isn’t even aware of that increased risk.
CSOs need to know where employees are working so that they can assess the safety of the work environment. Geolocation can mitigate some of the risks associated with remote work by verifying the location of users and devices prior to granting access. Using geofencing regionally, within a particular city or all the way down to the level of a street address is one way to make remote work more secure.
According to the Cybersecurity and Infrastructure Security Agency, “Cyber actors routinely exploit poor security configurations (either misconfigured or left unsecured), weak controls, and other poor cyber hygiene practices to gain initial access or as part of other tactics to compromise a victim’s system.” One problem the agency specifically notes is a lack of sufficient controls in remote services.
Increasing regulations is another area where change is constant. With the introduction of laws such as the EU’s General Data Protection Regulation (GDPR) and the California Consumer Protection Privacy Act (CCPA)—both of which require protection of personal data and transparency around how it’s collected, processed and stored—Jones thinks it’s likely that similar regulations will be passed in other locations. For the moment, some big companies pay fines for violating such regulations but Jones predicts a tipping point, where individuals may be held responsible for violations and data threats.
Security is a never-ending investment of funds, time and training, but the payoff is customer trust and loyalty, compliance and good standing and even useful business insights. Adding geolocation to an existing security program makes it more robust and adds protections such as real-time monitoring and alerting, which is a form of advanced threat detection. Jones says that understanding whether an out-of-bounds activity is a minor infraction of company policy or a serious threat is one of the benefits of geolocation monitoring and alerting.
Out-of-bounds activity goes beyond geographical boundaries. Companies should also monitor:
What time are systems accessed? Is it 2 a.m.? Is that typical for that specific user?
How frequently are systems accessed? Is there an abnormal amount of login attempts?
What specific parts of the system are accessed? Has sensitive company data been accessed?
How much data is being accessed? Is it more than usual?
This information helps enterprises identify unusual activity and defend against attacks as they evolve. Security teams can send alerts and create barriers when out-of-bounds activity is identified.
Geolocation provides comprehensive, customizable protection for an organization’s mainframe data and can be adjusted to meet the current needs. Perhaps a manufacturing company needs a particular level of protection now but expects to expand in a few years. Geolocation protections can be adjusted as circumstances and threat levels change.
Jones says adding geolocation to a security strategy is a way to improve its effectiveness. “Geolocation is and add-on to your current security stack,” he says. The advanced threat detection, real-time monitoring and alerting are additional tools to protect the most valuable asset in modern business: data.