'Bolt-on' in the information security industry refers to solutions that are typically added on top of networks, as an afterthought to address critical security issues, typically purchased and implemented after a network is designed.
In the past, we've deployed antivirus, Intrusion Detection Software (IDS), firewalls and more onto insecure networks. But that's not working anymore - as Akamai noted in their RSAC keynote, How Do I Get My Company to Ditch the Firewall.
They emphasized the death of a trusted network, protected by firewalls. That idea only works until an untrusted user or device enters the network - something that appears to happens more often than not.
According to Verizon's Mobile Security Index 2018 (PDF), only 61 percent of organizations said they own all mobile phones in use for work tasks - which means about a third of devices used for work tasks are not controlled by companies, making it difficult for them to enforce security measures or ensure devices are updated and patched.
Mobile and BYOD (Bring Your Own Device) pose potential risks - providing a gateway for malware or unauthorized access via compromised credentials into work applications. Bolt-on solutions that lack visibility or controls over access by these types of devices also lack the ability to effectively secure your organization against threats.
Going beyond bolt-on solutions requires taking a more holistic, integrated approach to building security into your ecosystem, as well as building for the future - being more strategic to ensure your security tools can scale as your company grows.
Ensure your solutions are not only effective enough to address mobile and BYOD risks, but are also engineered for ease and flexibility in deployment, provisioning, enrollment and ongoing management. How do your security solutions not only accommodate the demands of your busy IT/security teams, but also how your diverse user base works (as well as the unique access requirements for different user groups)?
Take a look at what’s going on behind the scenes while conducting risk assessments or evaluating the security and reliability of different vendors. Do they prioritize updating their own security solutions on a timely basis, and do they invest in a fully-staffed security team? How do they release security updates to their customers - can they easily update without scheduling downtime? The smoother their process is behind the scenes, the better for your team.
Can your solutions integrate well with other existing applications and technology - do they work without much custom configuration? Are there any native technical integrations that allow you to leverage critical built-in security functionality?
For example, Duo's integration with Akamai Enterprise Application Access (EAA) allows for seamless configuration of policies based on user and device trust, moving controls away from depending on the network perimeter as a measure of trust.
Pairing Duo's risk-based authentication and user/device policies with Akamai's secure cloud access service allows large enterprises to onboard all types of new users, from contractors and business partners to remote workers - in just minutes.
Stop investing in bolt-on security solutions that need to be ripped out and replaced as you grow, and focus on integrated, scalable and built-in security instead.