Intranet and Extranet security are an increasing issue. As most organisations have welcomed intranets and extranets enthusiastically, which is hardly surprising. The technology provides financial savings and is easy to install and use, enabling cost-effective and productive new ways of working.
Organisations are using the software to distribute information efficiently and quickly. They are building a variety of self-service applications to help reduce administrative costs. They are improving employee collaboration across the organisation and with external business partners.
As extranets and intranets become more widely used, new security challenges are emerging. Many organisations are deploying access control technology and firewalls to improve intranet & extranet security as hackers become increasingly sophisticated.
What is an Intranet and Extranet – The differences?
An intranet is a network that is restricted to a particular enterprise, organization, or group of related organizations.
Extranets are networks that are accessible to both the organization that created them and to outside entities as well.
Increased Intranet and Extranet Security Issues
Unless efficient security precautions are taken, data can be breached and altered, without either the sender or the receiver being aware of the interception. The growth in the complexity of networks has increased the possible points of attack, both from within organisations and from outside the company. Fortunately, the means of protecting against hackers have also expanded in line with the technology.
Two of the most popular security precautions are firewalls and passwords. Firewalls are installed to provide a perimeter defence mechanism, preventing unauthorised individuals outside the organisation from accessing sensitive data inside. In contrast, passwords are used to prevent unauthorised individuals from gaining direct access to sensitive data stored on the servers.
Firewalls provide a solution to breaches from outside the organisation, but are not as effective against attacks from insiders, such as disgruntled employees or contractors, for example. Passwords are often too easy to guess or can be intercepted as they pass over corporate networks. While a strong password can prevent someone from entering a server to view confidential data, passwords can be ineffective as data passes between the client and the server.
Data passing outside the firewall, between corporate servers, branch offices, suppliers, customers, and remote employees, can be intercepted by hackers, who do not necessarily have to get into your system.
Types of security risks
Security breaches on the digital workplace can take place in numerous ways. An unauthorised person, such as a visitor or contractor, could gain access to an organisation’s computer system. Any employee, contractor, or supplier who is authorised to use the system for one particular purpose could use it for another. For example, an unauthorised person might attempt to break into the human resources database to view confidential salary details.
A hacker might intercept confidential information as it’s being sent to an authorised user. Users who are sharing documents between geographically separate locations over the intranet or extranet, or from their home computer, can inadvertently expose sensitive data to breaches. Similarly, electronic mail can be intercepted in transit.
How to combat security breaches
Fortunately, there are many techniques which can address these security risks. The most important considerations include authenticating system users. This will ensure that individuals who are sending and receiving messages, or accessing systems, are who they say they are and have the access and privileges to undertake these actions.
Features can be installed to ensure privacy, enabling only the intended recipient to view an encrypted message. In addition, content integrity can be assured, to guarantee that the messages have not been accessed or altered by a third party since they were sent.
The source of a message can be established, so that a sender cannot later deny sending the message. The security features can be installed without unduly restricting the system users’ ability to carry on with their daily duties.
Make security measures user-friendly
Organisations must develop efficient security measures to survive and must find a way to ensure compliance with them. If users find security measures too time-consuming and difficult to use, they will try to find ways around them, putting the intranet and extranet at risk.
Companies can ensure consistent compliance to their security measures by systematic application, so that the system automatically enforces the security policy, to make sure it is always maintained. It’s also important to make it easy for users to navigate. The more transparent the system, the easier it is for employees to use and hence they will be more likely to comply with all the security requirements.
In an ideal situation, security policies must be built into the system, so users will not need to read detailed manuals and follow complicated procedures. The same security system needs to be effective for all the applications that a user is likely to employ. Whether an employee is sending an e-mail, accessing a server via a browser, or communicating remotely, the security system should be as simple to use for all applications.
Take security seriously
While computer hackers breaking into corporate systems receive more media interest, in reality, insiders such as employees, contractors, former employees, and other suppliers are more likely to attack their own company’s computer systems. A survey of 520 security practitioners in corporations and other organisations revealed that 44% had suffered unauthorised access by employees compared with only 24% reporting system breaches from the outside.