The widespread shift to remote work brought on by the pandemic has ushered in a new approach to work for many companies. Work is increasingly something we do rather than a place we commute to and from. Indeed, while some are returning to full-time, in-office work, many are looking at hybrid approaches, in which some employees work remotely at least part of the time. This requires a different approach to security, especially as digital transformation drives more users and computing out of the traditional enterprise perimeter.
The Rise of Hybrid and Multi-Cloud and the Impact on Cybersecurity
Even though cloud adoption has become mainstream, many enterprises still depend on their on-premises data centers for a number of reasons, ranging from protecting intellectual property and regulatory compliance, to cost optimization and resilience. The resulting hybrid computing model is going to be with us for some time. Indeed, Gartner predicts that organizations will spend $200 billion on data center infrastructure in 2021, resulting in a growth rate of 5.2%. The return to offices will also likely drive greater data center transformation spend.
Today’s enterprise data centers are undergoing a transformation to increase cloud usage. With cloud-connected data centers, enterprises benefit from the cloud’s control, scalability and cost savings. At the same time, organizations gain value from on-premises investments, highlighting the importance of hybrid cloud environments. A recent report by Fortinet found that, in fact, most enterprises are pursuing a hybrid or multi-cloud strategy. They’re doing this for integration of multiple services, scalability or business continuity reasons and the majority are using two or more cloud providers in addition to their on-premises investments.
Enterprises today need an adaptive network architecture that traditional models for securing on-premises data centers lack. Bringing a company’s data center up to date typically means connecting it to one or more cloud service providers, including public and private clouds. As the organization begins to plan out the modernization of its data center security to meet these new demands, it should consider a three-pronged approach that includes zero-trust access (ZTA) and converged networking and security solutions.
Implementing Zero-Trust Access
As IoT devices flood networks and operational environments, and users continue to work from anywhere, organizations need continuous verification of all users and devices as they access corporate applications and data. ZTA operates on the concept of trusting no person and no device automatically, and it requires identification for all requests for network access. This provides additional identity assurance by limiting user and device access to network resources on a need-to-know basis. Implementing ZTA includes requiring powerful network access control technologies, strong authentication capabilities and pervasive application access controls.
As remote and hybrid work models become standardized across all industries, secure remote access becomes more important than ever before. Applying the zero-trust model to application access makes it possible for organizations to avoid relying as much on the use of a traditional virtual private network (VPN) tunnel that provides unrestricted access to the network. Zero-trust network access (ZTNA) connections grant access on a per-session basis to individual applications only after devices and users are verified. This ZTNA policy is also applied when users are on the network, which provides the same zero-trust approach no matter where a user is connecting.
And since user identification, authentication, validation, and access permissions have become critical, it is essential for enterprises to restrict access strategically to ensure that only legitimate users can access appropriate network resources. This is what zero trust is all about: never assume anything can be trusted simply because it is “inside the perimeter”. This is especially relevant today, with more users and computing outside of the traditional enterprise perimeter.
The Convergence of Security and Networking
Organizations can secure both their on-premises data centers and cloud deployments by implementing an approach in which security drives networking. This security-driven networking approach brings together SD-WAN, advanced routing capabilities, and next-generation firewalls (NGFW). Converging security and networking removes the silos that lead to security weaknesses. With security-driven networking, the enterprise can design a holistic approach to cybersecurity.
Looking Beyond Today
Enterprises today must consider security to be an extension of connectivity because it should be integrated into every technology decision. The infrastructure that supports a work-from-anywhere policy requires connectivity plus security. This kind of connectivity means companies need a security model rooted in connectivity. However, this must be done in a way that makes sense for the organization’s future business plans.
CISOs must make sure that workforce mobilization technologies are scalable and eliminate security blind spots. This will enable greater protections for the remote workforce as attackers shift their focus to the expanded threat landscape created by remote work. Adopting point products can provide security for a specific use case, but adopting too many point products creates a scenario that is complex, lacking the scalability and flexibility enterprises need to secure data centers and the cloud.
Securing the Future of Work Takes a Strategic Approach
Hybrid and multi-cloud strategies have become a necessity for most organizations today, and their security has become paramount as cybercriminals have switched their focus to attacking the less-secure home networks. The proliferation of IoT devices has also added to the complexity of securing the network. ZTNA addresses today’s security needs so that employees can work from anywhere, using any device, without putting the organization’s network in jeopardy.
Learn how Fortinet’s adaptive cloud security solutions provide increased visibility and control across cloud infrastructures, enabling secure applications and connectivity from data center to cloud.
Jonathan Nguyen-Duy is a Vice President in Fortinet’s global Field CISO team. He is a well-known cybersecurity author and industry speaker with unique global public sector and commercial experience with a deep understanding of threats, technology, compliance and business issues. Jonathan holds a BA in International Economics and an MBA in IT Marketing and International Business from the George Washington University.