Preparing to Secure the Intelligent Edge
Organizations need a security-driven networking approach that combines networking and security into a holistic solution to protect any edge the moment it is created.
For organizations of all sizes, the promise of greater agility, innovation and accelerated time to market, at speed and scale, has driven the adoption of cloud solutions. These macro trends were further accelerated by COVID-19, but at the same time many organizations are finding that not all applications can or should be migrated to the cloud. Indeed, there’s a greater appreciation for a hybrid approach and we are now seeing companies pull some data and applications back into their core data centers, creating a mix of on-prem and cloud environments. The new distributed network, including the new home office and transformed branch office, has added another layer of complexity. As we have seen in 2020, the reality is, there isn’t a one-size-fits-all network architecture, and there isn’t going to be one. That makes things like securing the network more challenging than ever.
The rise of the smart edge
One of the latest emerging architectures is edge computing -- a distributed computing model that places computation and data storage closer to where it is needed, with the goal of improving data accuracy and response times for better business and quality of life outcomes. A smart edge takes this concept a step further. It is a cloud-native, scalable, and secure virtual platform that enables software-as-a-service (SaaS) applications to be deployed in or as close to the network edge as possible. It relies on high speed networks like 5G to ensure high performance and reliable connectivity. With a smart edge in place, enterprises and communications service providers can enable cloud-like services closer to the user, whether on the customer-premise or at the network edge.
The next few years will see this trend accelerate. Gartner predicts that more than 50% of enterprise-generated data will be created and processed outside of the data center by 2022, up from less than 10% in 2019. This will be enabled by the rapid deployment of 5G, which is expected to cover 40% of the planet by 2024. By then, 25% of all mobile traffic will be generated by more than an expected 1.5 billion 5G-enabled devices, making the support of edge networks an important business strategy. By next year, experts estimate that 40% of large enterprises will have integrated edge computing into their distributed network models. Other organizations will be quick to follow.
Traditional security solutions are not ready for edge computing at scale
IT leaders must not only begin planning for the impact of this surge in the volume, variety and velocity of data this will generate, but also decide how they will provide the security and management needed. One challenge from a security perspective is that many of these new edge networks are both ad hoc and temporary. This means that security has to be able to be deployed simultaneously in both virtual and physical environments so that interactions between edge devices, the physical network, and the cloud, along with WAN, LAN, and broadband connections, are automatically inspected and protected. That security must also provide deep inspection and policy enforcement at the 5G speeds the expanding edge network is operating at.
The challenge is that few organizations have access to the kinds of security solutions that can automatically deploy, scale, and adapt to these new highly volatile environments -- which means that many of these ad hoc networks will either be unsecured or undersecured. And even should they find a solution, they will find that it is not integrated into their larger security framework, which means they will have further sacrificed centralized visibility and unified control in favor of performance and digital transformation. History demonstrates that ad hoc solutions lead to gaps in visibility, integration and control, and these gaps are often exploited by cyber adversaries.
Cybercriminals are preparing to exploit the new edge
Cybercriminals are all too ready and eager to target this new edge environment. Malware targeting endpoint devices will be used to detect and exploit edge networks. They will be used to collect information, spread malware, and create botnets. Processing power will be hijacked for things like cryptomining and cracking encryption algorithms. Advanced malware will sniff data using new EATs (or Edge Access Trojans) to do things like intercept voice requests, compromise systems, or inject commands. Adding cross-platform capabilities to EAT threats through the use of a universal programming language like Go will make EATs even more dangerous because they will be able hop from device to device regardless of the underlying OS.
The need for security-driven networking
What organizations need is a security-driven networking approach that combines networking and security into a holistic solution that can begin protecting any edge the moment it is created. And this is for any edge, not just new smart edge platforms. The one thing in common for the next generation of networks is that they will all require security across the LAN, WAN, and cloud edges. The practical reality is that the number of edges will expand -- scaling up and out to meet shifting business needs. And they are highly sensitive to issues like latency and jitter.
In today’s world, where businesses run on applications, user experience is the gold standard. Any impact on application, network or security performance can have devastating business repercussions. Therefore, we need solutions that integrate networking and security to ensure business outcomes and end user experiences. Organizations can’t afford security solutions deployed as an afterthought or as an overlay. Adding complexity will only undermine the power and usefulness of edge networks. Indeed, an overlay security system constantly struggling to keep up with dynamic changes in the network will introduce security gaps that can be easily exploited.
A security-driven networking strategy addresses all of these challenges. It is much more than simply integrating security into the network. Instead, networking and security have to be conceived, deployed and operated as an integrated solution. Security needs to be woven into the DNA of the network so every decision to change a connection, add or remove a device, collect or transmit data, or access an application includes a security component that is also monitoring and inspecting and enforcing security policies every step of the way.
AI-enabled edge security will enable the next phase of business transformation
Additionally, the speed at which malicious cyber events can occur will also require the inclusion of edge AI, or edge intelligence, so that organizations can fully unleash the potential of the edge while responding to threats in real time. This will require an integrated security architecture that not only leverages fast edge processing to make split-second decisions about threat events, but that also ties the core, the edge, and the cloud into a unified system so AI systems can perform locally but share intelligence globally.
This security fabric approach ensures that all policies are managed and enforced consistently, that visibility and control is maintained across the entire network, and that all policies are centrally orchestrated. Adding AI enables security responses to occur as close to the event as possible, just like any other edge compute function. This way, businesses can confidently and securely expand their digital transformation in ways that will ensure they remain viable and competitive, even when the next new network edge arrives.
Learn how Fortinet’s Secure SD-WAN Solution uses a security-driven networking approach to improve user experience and simplify operations at the WAN Edge.
Jonathan Nguyen-Duy is a VP in Fortinet’s global Field CISO team. He is a well-known cybersecurity author and industry speaker with unique global public sector and commercial experience with a deep understanding of threats, technology, compliance and business issues. Jonathan holds a BA in International Economics and an MBA in IT Marketing and International Business from the George Washington University.
About the Author
You May Also Like