Over the last two years, organizations have had to seriously up their technology game. They had to scramble to support remote working, move to new business models, and continue to meet customer demands during a global pandemic. Whether the changes involved improving efficiency by moving to cloud technologies or streamlining workflows with automation and 5G, many businesses have worked hard to digitize their operations to remain competitive. And the pace of change doesn't show any signs of slowing down.
Digital initiatives almost inevitably lead to a rapid expansion of attack surfaces and the creation of new network edges, whether it's LAN, WAN, 5G, or multi-cloud. But many organizations struggle to deliver consistent high-performance security across every edge. Because users need to be able to access applications in the cloud, data center, and SaaS platforms, there's a growing demand for security-driven networking solutions that can seamlessly scale.
Historically, security has been an afterthought, often tacked onto networking. But the concept of security-driven networking converges security and networking everywhere across the network to provide secure access to critical applications and resources, whether users are on-premises or accessing resources through the cloud. A security-driven networking strategy tightly integrates an organization’s network infrastructure and security architecture, enabling the network to scale and change without compromising security operations.
Bringing the Zero-Trust Model to the Edge
To defend themselves against increasingly sophisticated and complex cyberattacks, organizations need a way to deliver the convergence of security and networking everywhere while providing secure access to applications based on continuous validation of user identity and context.
The zero-trust network security model is based on the principle that a user or device can only be trusted after confirming their identity and status. A zero-trust edge architecture adds zero-trust principles to the concept of security-driven networking for secure user access with consistent, continuous verification, whether the users are on-premises, working from a remote office, or traveling. Zero-trust edge is a dramatic shift in network security. Instead of verification once at the network perimeter, it provides continual verification of each user, device, application, and transaction.
Building a Zero-Trust Edge Strategy
Building a zero-trust edge strategy requires consistent convergence of networking and security across all edges. This strategy simplifies the protection of the expanding attack surface regardless of where users or devices are located.
Organizations are replacing router and MPLS-centric networks with application-aware, direct internet access using SD-WAN. Although this approach improves the user experience, it can also increase risks. Most SD-WAN solutions do not have integrated advanced security, which means organizations need to add an additional security solution, which increases complexity.
Converging security and SD-WAN into a single solution reduces device sprawl, promotes a unified WAN edge policy, lowers costs, and protects LTE/5G connections. To prevent and detect threats, advanced integrated security includes intrusion prevention systems, web filtering, deep SSL inspection, and sandboxing.
For secure, fast, and more reliable broadband at the enterprise edge, secure SD-WAN solutions include LTE/5G options for high availability and high-performance connectivity. With costs far below MPLS and other interconnect providers, it also simplifies deployment and management.
LAN Edge Security Integration
As the number and types of network-connected devices and applications continue to grow, the LAN is often one of the largest attack surfaces in a network. Because attackers are increasingly attempting to access branch resources to launch attacks on the corporate network, a LAN edge solution must converge LAN, wireless LAN, and comprehensive, advanced security.
For visibility and consistent security, a next-generation firewall (NGFW) must be able to secure any network edge at any scale while integrating SD-WAN and LAN edge solutions. These firewalls should be able to handle high-throughput and SSL inspection (including TLS) without affecting performance. And access to applications should be implemented using zero-trust network access (ZTNA).
Automation, Management, and Analytics
A zero-trust edge strategy that converges networking and security helps relieve the burden on IT teams by simplifying operational management and providing broad visibility across all network edges. They can use converged network and security tools to maximize the efficiency and functionality of the network.
With networkwide granular visibility and analytics, both network operations center and security operations center teams can work with one consistent view, which helps improve communication and collaboration to speed troubleshooting.
Automation helps reduce human error, which is often a cause of outages and other network security issues. Using network automation to update configurations and replace tedious manual processes can help reduce network management complexity and improve security.
The last couple of years created a perfect storm of complexity for IT and cybersecurity teams, especially when they are also being asked to maintain high performance and a quality user experience. Zero-trust edge is the future of next-generation networking infrastructure because it brings networking and security together and keeps users, data and resources secure using zero-trust principals.
Nirav Shah is vice president of products and solutions at Fortinet. He has more than 15 years of experience working in the enterprise networking and security industry. Nirav serves as the products and solutions lead for Fortinet’s Security-Driven Networking portfolio with a focus on SD-WAN, network firewall, SASE, segmentation, and NOC products. Prior positions include senior software developer and senior product manager for enterprise networking and security solutions at Cisco.