You Can’t Protect What You Can’t Reach: Why Collapsing (Some) Security Functions into Networking Makes Sense

Markus Nispel Chief Technology Officer, (CTO) - EMEA Published 22 Sep 2022

As we move into a post-pandemic world, enterprises are now infinity distributed. Users require secure access to corporate resources deployed anywhere in local and cloud data centers from anywhere at any time. So, what are the security challenges in this Infinite Enterprise as we move forward? We can summarize the security hurdles in front of us in three words: cost, complexity, and scale.

The costs of today’s security solutions are already high and rising. As enterprises become more distributed, secure access service edge (SASE) “bolt-on” solutions increase costs even further. Additionally, the existing security landscape consists of a plethora of solutions that are loosely connected at best. They are not orchestrated together, difficult to deploy, and are error-prone due to a lack of integration. Security and networking professionals alike desire simplicity, not complexity.

Of course, one of the biggest challenges is, how do we provide a frictionless experience for users across any type and any location of access while maintaining consistent security at scale?

The traditional VPN security solutions for remote access are no longer scalable, and certainly do not provide a frictionless experience – and are typically not used within the office and campus networks either. In recent years, the rise of mobile access and cloud-deployed applications has led enterprise companies to re-evaluate traditional security approaches. A re-evaluation is urgently required as recent breaches through VPN access have shown. The attack on the ride-sharing company Uber is one of the latest amongst a series of hacking attacks against prominent enterprises compromised via VPN.

So began the paradigm shift away from perimeter-based network security and towards zero trust architectures that can apply policy based on Identity and additional context across an entire enterprise, where each endpoint becomes a micro-perimeter in itself.

According to NIST, “Zero Trust (ZT) is the term for an evolving set of cybersecurity paradigms that move defenses from static, network-based perimeters to focus on users, assets, and resources. A Zero Trust Architecture (ZTA) uses zero trust principles to plan industrial and enterprise infrastructure and workflows. Zero Trust assumes there is no implicit trust granted to assets or user accounts based solely on their physical or network location (i.e., local area networks versus the internet) or based on asset ownership (enterprise or personally owned).”

In other words, while ZT is based on age-old security principles, it departs from the notion that network access can be “trusted” once inside the perimeter. Instead, secure access is based on a least privilege principle right at the micro-perimeter, the endpoint. Try and think of Zero Trust as a reimagined approach to access control, designed around the evolving cybersecurity threat landscape.

A Zero Trust framework can consist of a variety of cybersecurity principles that reduces the reliance on defense of an enterprise’s security perimeters such as:

  • Protecting individual resources, rather than network segments
  • Validated all attempts to access resources to further reduce risk
  • Microsegmentation to partition the enterprise resources including the user and endpoints into very small `micro-perimeters’

Every endpoint is part of your network and so part of your security solution. So why treat your network infrastructure and access security systems as separate solutions? Instead, they should be fully integrated.

IT networking infrastructure and access security solutions have long been treated as two separate entities. The networking infrastructure requires protection which means security solutions have traditionally been deployed as overlay solutions. As a result, companies seek out security vendors that offer the necessary solutions often not provided by enterprise networking vendors. While often effective, these overlay security solutions create operational challenges that are complicated, guaranteed to increase cost, limited in scale and are difficult to manage.

At the same time, businesses are experiencing massive growth in data and distribution of access and applications at an unprecedented scale, which means companies need to be more agile than ever. They need to be able to scale their network, but at the same time, they need to scale their security solutions. Do you see a problem?

First, not all systems scale to the same level, and have you ever tried to scale up two disparate systems at the same time? The biggest challenge is keeping the systems manageable when they either expand or contract. Scaling the network becomes more complicated and costly when you need to scale your security solutions alongside. The answer?  Convergence.

Zero Trust has gained more recognition among IT professionals as the world becomes increasingly dependent on cloud computing, mobile devices, and other forms of non-traditional access. And the concept of Zero Trust will be a significant driver towards merging networking and access security solutions in the enterprise. Governments are starting to demand to implement those principles within their IT infrastructure too.

Zero Trust should be considered a key cornerstone of the Infinite Enterprise. How do you build this foundation? First, proper Zero Trust security needs to be built into the network, not bolted on as an overlay. Collapsing security into networking just makes sense. Second, the principles of Zero Trust should be enforced for all devices and users, at any location, to all applications. Third, and most importantly, user experience is king. A frictionless security experience for users will result in wider adoption. The endgame is enhanced security in your Infinite Enterprise.

Get the latest stories sent straight to your inbox!

Related Stories