December 28, 2020 By BlueAlly
By Nirav Shah
Today’s networks are distributed across so many devices and environments, many of them temporary and all of them in a constant state of flux, that the notion of a perimeter has been almost completely abandoned. This transition has largely been the result of an application-based business model. Users—both employees and consumers—require immediate and reliable access to critical applications and streaming services at any time, from any location, on any device.
To achieve this, most organizations have transformed their networks to a collection of edges. In addition to the LAN edge, there is the new WAN edge, the multi-cloud edge, the distributed datacenter edge, the mobile edge, and most recently due to the rapid shift to work-from-home, a huge surge in the home office edge. And multi-edge computing (MEC)—a distributed, open IT architecture that features decentralized processing power and a virtualized network platform—is right around the corner. Powered by 5G-enabled devices and infrastructure, MEC leverages mobile computing and Internet of Things (IoT) technologies to process data locally rather than being transmitted to a datacenter.
This level of innovation has transformed networks so thoroughly and so rapidly that traditional security tools are no longer able provide the consistent security that networks require. Traditional security solutions, often deployed after a network was in place, were designed to secure fixed perimeters and monitor predictable levels of traffic and workflows moving between static network servers and devices.
Those days are gone. Today’s collection of edge environments are in a constant state of flux. They are not only continually adding and dropping physical and virtual devices, they also create temporary networks and are constantly fine-tuning connections. And as Big Data, hyperscale architectures, SD-WAN, 5G, Edge networking, and smart systems (such as cars, cities, and infrastructures) become mainstream, these networks will be forced to change even further. The current generation of security solutions now in place simply can’t keep up.
Security-driven Networks are Designed for Today’s Digital Business
Fortunately, there is a new generation of security designed for today’s complex, distributed, and dynamic environments. It starts with Security-driven Networking, an approach that tightly integrates an organization’s network infrastructure and security architecture into a single solution. Weaving security deep into the network in this way is essential for effectively defending today’s highly dynamic environments. And by deploying Security-driven Networking solutions across all of their edge environments, organizations can ensure consistent policy orchestration and enforcement across today’s highly flexible perimeters. This enables the network to reroute traffic, replace connections, move resources from one domain to another, and dynamically scale up and out without ever compromising the ability of security systems to track workflows, transactions, users, data, or devices.
Achieving this requires implementing a security solution strategy designed to encompass the entire network development and deployment life cycle, allowing security to function as the central consideration for all business-driven infrastructure decisions. With security at the core, networks can evolve, expand, and adapt without concerns that an expanded attack surface or security gap could compromise the organization.
Three Critical Steps for Implementing a Security-driven Network:
Secure PDIO: A Security-driven Networking strategy must be part of the entire network Planning, Design, Implementation, and Optimization lifecycle. But it starts in the planning stages, before everyone agrees on what new infrastructures and applications and devices are needed. And that requires everyone to agree that all development must support a central security fabric strategy—an approach for ensuring consistent visibility, orchestration, response, and enforcement across the entire network.
Want a new cloud infrastructure? It doesn’t just need to include security. It needs to use a security platform that can function as part of the central security fabric. Building and deploying a new application? The security fabric not only needs to be able to see and inspect the application and its traffic, but it should also be built using the exact same security tools used to protect the rest of the network. And when virtual devices need to spin up or out, or when connections between a branch office and business applications in the cloud need to roll over, the Security Fabric needs to literally be part of that process, ensuring that security is always watching, always sharing, and always ready to respond.
Access Control and Segmentation: When new devices are added to the network, the integrated security system needs to automatically identify them and apply rules before granting access to network resources. That includes automatically assigning devices to secured network segments that have been enhanced with authentication for increased control and flexibility. These network segments are then monitored by the security fabric to prevent unauthorized behaviors, inspect applications, and secure workflows, driving access security deep into the distributed network. And because security and networking are tied together, any changes to the network infrastructure automatically include changes to security.
Consistent Protection Everywhere: Data never stays in one place. It gets shared, cross-referenced, mined, and processed. Security-driven Networking protects data, applications, and workflows along their entire data path through the implementation of a single, integrated Security Fabric, ensuring that the secure handoff of data and workflows between network domains is seamless. Achieving this requires integrated security platforms deployed across the network to consistently secure that traffic even as it passes across and between different network segments, dynamic multi-cloud environments, data centers, and devices.
This requires a solution designed to function natively in all public and private cloud environments and comes in form factors ranging from powerful datacenter edge devices, to small desktop footprints, to virtual solutions running in cloud environments, to cloud-based solutions designed to secure devices and data off-network, to software running on endpoint devices, to versions designed to run in a container or be added to an application to secure data and transactions. All of these must function as a powerful security solution within their own sphere, track and adapt as the environment changes, and work as a single, integrated system that spans all environments to add a level of visibility, control, and response previously unavailable.
Digital Innovation Demands Security-driven Networking
Security-driven Networking is an essential next step for securing today’s dynamic and evolving digital infrastructures. Security platforms integrated into a unified security fabric and woven into the network infrastructure enable organizations to embrace digital innovation and expand their digital footprint without exposing critical resources to new risks compounded by the loss of visibility and control—often due to the complexity of trying to secure an evolving network using traditionally isolated products. Security-driven Networking is designed to expand and adapt in sync with the network, providing the flexible protections and controls that today’s digital businesses require.