Why Integrating Network Technology & Security Makes Sense Now
1. Enterprise & Cloud
Why Integrating Network
Technology & Security Makes
Sense Now
EDITORS' PICK | 1,937 views | Mar 5, 2020, 10:07am EST
Louis Columbus Senior Contributor
GETTY
Bottom Line: Identities are the new security perimeter, making the
integration of network technologies and security essential for any
organization.
2. The cybersecurity industry has seen many smart, connected, next-
generation products come on the market recently, along with the service
that support them at the recent RSA Conference. In order for those
products and services to succeed, the organizations creating them need t
create tighter integration between network technology and security.
Employees, suppliers, service teams and, most importantly, customers,
all need anytime, anywhere access to cloud applications, platforms and
services, all in real-time. Add to that sky-high customer expectations for
network speed and low latency, and enterprises begin to see the perfect
conditions to forge a new approach to network technology and security.
Demystifying Cybersecurity Networks In 2020
Gartner, the world’s leading research and advisory company, has
observed a new trend of converging network services and cybersecurity
technology. That trend has become so prevalent that in the last year, the
Gartner coined the name Secure Access Service Edge (SASE) to describe
it. According to Gartner, “the secure access service edge is as an
emerging offering combining comprehensive WAN capabilities with
comprehensive network security functions (such as SWG, CASB, FWaaS
and ZTNA) to support the dynamic secure access needs of digital
enterprises,” that is delivered primarily as a cloud-based service in their
recent research report, Gartner The Future of Network Security Is In The
Cloud (Gartner subscription required) by Neil MacDonald, Lawrence
Orans, and Joe Skorupa published the 30 of August, 2019. You can see
graphic illustrating the convergence of these two services below:
th
3. GARTNER THE FUTURE OF NETWORK SECURITY IS IN THE CLOUD (GARTNER SUBSCRIPTION REQUIRED) BY NEIL MACDONALD,
LAWRENCE ORANS, AND JOE SKORUPA PUBLISHED THE 30TH OF AUGUST, 2019.
Executives identified the following factors that are accelerating SASE
evaluation and adoption across enterprises today:
The best digital business models adapt and flex in real-
time to customer requirements, unrestrained by branch
office locations. SASE’s design is responsive to the rise of
highly-distributed enterprises, and the strain they place on on-
premises systems. With SASE, a sales representative completing a
deal using their smartphone in a coffee shop has the same
application availability and security as one located in
headquarters. SASE is designed to flex and treat every identity as
4. new security perimeter. I believe this is why Gartner included Zer
Trust Network Access (ZTNA) in the framework. ZTNA protects
the proliferating number of endpoints across a growing digital
business.
Devices, not data centers, need to drive cybersecurity
strategies today. A large driver in the development of SASE is
the recognition that data centers don’t need to be the hub of their
networks anymore; in fact, relying on data centers constricts the
ability of any organization to stay adaptable. Smarter networks ar
using devices, identified by machine learning algorithms that
analyze their usage patterns, as the building blocks of network
security.
Building a business case for any new digital product or
service requires IT, security and real-time reporting to b
integrated. Considering how connected, contextually intelligent
and always-on customers expect current and next-generation
products to be, integrating networks and security is an essential
part of building a compelling business case. It’s become table
stakes for the future development of new products.
Today In: Enterprise & Cloud
Defining the SASE Identity-Centric Architecture
Given the business case for SASE and its foundational role for the next
generation of smart, connected products and contextually intelligent
services, the components that comprise the framework need to be
5. explored. Since its introduction last year, dozens of vendors have claimed
that they are already fully SASE compliant, many without understanding
the framework in depth. In my opinion, the key components of the SASE
Identity-Centric Architecture include:
Cloud-native microservices architecture capable of
handling policy-based contexts for users, devices and
applications. A true SASE architecture will be able to scale and
support identities and credentials, treating them as the new
security perimeter for an organization. The architecture will also
be able to provide real-time risk and trust assessments, role
definition, location, time and device profile data that is analyzed i
real-time using machine learning algorithms to evaluate and
quantify risk. Above all, the microservices architecture needs to b
constructed so that API-based cloud-to-cloud integration is
possible with minimal development effort. I believe that Infoblox,
a leading network services provider, has led the way in this regard
having invested in the cloud-native BloxOne platform for
containerized microservices over the course of the past several
years.
Define identities as security perimeters and keep them in
context relative to resource requests including real-time
cloud application access. This is one of the true tests of any
claim of SASE compliance, as it requires real-time orchestration
between networks and network security components. When a
vendor can properly accomplish this, the network can enable
anyone, anywhere to have the same access privileges, security,
6. application and resource access as a colleague located in an office
in headquarters.
SD-WAN integration that is adaptive enough to enable
remote locations leas-privilege access based on ZTNA
while providing real-time system availability. Integral to
the SASE Identity-Centric Architecture, SD-WAN is essential for
the framework to deliver the many benefits it’s designed for.
Real-time network activity monitoring combined with
Zero Trust Network Access (ZTNA) access privilege
rights to the role level. While Gartner lists ZTNA as one of
many components in its Network security-as-a-service, I believe i
is essential to treating identity as the new security perimeter.
ZTNA makes it possible for every device, location, and session to
have full access to all application and network resources and for a
true Zero trust-based approach of granting least-privileged access
to work. Vendors claiming to have a true SASE architecture need
to have this for the entire strategy to work.
The ability to combine data from all elements in the SAS
architecture and identify sensitive data, then adapt ZTNA
least privilege access to the role level. Another excellent test
to see if a vendor has a true SASE architecture is whether the data
generated can be used to fine-tune least privilege access. This
reflects how well data policies interpret and act on the quality of
security data. Understanding sensitive data in cloud-based
applications, databases and platforms requires APIs that inspect