COVID-19 And A Case For Moving Security To The Network Edge

by Sachin

The COVID-19 pandemic was an event that few, if any, businesses were prepared for. Within a matter of weeks, life went from normal to “pandemic mode”, where “shelter in place” orders were in effect and businesses suddenly were supporting mostly or wholly remote workforces.

This sudden shift to remote work had several different effects on how organizations completed their daily business. A spike in video conferencing threatened to overwhelm services such as Microsoft Teams and Zoom. Businesses were attempting to cope with scalability issues of their own as the number of inbound virtual private network (VPN) connections exceeded the design limits of existing infrastructure. 

As teleworkers learned how to work securely from home, they were deluged with phishing emails designed to use COVID-19 (and its associated fear and uncertainty) as a tool to increase clicks on links and opened malicious attachments. At the same time, security teams were increasingly called upon to cope with IT tasks, such as helping employees configure personal machines to connect to the corporate VPN, rather than focusing on securing the enterprise against attack.

While COVID-19 was a “black swan” event, it has brought attention to an evolution of the corporate network that began long before. Users, devices, and data are moving to the network edge, yet organizations are using security models and tools designed for a primarily “on premises” enterprise. Adapting to the evolution of the enterprise network requires moving security to the network edge as well by adopting next-generation network and security solutions such as Secure Access Service Edge (SASE).

Perimeter-Focused Security No Longer Works

Many organizations are still operating based upon the perimeter-focused security model. While this model may have been reasonably effective in the past, the evolution of the cyber threat landscape and the enterprise network mean that this is no longer the case.

In the past, company networks were mainly composed of the enterprise local area network (LAN). Company-owned devices, including both employee workstations and servers, were located on-premises and connected directly to the LAN.

Since the company LAN typically has only a single point of connection between it and the public Internet, this enabled organizations to deploy their security solutions solely at this perimeter. Anything within the network was considered “trusted”, with all threats believed to originate from outside the network and hopefully blocked at the network perimeter.

However, this model makes a number of assumptions, including perfect protection and company devices deployed solely within the corporate LAN. As organizations increasingly adopt telework and cloud computing, this assumption that all devices will be located within the network perimeter is increasingly invalid. However, 85% of organizations have not transitioned to a zero-trust security model, which would eliminate these invalid assumptions.

Moving Security To The Network Edge

As network users and devices move to the network edge, traditional approaches to network security are no longer workable. When employees are working from home and connecting to cloud-based resources, there is no reason for their traffic to pass through the enterprise network. However, the only way to maintain visibility into business traffic and secure these devices using a perimeter-focused security deployment is to backhaul all of this traffic to the corporate network for scanning before allowing it to continue on to its destination.

However, this approach to network security has a number of drawbacks. One of these is the impact on latency-sensitive Software as a Service (SaaS) applications. Organizations are increasingly using these applications for core business functions. The latency associated with backhauling traffic through the corporate network could degrade or destroy application performance.

Another impact of perimeter-focused security in an increasingly cloud and mobile-dominated world is increased load on the organization’s on-site network and security architecture. If both the source and destination of traffic is outside the business network, then every packet must pass through the perimeter firewalls and Internet connection twice. This consumes additional network bandwidth and degrades the performance of security solutions.

A perimeter-based solution is no longer a good solution for enterprise network security. As users, devices, and data move to the network edge, security should follow.

SASE Is The Future Of The WAN

The enterprise WAN is rapidly evolving. Increased adoption of cloud computing and support for telework changes network and security requirements and introduces new cybersecurity risks. Remote workers share many of the same security risks as on-site workers but also introduce unique ones. To adapt to the evolving cyber threat landscape, organizations must replace perimeter-focused security with a zero-trust security model deployed at the network edge. This new approach to security requires cybersecurity solutions capable of supporting it effectively and scalably.

Secure Access Service Edge provides organizations with zero-trust, integrated network security deployed in the cloud. Built-in software-defined wide area networking (SD-WAN) functionality enables traffic from remote workers to be optimally routed to its destination, whether on-premises or in the cloud. An integrated security stack ensures that all traffic is scanned before delivery to its destination, ensuring complete network security and visibility. Cloud-based deployment enables SASE solutions to be deployed anywhere, minimizing network latency for geographically distributed workers and endpoints. 

By converging the functions of SD-WAN and a full security stack, all deployed in the cloud, SASE provides a scalable and effective security solution for the modern enterprise. This is why Gartner labels SASE as “the future of network security”.

You may also like