Convergence in various technology domains like networking has been a strategic policy of organizations for well over a decade, beginning long before the virtualization of data centers. And that policy and the process required to achieve that has been accelerated through things like cloud adoption and the transition to a mobile workforce. The outcome, as it turns out, has led to complex environments, especially those built around a growing collection of largely isolated technologies. They are not only expensive to deploy and maintain, but they are also slower, much more difficult to adapt, and expose organizations to unnecessary risks.
Up until now, however, consolidation has been largely focused on the networking side of the house. The need to support business-critical applications, deliver data, and process workflows at increasing speeds have led to the transformation of the network infrastructure. Servers, routers, switches, and access points are being streamlined. Applications are designed to run seamlessly across and between different compute environments. But unfortunately, security has not been an integral part of this earlier digital transformation process. Instead, security had largely been left to fend for itself. Organizations still do things like deploy new network environments or compute services and then consider how to apply legacy security solutions to protect this new business domain after the fact. This has led to security vendor sprawl, decentralized management, fragmented visibility, and a Frankenstein architecture of disparate security solutions operating in isolation.
Given the realities of new business models, however, this approach to network security is reaching its dead end. Rather than converging networking on its own and then applying security on top, security and networking need to be converged. The speed of the digital economy, the demand for high-performance applications, escalating business demands, and continually increasing user experience standards mean that security cannot be left as an afterthought. Instead, security needs to be able to dynamically adapt to any and all changes happening at the networking and application layers. To do this, security and networking solutions need to be the same thing.
That’s the idea behind security-driven networking. When security and connectivity and advanced routing and switching functionality function as a single, integrated system, networks can grow, expand, evolve, and transform at the speed of business without ever worrying about the location of where the users are and where the services are consumed from, and without compromising on security.
Convergence Starts with Teamwork
However, for this to work, networking and security teams need to come together so they can function as a single team with a single vision and a single goal. The rapid adoption of Secure SD-WAN is a perfect example of how this happens. Many organizations quickly learned that trying to deploy an effective security strategy on top of an unsecured SD-WAN solution quickly devolved into a logistical nightmare and substantial unanticipated added costs.
But once networking and security teams came together to make a decision, they could quickly see that Secure SD-WAN, an SD-WAN with integrated security, not only provides the advanced connectivity, performance, and user experience they were looking for, but it also delivers the advanced security they require—and as part of the exact same solution. This level of security-driven networking convergence is absolutely essential if organizations hope to adopt faster, more dynamic, and increasingly adaptable business strategies.
Converging Networking and Security
Once networking and security teams decide that they need to work together, they need to begin identifying products rooted in security-driven networking principles to replace their legacy security and networking solutions. But convergence doesn’t end with a single, integrated product. These tools need to be designed to interoperate as a united platform of products, even if they come from different vendors – like an orchestra where all sounds deliver a harmonious experience. As we see further convergence across the multi-edge network—WAN edge, LAN edge, data center edge, cloud edge, remote worker edge, IoT edge, OT edge, and so on—providing consistent security at every “edge” without compromising on user experience will be crucial.
To achieve this, organizations not only need to be able to provide advanced connectivity, performance, and scalability but also reliable enterprise-class security on all those edges, as well as across and between them. Security-driven networking allows networking and security teams to not only put security anywhere at any edge but also manage, configure, orchestrate, and enforce policies consistently and automatically, and at the required scale. Once this idea is in place, and organizations see the powerful advantages of convergence built around security-driven networking, they will soon assume that whenever anyone talks about networking, they are also talking about security. That's because, for today's organizations to meet their business objectives, they can't afford to have people develop separate networks and security architectures. It has to be combined.
One of the biggest challenges is that the networks of most large enterprises are extremely siloed, making true convergence difficult to achieve. They may have thousands of applications, thousands of users, and huge networks built around data centers, branch offices, multi-clouds, and remote workers. So, it's a question of whether they have the willpower needed to bring their teams together. Mid-sized organizations, on the other hand, may have less complexity to deal with. But they also have fewer resources. Their challenge will be organizing their resources and building a simple to deploy and manage solution that can span their geographically dispersed network as well as grow with their business.
But regardless of size, the next most important place to start (after ensuring you have organizational alignment between IT and security) is to make sure you have the right partners in place. Like having too many cooks, too many different vendors can spoil the network. So another critical aspect of convergence, after converging teams and technologies, is to select fewer vendors and fewer platforms, relying on solutions that not only work together but that can be deployed and managed consistently anywhere across the distributed and hybrid network architecture.
The key to such a strategy is ensuring that these platforms, regardless of vendor, can work together. That includes things like centralized management, configuration, and orchestration for both security and networking functionality, open APIs and common standards so systems can see and share critical threat intelligence information, connectors that allow solutions deployed on different edges to work together seamlessly, and the ability to automate all those capabilities to do things like onboarding people and users really quickly as well as responding to cyber threats as a single, integrated defense system.
Architecting Networks for Security and Flexibility Starts with Convergence
A lot changed very rapidly for many organizations once the pandemic hit. Some of the lessons learned were painful and expensive. But most organizations now understand that they need to architect a dynamic networking solution designed to be flexible in terms of where people are, what devices they're using, what applications are in use, and what user experience is expected irrespective of scale and location. And it needs to be able to keep up as those demands continue to accelerate.
Once you've built a networking solution built on the foundation of security-driven networking—one that weaves security and networking functionality into a single system—you're ready for anything, whether adopting new applications, supporting a highly mobile and distributed workforce, or responding to a security event in the most effective manner. That starts with networking and security teams working together to solve the challenge of today’s networks, selecting solutions designed to converge networking and security functionality, and building networking using platforms designed to work together as an integrated, automated system so they can support any user using any application, on any device from any location with a strong and consistent security posture. That is the power of convergence.
John Maddison is EVP Products & Solutions at Fortinet.