Building Consistent Security for Diverse LAN and Edge Networks
Security needs to be deployed consistently across every edge and tightly coupled with networking so that it can automatically adapt to changes.
August 26, 2021
Today's networks are all about adaptability, flexibility, and user experience. These core concepts are driving digital innovation and network transformation. The objective is for any user or device to connect to any resource using any application, regardless of location. To achieve this, most organizations now own a hybrid network composed of multiple edges: campus and branch LANs, datacenters, dynamic WAN connections, multiple private and public clouds, and mobile and remote workers.
This has introduced numerous challenges for IT teams. One of the biggest is that applications, workflows, and critical data often need to cross multiple network edges to complete a transaction. This makes it difficult to establish and maintain consistent visibility and control, especially when a network is highly dynamic. Complicating that challenge further is that most networks were not designed with an overarching strategy in mind. Instead, they were built piecemeal, an edge at a time, to solve the business-objective-of-the-moment. The result for many organizations has been vendor and solution sprawl on an unprecedented scale.
Security is a good indicator for understanding the complexity of this rapid adoption and deployment of new technologies. According to a 2020 report conducted by IBM, organizations had an average of more than 45 security tools in place. And each incident they responded to required coordination across 19 different solutions. Worse, most of these tools operate in isolation, making sharing threat intelligence and initiating a coordinated response to a cyber event next to impossible. As a result, security administrators have difficulty simply maintaining visibility across a hybrid network, let alone implement and enforce consistent policies end to end.
The question now facing many IT teams is: how can operators adequately secure their expanding LAN and edge networks, each with various devices and security levels in place – especially using the legacy security solutions they currently have in place? They can’t.
Today, when many remote workers are logging in from unsecured home networks and guest wireless is pervasive, cybercriminals are finding new attack vectors from which to breach the network. And the question is whether the variety of security solutions, access points, and endpoints will be able to detect and stop those threats.
Today, security not only needs to be deployed consistently across every edge; it also needs to be tightly coupled with networking so that security can automatically adapt to changes. And security needs to follow applications, workflows, and data from end to end. Focusing on connecting the users and devices to the applications and data is one of the basic concepts behind a zero-trust networking approach to security.
This starts with access control, including per-access application authentication, as part of a zero-trust strategy. A zero-trust approach identifies and authenticates every connection and every attempt to access an application, only granting access to resources based on things like user role, device, and location. This ensures that you can see and track everything on the network.
One of the most prominent mistakes organizations make is forgetting to think holistically about their networks when building out their network or selecting security solutions. Very few companies, for example, have made a full transition to the cloud. And yet, many have adopted a SASE solution that does not easily interoperate with their physical networks. Tools like SD-WAN – that bridge the gap between physical and cloud environments and weave security, connectivity, and advanced networking functions into a unified solution—need to operate seamlessly with SASE to provide a unified security connection from the branch to the cloud to the data center and campus networks. Similar solutions designed for home offices, mobile workers, OT networks, and cloud-to-cloud, user-to-cloud and user-to-user use cases need to be screened to ensure they can be fully integrated into the existing security framework.
Networks are not going to stop evolving. Today’s networks require a security foundation built around a unified, holistic strategy – one that can span and scale to an ever-changing network, follow data and applications from end-to-end, and that integrates security and networking functionality into a single solution for maximum flexibility and adaptability.
Peter Newton is senior director of products and solutions – IoT and OT at Fortinet.
Read more about:
Branch office connectivityAbout the Author
You May Also Like