Today’s networks are spread across so many devices and environments, many of them temporary and all of them in constant flux, that the idea of a perimeter has been almost completely abandoned. This transition is largely the result of an application-based business model. Users – both employees and consumers – need instant and reliable access to critical applications and streaming services anytime, anywhere, on any device.
To achieve this, most organizations have turned their networks into a collection of edges. In addition to the LAN edge, there is the new WAN edge, the multi-cloud edge, the distributed data center edge, the mobile edge and, most recently, due to the rapid relocation from home, an enormous increase in the home area, the office edge. And multi-edge computing (MEC) – a distributed, open IT architecture with decentralized processing power and a virtualized network platform – is just around the corner. MEC is based on 5G-enabled devices and infrastructures and uses mobile computing and Internet of Things (IoT) technologies to process data locally instead of transmitting it to a data center.
This level of innovation has changed networks so profoundly and so rapidly that traditional security tools can no longer provide the consistent security networks require. Traditional security solutions, often deployed after a network is set up, are designed to secure fixed perimeters and monitor predictable traffic and workflows between static network servers and devices.
Those times are over. Today’s collection of fringes is constantly changing. Not only do you keep adding and deleting physical and virtual devices, but you also create temporary networks and keep optimizing connections. And as big data, hyperscale architectures, SD-WAN, 5G, edge networks, and intelligent systems (like cars, cities, and infrastructures) become mainstream, these networks have to change even further. The current generation of security solutions simply cannot keep up.
Security-driven networks are designed for today’s digital business
Fortunately, there is a new generation of security designed for today’s complex, distributed, and dynamic environments. It starts with security-driven networking, an approach that tightly integrates a company’s network infrastructure and security architecture into a single solution. Getting security deep into the network in this manner is critical to effectively defending today’s highly dynamic environments. By deploying security-driven network solutions in all peripheral environments, companies can ensure consistent orchestration and policy enforcement in today’s highly flexible areas. This allows the network to redirect traffic, replace links, move resources from one domain to another, and scale dynamically without ever compromising the ability of security systems to track workflows, transactions, users, data, or devices.
To achieve this, a security solution strategy must be implemented that encompasses the entire life cycle of network development and deployment, with security as the central consideration for all business infrastructure decisions. With security at the center, networks can evolve, expand, and adapt without worrying that an expanded attack surface or security breach could put the company at risk.
Three important steps to implement a safety-driven network:
Secure PDIO: A security-driven network strategy must be part of the entire life cycle of network planning, design, implementation and optimization. However, it starts in the planning phase before everyone agrees what new infrastructures, applications and devices are needed. To do this, everyone must agree that any development must support a central strategy for the security structure – an approach to guaranteeing consistent transparency, orchestration, reaction and enforcement across the network.
Would you like a new cloud infrastructure? It doesn’t just have to be security. A security platform must be used that can act as part of the central security structure. Creating and Deploying a New Application? In addition to being able to see and inspect the application and its traffic, the security fabric should be built using the exact same security tools that are used to protect the rest of the network. And when virtual devices need to be powered up or powered down, or when connections need to be made between a branch office and business applications in the cloud, the security fabric literally needs to be part of that process, ensuring that security is always monitored and always shared and always ready reply.
Access control and segmentation: As new devices are added to the network, the integrated security system must automatically identify them and apply rules before granting access to network resources. This includes the automatic assignment of devices to secured network segments that have been enhanced with authentication for increased control and flexibility. These network segments are then monitored by the security structure in order to prevent unauthorized behavior, check applications and secure workflows, and increase access security deep into the distributed network. And because security and network are interconnected, any changes to the network infrastructure automatically include changes to security.
Consistent protection everywhere: Data never stays in one place. It is released, referenced, dismantled and processed. Security-controlled network protects data, applications and workflows along their entire data path by implementing a single integrated security structure, thus ensuring that the secure transfer of data and workflows between network domains is seamless. Achieving this requires integrated security platforms deployed across the network to consistently secure this traffic, even as it travels across and between different network segments, dynamic multi-cloud environments, data centers, and devices.
This requires a solution that is designed to function natively in all public and private cloud environments and has form factors that range from powerful edge devices for data centers, to small desktop footprints, to virtual solutions in cloud and cloud-based environments Solutions for securing devices and devices range from data outside the network, software that runs on endpoints, versions that are designed to run in a container, or versions that are added to an application to secure data and transactions. All of this needs to act as a powerful security solution in its own space, tracked and adjusted as the environment changes, and work as a single integrated system that encompasses all environments to achieve levels of visibility, control and response that were previously possible was not available.
Digital innovation requires security-oriented networking
Security-driven networking is an essential next step in securing today’s dynamic and evolving digital infrastructures. Security platforms that are integrated into a unified security structure and tied into the network infrastructure enable companies to take advantage of digital innovations and expand their digital footprint without exposing critical resources to new risks that arise from the loss of visibility and control – often due to the Complexity of the security attempt an evolving network with traditionally isolated products. Security-driven network is designed to expand and adapt in sync with the network, providing the flexible protection and control that today’s digital businesses need.
Take a security-centric networking approach with Fortinet’s Secure SD-WAN solution to improve the user experience and simplify operations on the WAN edge.
Disclaimer of liability
Fortinet Inc. published this content on December 28, 2020 and is solely responsible for the information contained therein. Distributed by the public, unedited and unchanged, on December 28, 2020 5:16:02 PM UTC