On the Edge: How Sprawling Networks Have Redefined WAN Security Requirements
Moritz Mann | October 15, 2019
Moritz Mann is Head of Product Management at Open Systems.
The notion of a self-contained network that lives inside a controlled, secure perimeter has been blown apart with the advent of cloud computing and the Internet of Things. Instead, technology advances have led to a sprawling profusion of networks and individual devices that live outside the network edge or on the near or far edge of centralized networks, creating new computing demands and security challenges.
When organizations began connecting their local area networks (LANs) across multiple sites, they created wide area networks (WANs). This WAN perimeter was the original edge. Once the internet and cloud were introduced, these WANs became more complex with more access points — including mobile devices — and more ways to connect, like MPLS, Wi-Fi, broadband, and cellular. All these devices connect to the WAN where the user or equipment is located at that moment. That endpoint is called the far edge.
Next, we saw the widespread introduction of smart sensors and actuators that we call the Internet of Things (IoT). A sensor — for example, a temperature sensor or a motion sensor —gathers information from the environment. It then turns that information into a stream of data that must go somewhere. Actuators then control what happens based on that data, such as a thermostat that changes the temperature in a room.
Some data must be collected, analyzed, and acted on in real time. For example, a sensor in an autonomous vehicle that needs to respond to an obstacle can’t wait for a round trip from the device to a central location in the cloud and then back. The latency time is simply too long.
So IoT devices must interact with an IoT gateway, which is an example of the “near edge,” where data processing can happen close to individual devices. Examples include a smart-city traffic-control box on a streetlight or a gateway device in a factory of smart machinery. Numerous devices can access this gateway without data having to travel to the cloud so that processing can happen in real or near-real time. It may also be sent to the cloud for aggregation and additional processing.
In many cases, however, you want to run these analytics at the near edge as opposed to in the cloud or on-premises. Why? Because it probably requires machine learning, which leverages vast quantities of data to make inferences. Large data sets can be expensive and time consuming to move, so it’s more logical to move the computing capability to where the data are. Later, you may also want to upload or store data in the cloud that already has been processed and/or needs to be processed in further tiers.
With data processing on the near edge, security and encryption has become a challenge because you must confirm not only that your cloud provider can provide the appropriate level of data security — the right ISO certifications, the right SOC audits — but also that the data running on edge nodes is secure.
Software-defined WAN (SD-WAN) provides an answer. SD-WAN separates the data from the control plane by an orchestration layer that allows organizations to establish policy-driven and intent-based control over the entire network. It can intelligently choose the right WAN protocol, whether it’s MPLS, broadband, or Wi-Fi. And it can change the protocol on a moment’s notice or combine them. For example, you may have one protocol to support your point-of-sales systems and another to provide customer Wi-Fi.
The business intent of how we want the network to behave to prioritize classic, SaaS, and IaaS applications can now be supported automatically as part of the network infrastructure. This automation is more important than ever due to the proliferation of endpoints at different points in the network, from a cloud endpoint that has an API, to an IoT device endpoint at the far edge, to a near-edge IoT gateway. Your organization must have strong policy-driven control and management of all of these endpoints.
You should also seek security in a trust list or a zero-trust environment, where each endpoint is essentially responsible for its own security. In a zero-trust environment, we don't assume that there is any trust.
To take a deeper dive into security at the sprawling edge in today’s networking environment, watch our recent webcast, “Managing and Securing the Sprawling Edge With SD-WAN.”