Why You Need to Turn Network Security Inside-Out
Myo Zarny | December 17, 2019
Myo is a Senior Director, Product Management for SD-WAN and Cloud Security at Open Systems
If you think a big change to your network security demands a big reason behind it, you’re right.
Digital transformation trends back up the idea that it’s time to completely upend how your organization approaches network security.
Let’s start with conventional network security architecture. The hub-and-spoke approach isn’t keeping up with the growing demands for dynamic secure access. The enterprise data center or branch office is no longer the exclusive access point by users and devices. It’s just one of many.
For starters, think about where your organization’s users are working. Chances are that a growing number are not on site. They may be traveling or maybe working at home, cafes or practically anywhere. In addition, the days of being tied to corporate-issued devices are long over. Employees are increasingly using “unmanaged” devices to access corporate apps and data, which can be anywhere, and storing sensitive corporate data everywhere (in on-prem data centers, in personal cloud apps, on personal or corporate-issued devices).
In fact, it’s likely that more work is increasingly being done off the enterprise network than on it. Sensitive data is increasingly being stored and accessed in cloud services rather than in the enterprise data center. And more user traffic is directed to public clouds than to the enterprise data center. The increased deployment of 5G and the proliferation of cloud apps will only accelerate this trend.
What These Changes Mean to Your Network and Your Security
Modern workflows are clearly heading away from the enterprise data center. Requiring routing through the enterprise data center slows performance, and may miss users who access services directly via a public cloud.
Rather than setting policies and controlling access from the center, there are important advantages to moving these functions away from the center — out to the edge and to wherever users and devices are.
The Future Is SASE
Secure Access Service Edge (SASE, pronounced “sassy”) is a new approach to network security based on where digital business is going.
Simply stated, SASE aims to bring security as close to wherever users and devices are as possible. Security becomes a cloud-delivered service that you can apply on users' devices wherever and however they may be accessing apps.
Security policies are enforced on demand via a robust and reliable cloud network, which provides security controls at the point of access. Policies take into account the user identity, type of device, time of day, geo-location, application identity, and sensitivity of data being accessed. Along with ensuring that each user gets the appropriate level of access and continuous monitoring, SASE means improved performance thanks to greatly reduced latency. In summation, with SASE, users get to access apps and data the way they want without incurring performance penalties, while IT gets to enforce security policies on the traffic.
How to Begin Making the Shift to SASE
According to Gartner, by 2024, at least 40% of enterprises will have explicit strategies to adopt SASE. The time to start planning is now.
If your organization already uses SD-WAN — software-defined wide area networking — you’re well-positioned for SASE because network hardware is already separate from its control. This is a logical, organic, and cost-effective way to begin making the shift to SASE with cloud-based control.
With our deep strength in both SD-WAN and security, Open Systems has been delivering a SASE solution since long before the category had a name. We can tailor the integrated SASE solution that will enable your organization to protect your organization while providing the dynamic access your users require. At the same time, you can greatly simplify management and operations, lowering costs.
Gartner, The Future of Network Security Is in the Cloud, August 30, 2019