When the topic of network and security convergence is in discussion, the song ‘Don’t Believe the Hype’ from the 80’s hip hop group ‘Public Enemy’ comes to mind. But unlike the song, security heads and CISOs should believe the hype.
Over the last ten years CISOs of businesses have needed to be fast on their feet as the pace of technology has accelerated and influenced the way businesses and consumers operate in the modern age. Digitalization is really driving businesses to rework their business models and create new services in innovative ways.
This entails the use cloud architectures and applications, big data and Artificial Intelligence (AI) in centrally configured data centres that now sit outside the enterprise environment. In addition, the growth in any place/any device/any setting, private networks (including 5G), and edge computing, is driving data away from the enterprise datacenter and closer to the user/device in a distributed manner.
Traditional network and security architectures fall short
Subsequently, from a network and security perspective traditional network and security architectures fall short as they fail to provide adequate security and levels of network control that a modern digital organization requires. Also, due to the uptake of cloud applications, majority of data traffic terminates to public cloud services and branch offices rather than enterprise private datacenters.
At this moment in time the majority of enterprises have in place a combination of security measures protecting both the enterprise perimeter and enterprise datacenter, as well as connecting externally to third party cloud environments running various enterprise applications like Salesforce and Office365.
Additionally, certain cloud based services will run closely coupled to the enterprise datacenter, and any form of cloud based proxy solutions, web and network firewalls protecting the perimeter, will be insufficient as majority of the data will be routed externally at datacenters outside the enterprise, with the relevant orchestration and policy controls in place, supporting an any place, any device and any setting environment.
Security vendor strategies are changing
The strategy to centralize security policies across physical, virtual and cloud based infrastructures, with adequate rules and policies, with correct levels of security based on application and workload, has been discussed many times over the last 3-4 years. Subsequently, the market is experiencing a change in vendor strategies, with traditional firewall vendors closely coupling their core security portfolios with their cloud offering, resulting in an increase in cloud acquisitions by leading players like including Cisco, Palo Alto Networks, and CheckPoint.
However, further market acceleration of digitalization in recent times has given way to redefine and re-introduce new frameworks developed by security vendors and third party organizations, i.e. like Secure Access Service Edge (SASE), which combines WAN and networking security functions, delivered in a ‘As a Service’ model to support secure access needs in future digital environments. The premise of SASE is that security capabilities are delivered as a service base on the identity of the entity, with real time context and Zero Trust.
There are many advantages in frameworks and solutions centrally driving security policy, converging networks and security. If executed effectively, key benefits can include, delivering more effective security solutions with the right policies in place, ensuring adequate security measures at key focal areas within the overall network environment (internally and externally), and improving performance/latency in applications like Unified Communications & Collaborations (UCC).
Complexity is a major issue
However, the market is in its early infancy in embracing a fully converged network and security environment with centralized policy control. From a vendor perspective there are a number of vendors jumping on their proprietary frameworks and the ‘SASE’ bandwagon as a way of re-enforcing their market messaging so that they are seen to be relevant in the marketplace.
However, in reality there are a number of hurdles to overcome to make frameworks like SASE mainstream. Some of these include changing the CISO mind-set in how they view their security environment, complexities and implications in how networks and security will fully converge and policies will work without further complicating the enterprise security architecture.
However, as enterprise digital environments evolve and change, and new architectures come in to play, particularly with the maturity of 5G, we would expect better and more innovative models to come into play which addresses the network and security convergence story.