In today’s world, working from anywhere is the new normal. But while this work model has become necessary, it has also created new concerns regarding edge security. Due to an increasing number of devices and cloud applications being employed by individual users each day, bolstering security across all endpoint and network edges has become more important – and complex – than ever before. With this in mind, organizations need a comprehensive security platform to ensure visibility and management – a capability that point products fail to provide.
This was the topic of conversation in a recent discussion with Fortinet’s Nirav Shah, VP of Products, and Peter Newton, Senior Director of Product Marketing, who came together to offer insights around the need for the convergence of networking and security as organizations work to protect data in distributed environments.
Can you explain how work from anywhere is changing organizations’ security needs?
Nirav – Comprehensive security platforms offer the visibility, control, and management necessary for security across the endpoint, network edges and cloud workload. Organizations need a solution that provides a simple yet effective management platform, and a collection of point products fails to meet these needs because they remain siloed.
As organizations move toward a hybrid work model, they want to see intelligent networking, moving their Capex to Opex while creating unified security and unified policy.
Peter – At the same time, zero trust is also becoming more important. From a security standpoint, it means not trusting anyone or any device. From a philosophical approach, it means addressing and protecting the user’s data applications. People working remotely and cloud delivered applications dissolved the organization’s perimeter, driving this need for zero trust.
How do Secure Access Service Edge (SASE) and zero trust help secure these new models?
Nirav – Secure access service edge (SASE) converges networking and security. This really started with the concept of SD-WAN, which now evolves along with SASE, as organizations were looking for cloud-delivered security to meet their IT stack where it resides. By moving to a cloud-based security solution, remote users – whether at home or in a branch office – have the “always on” protection with the consistent security provided in the cloud. They also have direct connectivity without needing to visit another branch or the data center.
SASE has another element in which SD-WAN plays a role: Networking-as-a-service. The intelligent edge modern technology that SD-WAN provides is vital for a successful SASE deployment. Suppose users can’t get the right application steering as they wait for cloud-delivered security to be offered. In that case, they are not going to get the user experience they want. Having the right SD-WAN foundation at the edge and working in tandem with cloud-delivered security creates a win-win for both the networking and security teams.
Peter – In combination with SD-WAN and SASE, building out a zero trust architecture further enhances security. Organizations no longer have trusted internal and untrusted external zones, so they need to regularly re-authenticate and re-verify both users and devices. Additionally, they need to onboard users and provide them access to assets and applications, but they also need to do that on the most granular level possible. This creates a shift toward the prioritization of Zero Trust Access (ZTA), which controls user and device access to networks, and Zero Trust Network Access (ZTNA), which controls access to applications.
Where do SASE and ZTNA diverge?
Peter – The two technologies are so complementary and similar since they both deal with remote worker security. However, SASE is more akin to a firewall in the cloud type of service. When this solution is deployed, the remote user gets the experience and protection from being behind a firewall that also acts as a security service.
ZTNA, on the other hand, is about controlling the application itself and giving users a secure tunnel to that access point. Ultimately, it’s all about having policies so that no matter where users are when they access specific applications, they can stay secure.
Nirav – What happens with the SASE model is that organizations rely more on technologies like SD-WAN to provide intelligent steering while everything else is being done in a cloud compute way for remote users and thin edge environments. This means that they don’t have to worry about security patching or any of those security capabilities – it is all done by the provider, like Fortinet, as they use the SaaS applications.
What trends are you currently seeing in the field of cybersecurity?
Nirav – Point products are no longer as effective for visibility and governance as they used to be. Because of this, companies are looking to develop security organically as part of a broader platform that integrates well and provides a 360-degree view. SASE, specifically, requires an enterprise-grade networking and security stack that includes SD-WAN, network firewalls, and flexible deployment across on-premise, cloud, or segmented networks. And when combined with ZTNA, this technology can provide consistent security and networking with a better user experience arising from a single point of management.
The SASE model is interesting because as customers move to the cloud, they’re not able to do everything all at once. They start with a hybrid approach, in which some applications stay on-premise and others are migrated. They need security in a segment, in an edge, and on the cloud. Having solid security in place is the number one requirement.
Peter – One major trend that continues to impact organizations is the lack of trained cybersecurity professionals. Cybersecurity is constantly changing, so it’s never too late to start a career or retool skills. Organizations need people who know cloud and on-premise. They need professionals who understand the traffic and data on the applications. This trend will continue because organizations have so much to do and need security skills to get everything done.
Today, cybersecurity moves so fast, you need that team approach to be able to protect and stop those breaches. Security is a team sport, and companies need strong products at each individual element that are taking together. That’s where Fortinet’s Security Fabric platform comes into play with an ecosystem of vendors that offer top-of-the-line technologies such as next-gen firewall, SD-WAN, ZTNA, sandbox, Cloud protection, and endpoint. The changing nature of cybersecurity doesn’t call for anything less.
Find out how the Fortinet Security Fabric platform delivers broad, integrated, and automated protection across an organization’s entire digital attack surface to deliver consistent security across all networks, endpoints, and clouds.