A popular misquote attributed to Mark Twain states, “The reports of my death have been greatly exaggerated.” Although he never said exactly that, Twain was widely rumored to have died in 1897 when, in fact, he was very much alive. This is relevant to the convergence of networks and security today.
In the technology realm, we’re experiencing the same thing when it comes to networks. There are some cloud vendors that are proclaiming the traditional network to be all but dead. In effect, they’re saying, “don’t worry about the network; just move everything to the cloud.” But like Mark Twain, the reports of the demise of networks are greatly exaggerated. In fact, networking (albeit hybrid) remains crucial. And ensuring consistent security across the network is more critical than ever, particularly in terms of extending the enterprise-grade protections enjoyed in the traditional core network to all of the new edges being deployed.
Whether for business purposes, compliance issues, centralized control, cost savings, availability, or security, the reality is that there are many reasons why most organizations still don’t have cloud-only deployments and instead have hybrid networks. Of course, few have only a traditional data center network, either. The fact is, today’s networks are evolving and converging, to include the transition to virtualization and the cloud, the rapid adoption and integration of IoT, and the reliance on applications as a central pillar of modern business. And as big data, hyperscale architectures, SD-WAN, 5G, edge networking, and smart systems such as integrated buildings and infrastructures become mainstream, networks will be forced to change even further.
But the network as we know it is still far from dead. However, today’s highly distributed networks are more complex than ever. Critical resources and applications are now spread across datacenters, distributed branch and home offices, and multi-cloud environments. Users may need access to resources that are on premises, in a virtual cloud, or public cloud. What is dead, or, at least, no longer viable, is the legacy approach to security that we have been relying on to secure our evolving networks.
The Convergence of Networks and Security
Traditionally, security solutions could be easily deployed after a network was designed and deployed because all that was needed was to secure fixed perimeters and monitor the predictable traffic and workflows moving between static network servers and known, external devices. But new demands have put increasing pressure on this model. Today, all components of the network, regardless of how widely distributed, need to function as a single integrated system. And at the same time, most of those elements also need to be seen as a discrete edge to the network. As a result, interoperability between dynamic network elements is essential. But so is protecting transactions, applications, and workflows moving from anywhere to anywhere. So what needs to happen at the network level is that connectivity and network functionality needs to be seamlessly coupled with security. That way, when data moves from one place to another, across and between devices that are constantly in motion, it needs to be integrated with the inspection, encryption, and policy enforcement that is just as agile.
Because networks now have many edges, it’s impossible to create the sort of single defensible boundary most legacy security tools were designed to defend. Instead, applications and workflows now may span multiple environments in a single transaction, which means security needs to be applied consistently on the LAN, WAN, cloud, and remote user edges. And the dynamic connections between these environments also need to be both reliable and secure. No matter what device is being used, any user of any edge must be able to securely connect to any other edge or collection of edges at any time from any location.
The challenge is, when you look at the cybersecurity marketplace, most networking vendors still only provide that bolt on security. And far too many still haven’t quite figured out modern networking. As a result, wiring closets (both physical and virtual) are now filled with an array of single-point solutions that address only a specific area without considering the overall threat landscape.
The Need for a Security-Driven Networking Strategy
A better way to think about networking is as a holistic converged solution, where networking and cybersecurity work together as a unified system. Instead of focusing on networking or security separately, organizations need to develop a security-driven networking strategy that tightly integrates the organization’s network infrastructure and security architecture. This allows the network to scale and change and adapt without ever compromising security. To effectively defend today’s highly dynamic environments, organizations need consistent enforcement that can span and adapt to flexible network perimeters. To do this, security needs to be woven deeply into the network itself.
Rather than relying on a series of discrete security components, a modern security strategy needs to start with a unified security platform that encompasses the entire network development and deployment life cycle. This approach helps ensure that security functions as the central consideration for all business-driven infrastructure decisions. With security at the core, networks can evolve, expand, and adapt without concerns that an expanded attack surface or security gap could compromise the organization. This type of security-driven networking enables organizations to address five critical elements:
- Design and planning. A security-driven networking strategy enables teams to begin weaving security into a new strategy during the planning stages, so everyone can agree on an approach to new infrastructures and applications and devices that meets and supports a pre-defined central security policy.
- Access control and segmentation. When new devices are added to the network, they should be automatically identified, and rules related to accessing network resources be applied. Dynamically tying access to network segmentation ensures these devices are automatically assigned to secured network segments that have been enhanced with authentication for increased control and flexibility. These network segments can then be monitored to prevent and detect unauthorized behaviors, inspect applications, and secure workflows. And because security and networking are tied together, changes to the network infrastructure automatically include changes to security.
- Consistent protection. Because data collected from across the network needs to be shared, cross-referenced, mined, and processed, security-driven networking must protect data, applications, and workflows along their entire data path. Protection needs to consistently cover different network segments, dynamic multi-cloud environments, data centers, and devices.
- The network perimeter. As organizations embrace new devices, new network platforms, and new compute and application models, the network perimeter necessarily fragments while expanding outward. But the perimeter is also expanding inside the network through the adoption of connected IoT devices, the extension of the network across multiple network environments, and the interconnection of networks to support smart systems. A security-driven network approach provides consistent visibility across the entire perimeter, both inside and out, as the network adapts and changes.
- Branch offices and secure SD-WAN: Traditional MPLS connections limit application performance and dynamic communications. By combining NGFW appliances with advanced SD-WAN networking capabilities, organizations can eliminate MPLS-required traffic backhauling, prioritize business-critical applications, and improve overall user experience without ever compromising on security.
Securing Evolving Infrastructures
The network may not be dead, but it is certainly evolving at an unprecedented rate with the convergence of networks and security. And security-driven networking is an essential strategy to secure today’s dynamic digital infrastructures. With an integrated security platform in place, organizations can embrace digital innovation and expand their digital footprint without exposing critical resources and new attack surfaces to new risks. Instead, the platform offers the flexibility needed to expand and adapt policy and enforcement in tune with the network, while enabling better visibility and control than traditional approaches relying on point solutions can ever provide.
Find out how the Fortinet Security Fabric delivers broad, integrated, and automated protection across an organization’s entire digital attack surface from IoT to the edge, network core and to multi-clouds.