Bringing networking and security closer together

By

What happens when cloud-based workloads need protection, but traditional approaches aren’t doing the job?

The centre of gravity for essential enterprise data has shifted. Where once it would have resided in a corporate data center, now there is a strong likelihood that it sits in the cloud. A recent survey from LogicMonitor found that 83% of enterprise workloads are now off-premise.
As a critical mass of applications and workloads started to move to cloud a few years back, CIOs had to confront the fact that the network and security layers connecting end users to those workloads were still relying on old school MPLS connections. Pretty soon digital transformation was on everybody’s agenda as people sought networking solutions that were fit for modern purposes.
Transformation was a slow, rolling process right up until early 2020 when COVID struck. In the blink of an eye, everyone was working from home, and the consequence was a massive and chaotic shift for IT teams. Roadmaps towards digitalisation shrunk, overnight. But COVID was really just fuel on the fire for a trend that was already there – one that looks like it is going to separate the winners from the losers in tomorrow’s digitally-driven economy.
It’s against this backdrop that the CIO has become, in many cases, the most important person in an organisation. In a digitally transformed world, it’s the CIO that holds the keys to so much – internal and external communications, collaboration, and the ability to enable everything from remote work to making M&A moves happen as quickly and as painlessly as possible.
Added into the complex mix of contemporary tech issues is the relentless drumbeat of cyber security concerns. Legacy networks leave people vulnerable to terrifying threats like ransomware. There is also the unfortunate fact of the crippling shortage of network security talent out there, adding yet more turbulence to a perfect storm of challenges. Clearly ways need to be found both to transform connectivity away from a legacy past while at the same time integrating security more effectively into the network, all without throwing endless money at the problem, or trying to hire experts to do the job who just don’t exist.

New directions for SASE
In this context it is important to note evolutionary developments in the market for secure access service edge (SASE) solutions, a technology often cited as the panacea to security and networking challenges. Coined by Gartner in 2019, SASE has had a rapid ascent to the top of the ICT agenda, marred slightly by becoming a crowded and at times confusing marketplace where apparently similar but actually markedly different products vie for CIO and CISO attention.
Given that there is not one size of SASE that fits all, decisions have to be made and discrimination exercised. It is important to realise, for example, that when it comes to SASE architecture, technology vendors tend to take either a framework-based or a product-based approach. Some embrace both.
“With the framework approach, which we call a disaggregated SASE, separate network and security technologies have been integrated into a complete SASE deployment,” notes Mauricio Sanchez, Research Director Network Security, SASE, SD-WAN, SSE with independent analyst firm Dell’Oro Group. “The network and security technologies may come from the same or different SASE vendors. Usually, disaggregated implementations consist of multiple policy repositories – one for each network or security service. This distinction becomes important when compared with the product approach.”
This latter approach, which Mauricio Sanchez, Research Director, Dell’Oro Group defines as ‘Unified SASE’, sees “all network and security technologies implemented as a single, tightly integrated product platform with just one policy repository spanning network and security policy.”
In comparison to the disaggregated approach, Unified SASE has numerous benefits spanning the technological and economic spectrum, suggests Sanchez: “For example, the multiple policy repositories in disaggregated SASE may require manual and sometimes difficult policy reconciliation by administrators that the unified SASE avoids due to its more monolithic implementation,” he explains. He notes also that enterprises lacking in specialized networking and security IT teams often go for unified implementations because of the greater simplicity involved.
One company putting the unified SASE approach into action is Aryaka. Its Zero Trust WAN service, based around unified SASE principles, now incorporates a Secure Web Gateway and firewall-as-a-service. It claims the integration is the first of its kind to enable enterprises to enforce security policies across offices and remote users with unified control while delivering application performance and stability.
David Ginsberg, VP Product and Solutions Marketing with Aryaka, argues that it was important to approach security with Zero Trust principles, but without sacrificing application performance: “To truly balance the two requires integration of security and the network on a common platform to observe, manage, enforce, and optimize,” he says. “Now you can securely connect any user, anywhere in the world across a global, software-defined, backbone with security integrated at the edge to access workloads wherever they live.”
A Zero Trust WAN, claims Ginsberg, involves implementing Zero Trust principles from a security perspective, but then tying them into the network: “You can’t just layer security on,” he concludes. “It needs to become part of how you operate the network. You need also a true balance between security and networking, so that security doesn’t always win and impair productivity. Visibility is key too, with everything managed under one control panel.”
Aryaka’s vision clearly chimes with Dell’Oro which has recognized it as the latest technology vendor to deliver a unified SASE solution that combines security and network connectivity. The other three that it has acknowledged in this space are Cato Networks, Versa Networks and VMWare.
Aryaka was also the only managed services provider receiving the designation of ‘Customer Choice’ by analyst firm Gartner in its latest Peer Insights report for North America, EMEA, and ASIA Pacific. According to Gartner, WAN edge infrastructure now needs to incorporate a widening set of network functions, including secure routers, firewalls, SD-WAN, WAN path control and WAN optimization, along with traditional routing functionality.
Another backer of a unified approach to network and security is Christopher Rodriguez Research Director, Security & Trust with analyst firm IDC: “Security modernization is a fundamental requirement given the many new technologies in enterprise IT environments today and the many threat actors that are ready to take advantage,” he notes. “Focusing on a network-only transformation strategy causes a reactionary, siloed approach to security that has proven to be inefficient and ineffective in previous iterations. A holistic approach to network and security transformation provides key business benefits and technological advantages that enable true digital transformation.”
A coherent network and security convergence plan, he believes, is necessary for a SASE rollout that is advantageous from both security and networking standpoints: “The roadmap will look different for every company, but generally, organizations may benefit from a solution that enables a progressive rollout,” he concludes.
The future may then be one of convergence of networking and security based around a single management plane, a distributed data plane, and cloud-hosted control to allow the enterprise to optimize application delivery. As for SASE, it is likely that the convergence of networking and security will be a staging post to a new generation of products that extend the cloud edge to the enterprise edge along with need to deliver a consistent experience with seamless control across cloud and on-prem.

Above, Mauricio Sanchez, Research Director, Dell’Oro Group / Image credited to NetEvents

Categories:

Deja una respuesta

Tu dirección de correo electrónico no será publicada. Los campos obligatorios están marcados con *