By Nick Alevetsovitis
It’s interesting how the conversations with business and IT leaders have changed since last March. Much of that has been around the evolving network.
According to a recent Harris Poll, 59% of Canadian employees regularly worked from home last year, up from only 4% in 2016. And 1 in 3 hiring decision-makers (31%) believe remote work will become the new normal.
Accommodating this change—and the accompanying increased reliance on such things as home offices, cloud-based applications (such as collaboration tools), and the distribution of data and resources across a hybrid network—is one of the most significant focus areas of business leaders. They also understand that this rapid expansion of the network also means a rapid expansion of the attack surface. So their priority is not just about how to take full advantage of their new network environments, but how to properly defend them as well.
And this is just part of the changes that digital business strategies require for Canadian businesses to remain competitive locally and in the world marketplace. Things like the implementation of edge computing and 5G, the continued rapid adoption of IoT, the growing reliance on critical business applications, the transition to a multi-cloud infrastructure, IT/OT convergence, and the implementation of hyperconnected smart systems (buildings, manufacturing plants, critical infrastructures, and even smart cities) all mean that the underlying network has become more critical, more complex, and more interconnected.
It also makes these complex systems of networks more challenging to defend. One attack can take down entire interconnected ecosystems, as the recent ransomware attack on Colonial Pipeline in the US clearly demonstrated.
As organizations consider their long-term IT strategy in light of the challenges of these new environments, I encourage organizations to embrace a more holistic approach that integrates security within the network infrastructure. Security needs to accompany the growth and expansion of the network, not be added later. They need to be part of the same unified system. This integrated approach, known as security-driven networking, puts security where it belongs—at the core of infrastructure decision-making. It also fosters speed and scalability, enabling networks to evolve, expand, and adapt as needed while giving IT teams the confidence that security will automatically scale as they develop new systems and solutions.
IT leaders looking to create a business case for security-driven networking should focus on the four areas where it will pay the most dividends.
First, a security-driven strategy can help provide consistent protection across different network segments, including multi-cloud environments, distributed data centres, and mobile devices—even those off-network. This integrated approach ensures that critical data and applications distributed across the network can be safely accessed, shared, and processed by any user, on any device, from any location because security can follow and protect data, applications, and workflows along the entire data path. Tools like SASE and cloud-based security are the foundations of ensuring consistent protection across a highly mobile workforce.
Second, a security-driven strategy helps establish consistent access control and segmentation. When new devices are added to the network, they need to be automatically identified. Rules dictating access to network resources need to be applied – including instantly assigning them to secured network segments and requiring enhanced authentication while monitoring for unauthorized activity. And they should be limited to only those resources they need to do their jobs, and nothing more. Likewise, access to applications needs to be secured and authorized on a per-use basis. Such strategies are enabled by new security strategies, including zero-trust access (ZTA) for network controls and zero-trust network access (ZTNA) for secure access to critical applications.
Third, as organizations have introduced new network platforms, devices, and applications, their traditional network perimeter has fragmented, creating multiple edge environments as the edge expands outward to encompass new network environments and distributed workers and devices. At the same time, the inside perimeter has also expanded due to connected IoT devices, smart systems, and interconnected environments. A security-driven approach enables consistent visibility and control across the network’s entire perimeter, adapting in step with the network as it continues to evolve.
Finally, organizations can securely prioritize business-critical applications for branch offices by replacing or expanding traditional MPLS connections that can limit application performance and dynamic communications with highly flexible broadband connections. Combining next-generation firewalls with advanced SD-WAN networking capabilities as part of an overall networking strategy can improve the user experience without compromising security.
As networks evolve at an unprecedented rate, the convergence of networks and security into a unified whole is essential. Only when organizations have a fully integrated security platform in place, where security and networking functions operate as a single system, can they expand and innovate without the risk of constantly exposing critical resources and new attack surfaces as the network grows and adapts. This holistic approach provides organizations with visibility and control beyond traditional point solutions, offering the best approach for today’s dynamic and ever-changing networking environments.
