The cloud has become the hub for delivery of digital applications in the modern digital era. Identity as the digital perimeter and data protection are mission critical to foster digital trust, enable service assurance, and minimize enterprise risk. These factors are illustrated and discussed in depth in my article, The Rise of Data Sovereignty and a Privacy Era.
However, the rise of the modern distributed/hybrid work model increases the attack surface for users and endpoints due to phishing, ransomware, and myriad other threats to the now "extended" corporate network. The conventional network edge now transcends the historical "castle and moat" perimeter. Legacy technologies such as Virtual Private Networks (VPNs) do not scale and have been proven to be fraught with risk as evidenced by incidents such as nation-state attacks.
A paradigm shift is needed to effectively combat current and emerging threat vectors by deploying standard security policies and networking controls for endpoints and via dynamic, adaptive access controls. Thus, holistic convergence of network and security operations in this cloud centric digital era is paramount to assure cyber resilience and enterprise business continuity. This article discusses three strategic technology enablers to fulfill these mission critical business objectives: Network observability, Secure Access Service Edge (SASE), and Zero Trust.
Network observability
Whereas hybrid and multi-cloud infrastructures serve as the hub for application and service delivery in the modern digital universe, the modern network is the delivery channel.
However, network monitoring tools generate data and alert overload, which over burdens support staff and complicates problem detection, identification of root causes, and service assurance. Further, the evolution of enterprise architecture increases complexity, extends the attack surface, and introduces threats to enterprise security and privacy.
It is imperative to minimize the blast radius and the enterprise attack surface to protect the enterprise ecosystem. As the cloud fuels collaboration, the security landscape becomes more complex, and risk management becomes mission critical. Thus, modern network management needs new tools.
Legacy vs. modern networks
Challenges of modern networks
• Network state changes dynamically and constantly
• Anomaly detection is harder and far more complex
• Harder to identify deviations from normal and resolve issues
• Excessive alerts may overwhelm IT and Security staff
SecOps & Network Ops business drivers
• Manage alerts
• Correlate incidents
• Resolve problems rapidly
• Eliminate potential problems proactively
• Enhance monitoring effectiveness
• Minimize enterprise risk
• Enable service assurance
• Enhance application uptime
Time for a paradigm shift
There is a great need to leverage diverse data sources to give perspective into network operations and receive quick, automated insights and recommendations to remediate issues and improve performance proactively. This can help eliminate "alert fatigue," which tends to overwhelm IT teams, and support them in their mission to enhance the user experience. This gives rise to Network observability!
Key factors for network observability
• Telemetry: Enable data collection
• Data Collection: Leverage data lakes
• Data Processing & Analysis: Accelerate delivery of actionable insights
• Visibility & Visualization: Deliver real time & trends reporting
• Context & Behavior: Illustrate a holistic view via correlation to aid proactive incident management
• Automation: Generate intelligence driven workflow powered remediation
• Insights & Integration: Leverage diverse data sources via interoperability
• Security & Network Team Collaboration: Break down barriers / enhance user experience
Primary use cases for network observability
• Root Cause Analysis & Troubleshooting
• Network Architecture & Systems Design
• Reporting & Visualization
• Incident Management
• User Experience
• Impact Analysis & Proactive Prevention
Benefits of network observability
• Facilitate data management and control
• Streamline incident management
• Strengthen security
• Foster breach detection and prevention
• Render a holistic enterprise view
• Characterize and understand traffic
• Assure network performance
• Reduce cost and complexity
Secure Access Service Edge (SASE)
Secure Access Service Edge, or SASE, was postulated by Gartner to foster convergence of critical network security architecture components to better combat the burgeoning attack surface and security threats in the cloud-centric modern distributed enterprise. It promotes "Anytime, Anywhere, Authorized" access to cloud applications and requires dynamic visibility and inspection of all network traffic. It unifies networking and security functions via a converged enterprise network, while enabling centralized policy enforcement centered on identity and Zero Trust via a central cloud platform. Principal SASE services in conjunction with SD-WAN are as follows:
- Cloud Access Security Broker (CASB)
- Enables visibility into usage of sanctioned and unsanctioned cloud applications and enables policies and controls to be deployed for appropriate usage
- Next-Generation Firewall
- Implements deep packet inspection and collects advanced threat intelligence to prevent masked intrusions and hidden threats
- Secure Web Gateway
- Enforces corporate content filtering policies to block threats, protect data, and ensure appropriate use of web resources by end-users
- Zero Trust Network Access (ZTNA)
- Validates connections between users and enterprise resources based on Zero Trust principles; requires continuous and periodic trust checks
Primary use cases for SASE
• Data Protection & Regulatory Compliance: Apply policies and controls
• Distributed Work Threat Protection: Assure cyber safety of remote and nomad workers
• Third Party Risk Management: Provide, enforce / revoke "Minimum Necessary" access to third parties
• Virtual Private Network Replacement
Benefits
• Strengthen control of users, data, and apps
• Reduce complexity and costs
• Assure consistent data protection
• Facilitate automated threat intelligence
• Enhance user experience and IT efficiency
• Simplify and harmonize network operations
• Reduced risk and bolster security
• Enhance network performance and reliability
Zero Trust
Zero Trust postulated by John Kindervag has become a unifying force for transforming cybersecurity strategy by reinforcing "Identity as the Digital Perimeter." Zero Trust leverages multiple People, Process & Technology safeguards (layered architecture).
Zero Trust security eliminates the principle of a trusted internal network (castle and moat) and untrusted external networks. In Zero Trust, all network traffic is untrusted! Zero Trust transforms conventional network-based security by changing the focus of security to be centered on users, applications, and data. This eliminates the old castle and moat approach of the network perimeter.
Zero Trust extends the digital perimeter via the principle of "Anytime, Anywhere, Authorized Access" and least privilege (minimum necessary). Business process architecture and data flow mapping are essential for Zero Trust to strengthen access controls before access to applications is granted by dynamically evaluating: User Identity, Device Security, Context, and Session Risk.
Benefits
• Diminish enterprise risk
• Foster business agility
• Strengthen security and privacy
• Enable cost savings and optimization
• Minimize risk of a data breach
• Enhance user experience and productivity
• Combat network-based attacks
• Support regulatory compliance
For further context on Zero Trust and Identity as the Digital Perimeter, please refer to my article, A Question of Identity: The Evolution of Identity & Access Management.
Author's viewpoint
Zero Trust Network Access (ZTNA) is a key part of the SASE technology coalition. However, this does not mean that Zero Trust is a subset of SASE. Whereas Zero Trust is pivotal to SASE, it is a broad based multi-dimensional approach factoring its own set of technologies as well as business process, "human firewalls," cultural change, and security transformation.
Closing
The three strategic macro technology trends in this article are synergistic and interwoven. Collectively, they deliver service assurance, render convergence, enhance operations, strengthen security, minimize enterprise risk, and foster cyber resilience. As such, they are strategic technology enablers for the modern digital enterprise in tandem with People, Process, and other technology safeguards.