By Corne Mare, Director, Security Solutions, Fortinet Australia
Digital transformation is moving technology from the backroom to the boardroom. Indeed, tech is becoming the very foundation of an enterprise’s value proposition. Think Apple, Amazon, Uber and Alibaba. Digital transition is transforming the way we engage with staff and customers and the way we create and deliver value. Digital transformation has been dubbed the ‘fourth industrial revolution’ and it’s happening in your industry, ready or not.
As your enterprise undergoes digital transformation, your network is transforming itself as well. Multi-cloud access, software-defined wide area networks (SD-WAN), artificial intelligence (AI) and the Internet of Things (IoT), combined with the ubiquity of remote and mobile users, are significantly expanding the attack surface. The whole concept of the network edge is fast becoming obsolete. Every node, every device and every connection is now an ‘edge’. The question you have to ask yourself - ‘is my security provider transforming their solutions to keep up with the pace of change?’.
Security challenges in a transitional network
The two key security challenges: The first involves maintaining effective and consistent policy enforcement at each edge regardless of platform. The second is about creating consistent security amongst the various edges in terms of visibility, control, communication and threat intelligence. As your network decentralises, the need for centralised, coordinated security becomes even more important. Point solutions don’t cut it anymore. The trend is for an integrated network fabric that protects every edge – cloud, endpoint and WAN.
The cloud edge: Most cloud security deployments can’t provide consistent security enforcement simply because there are so many variations. This impacts security, functionality and performance making it difficult to maintain consistent policy enforcement. Single cloud security solutions operate effectively, but in a multi-cloud deployment they may have challenges communicating with devices in another cloud environment. Resolving this challenge requires the use of connectors for single-click deployment into a cloud, as well as automatic translation between clouds for consistent security enforcement and communication.
The endpoint edge: End user devices are smarter, faster and highly mobile exposing enterprises to risk due to loss, theft, malicious apps or connecting to compromised public access points. Additionally, IoT devices are not only inherently insecure, many can’t even be updated or patched, making them a preferred target by cybercriminals.
To fully protect the endpoint edge you have to be able to identify devices at the moment of access, encrypt all communications at network speeds and apply the appropriate policies and segmentation rules without human intervention. Plus you need to be able to automatically secure new devices as they deploy on your network. And everything needs to be monitored in real-time, again without manual intervention.
The WAN edge — Software-defined wide area networks establish connectivity for communications and mission-critical applications with multiple locations and resources through meshed VPN connections over the public internet. Unfortunately, many SD-WAN solutions only provide limited – if any - security functionality. This means that enterprises must develop and deploy an ad-hoc security solution to secure each branch connection and environment.
To be effective, a secure SD-WAN needs to provide advanced routing functions and performance enhancements - such as transport agnostic WAN traffic optimisation - as a fully-integrated suite of security tools. These tools must be able to interoperate with security solutions deployed elsewhere (ie the cloud and endpoint edges) and seamlessly extend consistent security functionality, performance and enforcement across the entire network.
It is becoming increasingly clear that consistent, integrated, real-time security needs to be embedded at every edge. This security will have to leverage machine learning and AI so autonomous decisions can be made at digital speeds. And each edge’s security profile will need to integrate seamlessly and consistently in concert with the security deployed at the other edge environments, in-house, remotely and into the cloud.
It is essential to view each edge as an integral, inter-related node in your security deployment. The logical conclusion is to adopt an integrated security fabric architecture that can be extended as new network environments (keep your eyes out for 5G) are adopted, without sacrificing functionality, speed, visibility or centralised control. A single, holistic security strategy helps customers with their risk buy down. It comprises interconnected solutions that provides a comprehensive approach that is not only manageable and cost effective, but also fluid enough to adapt as networks undergo constant change to reduce risks. And that’s exactly what Fortinet is all about.
Fortinet (NASDAQ: FTNT) secures the largest enterprise, service provider, and government organisations around the world. Fortinet empowers its customers with intelligent, seamless protection across the expanding attack surface and the power to take on ever-increasing performance requirements of the borderless network - today and into the future. Only the Fortinet Security Fabric architecture can deliver security without compromise to address the most critical security challenges, whether in networked, application, cloud or mobile environments. Fortinet ranks #1 in the most security appliances shipped worldwide and more than 375,000 customers trust Fortinet to protect their businesses. Learn more at http://www.fortinet.com, the Fortinet Blog, or FortiGuard Labs.
About the author
Corne Mare is Director, Security Solutions at Fortinet Australia. As such, it is his business to know what’s happening in the cybersecurity world and help enterprises secure their transitional networks without sacrificing speed, functionality or control.