As organizations contend with challenges from the ongoing COVID-19 pandemic and a new ¨work from anywhere¨ (WFA) normal, the adoption of cloud-hosted services continues to accelerate. Traditional security solutions were not designed with the cloud in mind. The concept of backhauling traffic to a centralized data center worked when all applications resided there.
These architectures provide a poor user experience, increase security risks and are expensive in the new context, with increasing traffic from users in branches, and applications moving to the cloud.
Zero Trust, Zero Trust Network Access (ZTNA) and Secure Access Service Edge (SASE) in a cloud-first world
Zero trust demands that all users, devices and application instances must prove they are who or what they pretend to be and that they are authorized to access only the resources they seek regardless of whether they are sitting within or outside the network perimeter. Legacy network security solutions may not yet incorporate the concept of Zero Trust, and IT security model for identity and access management.
ZTNA is a set of technologies that operates on a Zero Trust framework, and gives users seamless and secure connectivity to private applications without ever placing them on the network or exposing apps to the internet.
WAN and Security Architectures
SASE is the combination of an advanced SD-WAN edge deployed at the branch and comprehensive cloud-delivered security services.
Traditionally, all application traffic from branch locations traversed over private MPLS services to the corporate data center for security inspection and verification. This architecture was appropriate when applications were hosted exclusively in the corporate data center. Now that applications and services have migrated to the cloud, the traditional network architecture falls short. Because internet- destined traffic must first traverse through the data center and corporate firewall before reaching its destination, application performance and user experience suffers.
With the increase in remote workers connecting directly to cloud applications, traditional perimeter-based security is insufficient. By transforming WAN and security architectures with SASE, enterprises can ensure direct, secure access to applications and services across multi-cloud environments, regardless of location or the devices used to access them.
To realize the full promise of digital transformation enterprises will need to transform both their WAN and security architectures. SASE is the convergence of SD-WAN edge and cloud-delivered security capabilities. Advanced SD-WAN capabilities integrated with modern cloud-delivered security services ensures consistent policy enforcement and access control for users, devices, applications, and IoT.
An enterprise can start with modernizing its WAN or its security, but to realize the true value of cloud investments, both must ultimately be addressed.
Advanced SD-WAN capabilities to fully enable SASE:
- First-packet application identification to enable granular steering
- Automated, daily cloud-application definition and address table updates
- Automated orchestration with cloud-delivered security services
- Automatic failover to secondary cloud security enforcement point if primary is unreachable
- Automatic reconfiguration if a closer enforcement point becomes available
- Enable enterprises to implement a SASE architecture at their own pace
- Avoid vendor lock-in to provide freedom of choice to adopt new security innovations
Business benefits for enterprises:
- Improved business productivity and customer satisfaction
- Enhanced, consistent security policy enforcement across the enterprise
- Reduced risk and brand image protection
- Increased IT efficiency and lower overall WAN and security costs
- Automated deployment and management of WAN and security solutions
- Improved application performance and reliability
- Ability to evaluate and integrate new security technologies as they emerge