Employee mobility, cloudification, and the Internet of Things (IoT), are all driving digital transformation, with companies becoming increasingly aware that they need to embrace new digital technology to remain competitive. This drive to go digital, along with the quickly evolving threat landscape, demands the constant retooling, updating, and maintenance of a complex, sprawling security architecture. The traditional hardware-based approach is no longer appropriate, particularly when it comes to security updates and externally accessing company data. Indeed, network security appliances working in isolation can also make it difficult to get a comprehensive view into threat activity, and the management headaches associated with a multi-vendor security environment just seem to get worse. As such, organisations are rethinking their security requirements and developing an approach that ensures their organisation is secure, while also allowing them to evolve.
The classic company network has served its time
Whilst traditional network security made sense when every application was hosted in the data centre and users were connected to the network, in today’s cloud era, this is no longer the case. The world of work has moved away from the centralised model and is now structured with an increased level of flexibility. Not only are applications such as Office 365 set up in the cloud, but data is also stored there.
For some time now, employees have not been tied to a fixed desk at one location. Employee mobility has become part of our day-to-day working life, meaning mobile devices are increasingly being used to access data and applications outside the company network. Indeed, today’s employees are much more location-fluid, wanting to work from home, the airport, on the road, or the coffee shop around the corner.
In addition, in order to achieve a higher level of productivity, companies have been moving away from the single branch model. The classic company network is now outdated and a new infrastructure is required that permits quick and secure user access to data and applications, both on the network and in the cloud. We are subsequently seeing the internet emerge as an alternative to traditional MPLS networks, which, unsurprisingly requires a very different security strategy.
Whilst traditional network security made sense when every application was hosted in the data centre and users were connected to the network, as applications move to the cloud and as users increasingly embrace mobile, the stacks of appliances sitting in the data centre are becoming more and more irrelevant. Companies now need to ask the question of how they will guarantee secure access to their employees and third-party users connecting from various end devices from all locations.
A new WAN approach for increased security in the cloud era
Cloudification, Wide Area Network (WAN) infrastructure and security cannot be viewed in isolation when it comes to digital transformation. Over 200 IT decision-makers were asked about their experiences preparing for a Microsoft Office 365 implementation as part of the TechValidate study “Challenges and Opportunities in Enterprise Office 365 Deployments”. After implementation, many organisations noticed that employees had negative experiences with performance and therefore could not fully benefit from the productivity-related advantages they had hoped for.
This particularly applied if the Office 365 migration did not take place as part of a network transformation and if access to the cloud application suite took place via a traditional hub and spoke network. These networks direct internet traffic through a centralised security gateway via a WAN before the data traffic reaches the internet. Because of unsatisfactory network performance, companies had concerns about direct internet connections for their different sites.
Traditional hub-and-spoke architectures and security technologies are not built for cloud applications but replicating the network security stack at every branch is prohibitively expensive, adds to management burden, and increases complexity. If businesses try to compromise by using only on-premises next-generation firewalls or VNFs, it will leave locations vulnerable. It is therefore crucial that local breakouts are adequately secured without complicating the network. Businesses need to make sure they are able to prioritise critical applications such as Office 365 over the likes of YouTube and streaming media, and that they have the ability to define and immediately enforce security and access policy changes across all locations.
Automating IT security through the cloud
The process of relocating applications in the cloud and network infrastructure is another aspect that should be considered as a package deal, and not two individual problems. Local breakouts of internet data traffic in each branch mean that an adequate security concept is required at each site. In the cloud era, a hardware-based model is no longer appropriate as this not only entails high procurement outgoings but also maintenance costs. Legacy organisations often have traditional security appliances that create a hard perimeter around their data centre, which unfortunately does not lend itself to a fully secure environment in the era of cloud adoption and digital transformation.
When it comes to security updates, manual interaction often proves too slow and error-prone to stand up to today’s intelligent cyber-attacks, which are constantly and efficiently evolving to find new ways to breach a network. To recognise today's targeted attacks, a high degree of integration of various security mechanisms is required, combining web security, URL filtering, sandbox technologies, and next-generation firewalls with one another. This way, log data can be quickly correlated and malware can be automatically analysed and blocked.
While there are multiple challenges to be faced with the current complexity of digital transformation, organisations need to be looking at cloud-centric solutions when it comes to their digital transformation as opposed to quick fixes that save costs in the short run. As the cloud successfully covers the requirements for many business fields, a cloud-based security approach is a high-performance option which comes with the required high degree of automation. The cloudification aspect of digital transformation allows businesses to see continuous cost reductions and customer service improvements, thus greatly increasing their digital preparedness. Furthermore, updates take place automatically within the cloud, which means the company is also protected against advanced threats; all of which help companies meet the requirements of modern-day digitisation.
Mathias Widler, Managing Director of Zscaler
Image Credit: Wichy / Shutterstock