Network security has changed drastically in the last 10 years. Gone is the old perimeter-based defense model. The rapid expansion of cloud computing and the explosion of remote work that accompanied the COVID-19 pandemic have led to the adoption of two complementary but different models of network security: zero trust and secure access service edge (SASE).
Once upon a time, an organization's networks had a physical limit. When you got to the office and booted your PC, you were on the network. If you left the office, you could no longer reach the network.
Network security was correspondingly simple.
"All you needed was the edge perimeter firewall, and that was your network security because everything was just a flat network," says Julian Mihai, CISO at Penn Medicine in Philadelphia.
That started changing around 2000 with the deployment of enterprise VPNs and home broadband internet access. But even then, when a worker logged in from home using a VPN, the organizational network still had an "inside" and an "outside," and the VPN provided access to the "inside." Once "inside," a worker often had unrestricted access to most of the network.
That's not the case today. In the zero-trust and SASE models, the network is everywhere, almost every organization has assets in the cloud, and anyone or anything can join the network with the right credentials.
"You need to think of security holistically," says Aviv Abramovich, head of security services product management at Check Point. "Your network actually extends to the employee that sits at home in their slippers, reading their email on their bring-your-own-computer connected to their personal Wi-Fi router at home."
Two other factors affecting modern network security have been the proliferation of powerful, modern smartphones and the parallel development of "smart" TV sets, voice assistants and other appliances.
The ubiquity of smartphones means that tens of millions of pocket-sized, privately owned and managed personal computers join enterprise networks every workday. Network-security staffers must secure and sanitize inputs from these devices, a task made easier by zero-trust models that assume every device is potentially hostile.
The addition of a smart TV, smart refrigerator, or rogue embedded device to the workplace network (or even connecting remotely) creates another avenue of attack which can likewise be mitigated by zero trust.
The zero-trust model uses identity rather than location relative to the perimeter to grant access. More importantly, the zero-trust model does not give users free range through the network.
Instead, users must authenticate themselves when accessing new areas and resources, even if they have already logged in. The zero-trust model also works well for legacy, on-premises networks.
"The fact that I trusted you two minutes ago doesn't mean I trust you now," Abramovich says. "Maybe you, in those two minutes, managed to get malware on your laptop, or wherever you're accessing, and now I have to take that trust away."
Zero trust began to gain ground after 2010. Thats when Google implemented, then evangelized, its BeyondCorp zero-trust model and Forrester Research published a now-famous paper called "No More Chewy Centers: Introducing the Zero Trust Model of Information Security."
But zero trust in practice really took off in early 2020 when the COVID-19 pandemic suddenly created hundreds of millions of remote workers around the globe.
"[COVID] definitely accelerated something that already started before: the need to work from my phone, work from my computer, work from home, work from a cafe, work when I travel, and so on," says Abramovich.
A corollary to zero trust is the principle of least privilege, which states that no user should be granted more system permissions or privileges than necessary to carry out an assigned role.
"The reality is you're going to have a threat actor on a trusted asset on your network," says Mihai. "Without having the zero-trust approach, on the network, on the applications, you're not going to be able to contain that threat effectively."
Zero trust also resolves some of the issues associated with cloud computing, which removed assets and workloads from the safe cocoon of perimeter defenses. Because the zero-trust model is centered around identity rather than geography, it makes it easier to protect cloud assets that could physically be anywhere.
Secure access service edge (SASE) and its sibling, security service edge (SSE), are more specialized in their use cases than zero trust.
The best use case for SASE is a large organization with many offices spread across a wide area. Instead of trying to replicate a perimeter-based network with hard-wired or VPN connections between branch offices and the central headquarters, SASE creates a software-defined wide area network (SD-WAN) that can be governed from the cloud.
SASE extends network protections to regionally dispersed points of presence (POPs), to which users can connect locally instead of to a far-off data center. Because the network is cloud- and software-based, it doesnt need to "be" anywhere, which means it can also reach employees working at home.
To protect this virtual network, SASE employs a cloud-based firewall, aka a firewall-as-a-service (FWaaS) to enforce company network policies; a secure web gateway (SWG) to monitor user web traffic and block malware; and zero-trust network access (ZTNA), which applies zero-trust principles to all access requests.
Most SASE implementations include a cloud-access security broker (CASB) to monitor and control traffic to cloud applications and instances.
"There are customers that secured [their] cloud and they are not using SASE," says Abramovich. "SASE is more of an architecture where you have SD-WAN on the branch and firewall as a service in the cloud."
Some SASE and SSE setups add data-loss-prevention (DLP) systems, domain-name-system-layer (DNS-layer) security or intrusion-prevention or intrusion-detection systems (IPS/IDS). Alternatively, the FWaaS or SWG may provide some or all those protections.
SASE was first defined in a Gartner white paper in 2019. Two years later, Gartner acknowledged that many organizations without branch offices, or without any offices at all, had no use for SD-WAN. It came up with SSE, which preserves the FWaaS, SWG, CASB and PoP components of SASE and lets ZTNA handle the secure network connection.
Network security in the cloud requires "cloud-native" security tools that can follow each asset, each set of data and each user and create protections around them individually. This software, and its associated techniques, may not be familiar to security practitioners accustomed to on-premises networks.
In addition to CASB and ZTNA, these tools include cloud security-posture management (CSPM), a cloud workload protection platform (CWPP) and the more encompassing cloud-native application protection platform (CNAPP).
Naturally, licensing and implementing these cloud-native tools, and training your staff to run them, is expensive. Some organizations may need to expand their security staff to keep up with the expansion of their cloud assets.
However, the old ways also still apply, and you shouldn't throw out those legacy network-security tools just yet.
In a recent survey of 202 IT and security managers and decision-makers conducted by CyberRisk Alliance, 96% of respondents said their organizations had at least some workloads in the cloud.
But only 16% of respondents said that more than three-quarters of their workloads were cloud-based, meaning that almost all respondents were running networks that were hybrids of cloud and legacy elements. "The vast majority [of organizations] have traditional networks [that] are being augmented by cloud and other types of new technologies," says Abramovich. "Perimeter defense is still very relevant for all of those organizations."
Read more from the original source:
From the perimeter to SASE: The evolution of network security - SC Media
- Open source cloud computing slow to catch on, survey finds [Last Updated On: October 5th, 2012] [Originally Added On: October 5th, 2012]
- Oracle CFO: no acquisitions needed to compete in cloud [Last Updated On: October 5th, 2012] [Originally Added On: October 5th, 2012]
- IDC Survey: U.S. Corporations Aim to Tackle IT Challenges with Cloud Computing [Last Updated On: October 5th, 2012] [Originally Added On: October 5th, 2012]
- Where does the ICO's new cloud guidance take you? [Last Updated On: October 5th, 2012] [Originally Added On: October 5th, 2012]
- ChinaSoft International Signs Strategic Cooperation Agreement with Alibaba Cloud Computing to Develop PaaS Platform [Last Updated On: October 5th, 2012] [Originally Added On: October 5th, 2012]
- IT Leaders Forum: Shedding light on cloud computing [Last Updated On: October 5th, 2012] [Originally Added On: October 5th, 2012]
- Oracle Public Cloud Computing [Last Updated On: October 5th, 2012] [Originally Added On: October 5th, 2012]
- Oracle Cloud Computing - Video [Last Updated On: October 5th, 2012] [Originally Added On: October 5th, 2012]
- Cloud Computing 101 - Video [Last Updated On: October 5th, 2012] [Originally Added On: October 5th, 2012]
- Lenovo Gets Into Cloud Computing - Video [Last Updated On: October 5th, 2012] [Originally Added On: October 5th, 2012]
- Cloud Computing Certification Training | Cloud Computing Training By Simplilearn - Video [Last Updated On: October 5th, 2012] [Originally Added On: October 5th, 2012]
- Cloud Computing - Video [Last Updated On: October 5th, 2012] [Originally Added On: October 5th, 2012]
- Succeeding or Failing with Cloud Computing - Video [Last Updated On: October 5th, 2012] [Originally Added On: October 5th, 2012]
- Demystifying the Cloud - Video [Last Updated On: October 5th, 2012] [Originally Added On: October 5th, 2012]
- N: Cloud Computing, Syria PM Defects, US to Clean Agent Orange and MORE! - Video [Last Updated On: October 5th, 2012] [Originally Added On: October 5th, 2012]
- Cloud Computing - Tv9 - Video [Last Updated On: October 5th, 2012] [Originally Added On: October 5th, 2012]
- AWS 101 Cloud Computing Seminar-Bangalore - Video [Last Updated On: October 5th, 2012] [Originally Added On: October 5th, 2012]
- Trust - The Key to Cloud Computing Growth in Europe [Last Updated On: October 6th, 2012] [Originally Added On: October 6th, 2012]
- Cloud Computing Saves Health Care Industry Time And Money [Last Updated On: October 6th, 2012] [Originally Added On: October 6th, 2012]
- Synnex CEO Kevin Murai: Tablets, Mobile, Cloud Computing (p3) - Video [Last Updated On: October 6th, 2012] [Originally Added On: October 6th, 2012]
- Enterprise computing IS the cloud [Last Updated On: October 8th, 2012] [Originally Added On: October 8th, 2012]
- 44 Percent Of US Execs To Tackle IT Challenges Through Cloud [Last Updated On: October 8th, 2012] [Originally Added On: October 8th, 2012]
- ZapThink Announces Expansion of Cloud Computing for Architects Course [Last Updated On: October 9th, 2012] [Originally Added On: October 9th, 2012]
- Euro Zone Eyes Cloud Computing to Kick Start Economy [Last Updated On: October 9th, 2012] [Originally Added On: October 9th, 2012]
- Advantages, challenges of cloud computing discussed Oct. 10 at NJIT [Last Updated On: October 10th, 2012] [Originally Added On: October 10th, 2012]
- Dell Expands Cloud Client Computing Solutions for VMware View®, Desktop as a Service and Channel Offerings to Europe [Last Updated On: October 10th, 2012] [Originally Added On: October 10th, 2012]
- Cloud West to Focus on Entertainment Delivery, Network Infrastructure, and Investment, More at Nov. 8-9th Forum [Last Updated On: October 10th, 2012] [Originally Added On: October 10th, 2012]
- IBM, AT&T Offer Secure Passage to the Cloud [Last Updated On: October 11th, 2012] [Originally Added On: October 11th, 2012]
- Cloud computing company hits new fundraising heights [Last Updated On: October 11th, 2012] [Originally Added On: October 11th, 2012]
- Cloud computing firm hits new fundraising heights [Last Updated On: October 11th, 2012] [Originally Added On: October 11th, 2012]
- Cloud computing: here we go again [Last Updated On: October 11th, 2012] [Originally Added On: October 11th, 2012]
- Chinese Want to Put Computer 'Brains' in the Cloud [Last Updated On: October 11th, 2012] [Originally Added On: October 11th, 2012]
- CenturyLink Unveils Cloud Product [Last Updated On: October 12th, 2012] [Originally Added On: October 12th, 2012]
- Cloud Security Evolves in Wellington [Last Updated On: October 14th, 2012] [Originally Added On: October 14th, 2012]
- 2X ApplicationServer XG Joins the Intel AppUp SMB Service Hybrid Cloud [Last Updated On: October 15th, 2012] [Originally Added On: October 15th, 2012]
- Piston Cloud to Exhibit and Present at the 2012 OpenStack Summit in San Diego [Last Updated On: October 15th, 2012] [Originally Added On: October 15th, 2012]
- How to get your first cloud computing job [Last Updated On: October 15th, 2012] [Originally Added On: October 15th, 2012]
- DreamHost Adds Public Cloud Computing Service: DreamCompute [Last Updated On: October 15th, 2012] [Originally Added On: October 15th, 2012]
- Aryaka Receives 2012 Cloud Computing Excellence Award [Last Updated On: October 17th, 2012] [Originally Added On: October 17th, 2012]
- Making a Europe fit for the cloud [Last Updated On: October 17th, 2012] [Originally Added On: October 17th, 2012]
- Cisco Execs Plumb The Limits Of Cloud Computing [Last Updated On: October 17th, 2012] [Originally Added On: October 17th, 2012]
- Cloud firm invests in new network [Last Updated On: October 17th, 2012] [Originally Added On: October 17th, 2012]
- AirWatch Receives 2012 Cloud Computing Excellence Award [Last Updated On: October 17th, 2012] [Originally Added On: October 17th, 2012]
- Dell Extends Cloud Client Computing Portfolio with New Solutions Validated by Citrix [Last Updated On: October 17th, 2012] [Originally Added On: October 17th, 2012]
- Pano Logic and Alliance InfoSystems Join Forces to Deliver Zero Client Computing [Last Updated On: October 17th, 2012] [Originally Added On: October 17th, 2012]
- 5 Cloud Business Benefits [Last Updated On: October 17th, 2012] [Originally Added On: October 17th, 2012]
- Alteva Receives 2012 Cloud Computing Excellence Award [Last Updated On: November 1st, 2012] [Originally Added On: November 1st, 2012]
- Open Text profit beats estimates on cloud services [Last Updated On: November 1st, 2012] [Originally Added On: November 1st, 2012]
- Cloud computing improves nurse call system [Last Updated On: November 1st, 2012] [Originally Added On: November 1st, 2012]
- Cloud computing: Top five tax considerations for your business [Last Updated On: November 1st, 2012] [Originally Added On: November 1st, 2012]
- OKI and ISID to Provide Chemical Information System as Cloud Computing Services [Last Updated On: November 1st, 2012] [Originally Added On: November 1st, 2012]
- As Mobile Grows, So Does Cloud Computing [Last Updated On: November 1st, 2012] [Originally Added On: November 1st, 2012]
- IBM Analytical Decision Management SaaS - IBM Cloud TechTalk October 2012 - Video [Last Updated On: November 1st, 2012] [Originally Added On: November 1st, 2012]
- JAX London 2012: Achieving genuine elastic multitenancy with Waratek Cloud VM for Java - Video [Last Updated On: November 1st, 2012] [Originally Added On: November 1st, 2012]
- Microsoft 2020 technology future vision - Video [Last Updated On: November 1st, 2012] [Originally Added On: November 1st, 2012]
- Infinity Cloud Point of Sale and Complete Retail Suite.mp4 - Video [Last Updated On: November 1st, 2012] [Originally Added On: November 1st, 2012]
- Small Business IT Support, Computer Support, Web Design Atlanta - Video [Last Updated On: November 1st, 2012] [Originally Added On: November 1st, 2012]
- Cloud Computing - Simplified - Video [Last Updated On: November 1st, 2012] [Originally Added On: November 1st, 2012]
- How Allied Valve Used the Cloud to Expand in Bakken Oilfield - Video [Last Updated On: November 1st, 2012] [Originally Added On: November 1st, 2012]
- Cloud Computing in the Public Sector - Video [Last Updated On: November 1st, 2012] [Originally Added On: November 1st, 2012]
- Cloud Computing | Sacramento | Data Protection | IT Consulting | Symmetry Managed Servces - Video [Last Updated On: November 1st, 2012] [Originally Added On: November 1st, 2012]
- The Business Value of Cloud Computing - Video [Last Updated On: November 1st, 2012] [Originally Added On: November 1st, 2012]
- GYMNAZO Owner/Coach Michael Hughes is excited about edufii - Video [Last Updated On: November 1st, 2012] [Originally Added On: November 1st, 2012]
- Automation in the age of cloud computing - Video [Last Updated On: November 1st, 2012] [Originally Added On: November 1st, 2012]
- Cloud Computing.mp4 - Video [Last Updated On: November 1st, 2012] [Originally Added On: November 1st, 2012]
- Cloud computing in 2013: a conversation with Appcore's CEO [Last Updated On: November 3rd, 2012] [Originally Added On: November 3rd, 2012]
- Cloud adoption growing in India: study [Last Updated On: November 3rd, 2012] [Originally Added On: November 3rd, 2012]
- Eastday-Microsoft picks city for cloud computing [Last Updated On: November 3rd, 2012] [Originally Added On: November 3rd, 2012]
- Towards a blue sky: How SMEs can avoid Cloud Computing confusion [Last Updated On: November 3rd, 2012] [Originally Added On: November 3rd, 2012]
- Consultancy Services - Video [Last Updated On: November 3rd, 2012] [Originally Added On: November 3rd, 2012]
- Axxis Solutions Sponsors FIBA Technical Seminar on Cloud Computing - Video [Last Updated On: November 3rd, 2012] [Originally Added On: November 3rd, 2012]
- RightScale Webinar: 451 Research Webinar: Cloud Dos and Don'ts - Video [Last Updated On: November 3rd, 2012] [Originally Added On: November 3rd, 2012]
- Apple Technology (Vishwa Bandhu Gupta) - Video [Last Updated On: November 3rd, 2012] [Originally Added On: November 3rd, 2012]
- Mind Tree Ltd. - Video [Last Updated On: November 3rd, 2012] [Originally Added On: November 3rd, 2012]
- BIM Cloud Computing [Last Updated On: November 3rd, 2012] [Originally Added On: November 3rd, 2012]
- Entreda discusses cloud services for small and medium businesses - Video [Last Updated On: November 3rd, 2012] [Originally Added On: November 3rd, 2012]
- Austin IT Company | Computer Networking [Last Updated On: November 3rd, 2012] [Originally Added On: November 3rd, 2012]
- Cloud Computing and Services - After Effects Template - Video [Last Updated On: November 3rd, 2012] [Originally Added On: November 3rd, 2012]
- FieldStorm App Tour - Video [Last Updated On: November 3rd, 2012] [Originally Added On: November 3rd, 2012]
- The Hon Brendan O'Connor's speech: AccountRight Live launch event - Video [Last Updated On: November 3rd, 2012] [Originally Added On: November 3rd, 2012]