Ensuring that security is applied consistently across an increasingly distributed network is one of the biggest challenges facing many IT teams today. It often starts because the security in place at the local LAN and datacenter edges does not easily migrate to a private or public cloud environments, so new solutions are deployed. And those security tools may not work in new branch offices because the dynamic connections provided by SD-WAN can quickly outpace security solutions designed to protect more static environments. And now, with the recent dramatic increase in remote and hybrid workers, ensuring consistent security is more challenging than ever.
A lot of this is happening because organizations that have had to quickly adopt new digital innovations to support new business requirements have not have time to develop a consistent, over-arching security strategy. Instead, security is a rush job, selected and deployed ad-hoc, applied inconsistently, or far too often, with no plans at all. As a result, enterprises now have an average of 45 security solutions spread out across their distributed networks, and managing and correlating these solutions is overwhelming already overburdened security teams. That’s because most of these solutions do not interoperate, share common threat intelligence, or have centralized management or orchestration, and that compromises visibility and control. In fact, according to IBM’s recent Cyber Resilient Organization Report, the ability of such organizations to contain an active threat has declined by 13% over the past year, driving the cost of a successful data breach to an average of $3.86 million per incident.
Addressing this challenge starts with ensuring security policy is enforceable across the distributed network. This requires a full stack of security solutions that work together in concert to detect and thwart attacks. This goes well beyond the functionality of the usual NGFW solution. A universal security platform today needs to include a broader array of security tools than ever before, including things like web application firewalls, XDR (eXtended Detection and Response), and a secure SD-WAN solution that combined security with essential networking functions like cloud on-ramp, application acceleration, traffic shaping, and self-healing connections.
But even when a security platform that provides all those solutions and services is available, it still only extends to LAN, datacenter, WAN, and cloud edges. But over the past year, organizations have had to adopt an aggressive work from home strategy. So, while a security platform may provide appliance and VM deployment options to support and secure traditional edge environments, home offices and remote workers are outside the network, far from the protections of enterprise-grade security solutions. It’s part of the reason why having a remote workforce increases the cost of a successful network breach by nearly $137,000 per incident, to $4 million. That’s because remote workers have always been the weakest link in any security strategy.
What’s needed is the ability to extend the same security functionality provided by a high-performance appliance at the enterprise LAN and datacenter edge, as a flexible Secure SD-WAN solution at the branch edge, or as a cloud-native solution in private and public cloud edges to the hundreds or thousands of remote workers that must be protected. And the only way to do that consistently and cost-effectively is to deploy the exact same security platform in the cloud as a SASE service.
SASE was originally developed to address the gap created by the lack of security provided by most SD-WAN solutions. Organizations struggled to develop a cost-effective and reliable security overlay solution that could adapt to the dynamic nature of SD-WAN connections. Secure SD-WAN, where security and networking functions are tightly integrated into a single appliance, is an effective strategy. However, there are only a handful of SD-WAN vendors qualified to pull that off. And while Secure SD-WAN is a great solution for branch offices, retail locations, and a handful of corporate super users, it is not a reasonable strategy to secure the now hundreds or thousands of workers in an organization that need their data, workflows, applications, and transactions protected.
A cloud-based SASE solution – especially one built around an enterprise-grade security platform – is an effective solution for remote and hybrid workers. Rather than relying on every user to create a VPN tunnel back into the corporate network, and then backhauling all of that traffic out to cloud-based applications and other services and back, SASE enables remote workers to create direct, secure connections to the applications and services they need through a secure SASE cloud.
Because they run on the exact same platform and common operating system as deployed everywhere else in the network, the security solutions deployed as part of a cloud SASE service ensure that every remote worker receives the exact same security protection, traffic inspection, and threat detection. This also allows security administrators to centrally deploy and orchestrate policies, collect and correlate threat intelligence to detect threats, ensure consistent configurations and policy enforcement, and coordinate threat responses across the entire network so that all users, regardless of their location, are equally protected.
Such a strategy, where security tools are able to work together to enhance visibility and control, also helps ensure that the proper security framework is in place to support the next generations of digital innovation just over the horizon. Security everywhere, all the time, ensures that every device and every user, regardless of their location or how they create, access, share, or store data, are fully protected. It’s really the only way our new digital world is going to be able to work.
Learn more about how Fortinet is empowering hybrid workforces with FortiOS 7.0-powered SASE.
Copyright © 2021 IDG Communications, Inc.