Build An ‘Everywhere Perimeter’ To Improve Network Security
The adoption of 5G is changing the face of wireless networking.
According toDeloitte conducted late last year, half of the respondents stated they planned to increase their wireless networking investment due to the Covid-19 pandemic. Not too far down on the list were improving network security and supporting the greater bandwidth requirements of remote workers.
The modern enterprise must be able to provide connectivity to a growing ecosystem ofdevices, global workforces and mobile devices that constitute the “everywhere perimeter.” While 5G networks deliver on their promise to enable organizations to provide improved speed and capacity, the everywhere perimeter continues to challenge businesses’ efforts to securely and efficiently connect users to the resources they need.
The requirements of protecting this new landscape have caused IT leaders to look for athat empowers them to implement consistent security policy enforcement at the network edge.
Say Hello To SASE
SASE, or the Secure Access Service Edge, has emerged to address these challenges by marrying Network-as-a-Service with Security-as-a-Service capabilities, such as secure web gateway,, zero-trust access and firewall-as-a-service, while delivering them primarily from the cloud. With SASE comes the possibility of implementing centralized policy enforcement based on identity at globally distributed points of presence (PoPs).
SASE is not a new technology, but rather an example of convergence driven by a combination of factors. First among these factors is that organizations are looking for better and more flexible ways to connect users and office locations to cloud resources and data centers, explains Dave Shackleford, CEO of consulting firm Voodoo Security. When it comes to remote access to services, he continues, a variety of security controls can be applied via SASE through the same cloud service fabric, replacing the need to use a VPN to connect to the on-premises environment before heading back out to internet-based cloud services.
Effectively, the security emphasis is being pushed toward the user and the device.
This approach solves critical problems that organizations are facing as they support a borderless network perimeter where visibility, performance and security consistency are at times difficult to maintain. Recognizing these challenges, some 5G network carriers already offer SASE as a managed service, giving them visibility and allowing them to automatically respond to security incidents. Such services are a good fit for distributed organizations, both large and midsize.
Protecting The Everywhere Perimeter
With each new device, remote user or cloud application adopted, the everywhere perimeter grows, creating potential security and management challenges for enterprises. This is particularly true in the case of cloud access, where enterprises often struggle to apply centralized, consistent security policies that span different types of data center environments. It is not uncommon for cloud platforms to require disparate security tools, which impacts visibility.
SASE offers the potential for more comprehensive visibility and control by delivering a unified approach to security and networking. Using a SASE architecture, organizations can connect geographically separated office locations to the closest cloud gateway, empowering them to deliver secure access to cloud and data center applications alike.
“With SASE, organizations are looking for a centralized toolkit that can be used to protect and monitor traffic and application access across the whole organization,” explains Shackleford, who is also an instructor at SANS Institute. “Moving all users to a federated identity access model that connects to and through SASE services is appealing, and having all remote locations also leverage a single cloud provider fabric with firewall services, bandwidth controls, DDoS protection and more is a very attractive option, too.”
This approach helps enable zero trust, a fundamental element of SASE. A zero-trust architecture is built upon the idea of least privilege and is designed to ensure users have access only to specific resources and nothing else. The combination of services offered through SASE in a unified, integrated solution allows organizations to apply the consistent access controls they need to make zero trust a reality.
“Truthfully, SASE is a convergence story—VPN replacement and Secure Web Gateway (SWG), SD-WAN, CASB, and maybe some cloud posture assessment, too,” notes Shackleford. “As such, it’s still relatively immature, as most providers only have native strengths in some of these areas, not all. To that, organizations should be asking, ‘What is the most important capability for us?’”
As organizations assess their needs, what is virtually certain is that securing the edge of the network is not going to get any easier without them rethinking their approach. The forces driving the convergence of networking and security technology show no signs of slowing. With a SASE architecture, enterprises can deal with their access requirements no matter where their employees reside—creating an everywhere perimeter supported by effective security.
To learn more about security solutions to protect your network, data and business, check out.