Five Predictions to Impact Enterprise Network Security in 2020
Published 01/10/2020
By Etay Bogner, VP, Zero-Trust Products, Proofpoint
Accelerating developments in security are playing a significant role in the evolution of enterprise networking. For years, the industry has relied on a hardware-centric, trust-based model that has become increasingly inflexible and insecure. Employees are no longer sitting in an office every day, working with local data center-based applications – there are now a wide range of popular cloud-based applications broadly deployed. It is not just that the perimeter is dissolving - security paradigms designed around the idea that users on the local area network (LAN) can be trusted are now considered high risk. As this trend continues into 2020, below are five enterprise security predictions expected to impact networking as business needs and threats both continue to evolve:
1. Security Stack Migration to the Cloud
A fast-moving trend, expected to accelerate over the next 12 months, is that IT professionals will rely less on security protections delivered at the datacenter gateway. Instead, all security intelligence and updates will take place in the cloud. It has been going on for a long time, but now there is a consensus across the industry that the perimeter needs to be defined around the user and data rather than around offices. This means delivering security from the cloud, close to where user workspaces are located. This makes more sense than backhauling user traffic to the data center to consume security services there. Indeed, it eliminates the need to run after vulnerabilities and patch updates. For network security professionals, it’s easier to manage one central policy rather than per-site.
2. Platforms Instead of Products
IT is gravitating toward centralization. The idea behind a more comprehensive platform that enables security services to be chained is that it will remove the need for complex integrations. In the area of network connectivity, this approach must include both network as a service and security as a service. As large enterprises make the transition, it will require numerous points of presence (PoPs) around the world so that it will always be as close as possible to the user or office in order to provide lower latency. Gartner recently formalized this approach and named it Secure Access Service Edge or SASE, a digital business enabler in the name of speed and agility.
3. Developing Technology from the Bottom Up
A large number of vendors have announced their support for the SASE approach for several reasons. First, it encourages vendor consolidation to simplify technology acquisition and management. There has always been a debate between buying security from a single vendor for the convenience or buying best-of-breed solutions from multiple vendors. There is an increasing demand for the convergence of these two approaches. Vendors often buy third-party products to make a complete offering, but the integration (if any) is often rough and cumbersome. The new SASE architecture is an opportunity to deliver a complete offering in a way that is efficient for both the vendor and the enterprise. However, it means developing the technology from the bottom up using modern cloud-scale solutions. Many vendors with large legacy product offerings will have a problem with this.
4. Zero-Trust – Increased Focus on Users and Data
The term Zero-Trust was widely used in 2019. Coined originally by Forrester research in 2010, it referred to a methodology for micro-segmenting the network. Today it has been expanded to a complete ZTX security framework. It makes sense to look at security in terms of what users are doing and what information they are accessing, rather than solely in terms of where their device is connected.
Zero-trust enables administrators to limit the attack surface, continuously verify that users are who say they are, and ensure they are only accessing the data they really need. For most organizations, this is a long transformational journey and we are only at the beginning.
Software Defined Perimeters (SDPs) are a great first step. SDPs offer a simple holistic approach where remote users no longer connect to a physical site, but to a global Network as a Service (NaaS) that provides continuously available secure connectivity. SDPs leverage huge technological advances associated with the megatrend of providing all forms of IT functionality as a service. IT resources within the SDP are typically hidden from public discovery and access is restricted by policy as needed. This removal of IT computing and data assets from general public access reduces the surface area in defense against IT security attacks.
5. Greater Convergence of Networking and Security
The network is now everywhere. Much of the time, the backbone is the internet itself. It is now time to think of the enterprise network as virtual rather than physical and to ensure that the perimeter follows the user no matter where they are. It is no longer possible to separate the network from the security stack. Industry thought leaders are converging architecture and standardizing around this approach.
While the cloud is the first important step for network security, it is not enough. Cloud networking is essential to delivering those services effectively over a true “virtual private network.”
About the Author
Etay Bogner is the former CEO of Meta Networks and now VP of Zero-trust Products for Proofpoint. He is focused on helping organizations provide secure remote access for employees, contractors and partners to corporate applications and the internet. To learn more, download a detailed whitepaper on the subject.