Cybersecurity and Managed Network Services: Ensuring a Safe and Secure Business Environment (Part 1 of a 3-Part Series)
It wasn’t that long ago that enterprises had their workers in the office and their applications in the data center.
Infrastructure & Operations organizations could build a castle around them to cover their cybersecurity needs. What little remote access was there, was managed via VPNs. The castle formed a perimeter that defended against external threats. With some level of scrutiny, it made it possible to monitor for any misbehavior or risks internal to this line of defense.
Fast forward a decade or so and we have a completely different situation. In a short period of time, remote working became essential. Employees are no longer within the office space.
In parallel, digital transformation started to accelerate. Today, applications no longer reside in just the data center but are also hosted in the cloud. Additionally, the modes of access have changed – your employees and customers access the net with all sorts of devices, such as cell-phones, tablets, and laptops, in addition to the original desktops.
Clearly the conventional model of a perimeter-based cybersecurity strategy is no longer viable since there is no perimeter anymore. Everyone, your users, their apps, and their devices are distributed with multiple modes of access.
Network-Based vs Identity-Based Access
Traditional security schemes were highly dependent on network-based identification. Access to applications was granted based on locational criteria such as IP addresses or other network- based credentials. However, users, applications and data are all now distributed across the physical and virtual landscape. Any form of location-based security policy is severely challenged to deal with these multiple modes.
This necessitates a move to a different approach. An identity-based access. The core principles of this approach are that no user should be trusted by default, and any level of access that is granted should be tied to the specific application or service the user is accessing.
Zero Trust Network Access
Zero-trust network access describes this model. It provides identity based, context specific granular access to only the applications and services that are associated with an individual user’s role within the organization.
Zero Trust significantly reduces access to lateral services. It essentially fences in the exposure of other business services or applications that might otherwise have been accessible as a matter of course.
Secure Access Service Edge
While Zero Trust has been prevalent for over a decade, the cybersecurity needs driven by digital transformation require a more comprehensive approach to meet the demands of the modern organization. Gartner describes an emerging approach to meeting this requirement:
Digital business transformation inverts network and security service design patterns, shifting the focal point to the identity of the user and/or device — not the data center. Security and risk management leaders need a converged cloud-delivered secure access service edge (SASE) to address this shift.
SASE is a mindset, a model, and an approach based upon the following characteristics:
- Identity-driven access
- Cloud native architecture
- Support of all edges
- Globally distributed model
At its very core, SASE combines network and security functions to provide a multifaceted approach to dealing with the cybersecurity situation faced by modern enterprises.
Every enterprise is unique in the nature of their adoption of cloud technologies, on the composition of their service delivery infrastructure, the distributed access by their users and their maturity in terms of SASE adoption.
Managed Network Services
In light of the cybersecurity threats and the rising move towards a SASE approach, there is a fresh set of requirements that are imposed upon the management of the network infrastructure. Which brings us to the role of managed network service (MNS) providers in the current environment.
As an I&O leader, you are well versed in the benefits, the need and the drive towards outsourcing the management of network infrastructure to MNS providers. In the next installment in this series, we will look at the implications of SASE adoption from the enterprise and the MNS point-of-views.