Security-driven networking: The foundation of digital transformation
- By Bob Fortna
- Nov 09, 2020
Digital innovation will transform agencies' network configurations, having an especially critical impact on securing those environments that have seen significant expansion of potential attack surfaces and the deployment of a wide range of new endpoints that require protection. Compared to 20 years ago, today's networks require 50 to 100 times more computing power to inspect and secure traffic than is needed for networking and switching. To adequately protect critical resources and data against new IT security threats, agencies must reconsider their traditional security models as they move forward with modernization.
A security-driven networking approach enables agencies to move away from siloed IT environments and instead integrate their networking and security under a comprehensive and unified IT infrastructure. Using this approach, agencies can defend networks, traffic and network-accessible assets against unauthorized access, data loss and cyberattacks even while the underlying infrastructure adapts to changing circumstances.
Secure access service edge (SASE) and software-defined wide-area network (SD-WAN) technologies are designed to merge security and networking into a single, integrated solution that can rapidly and easily scale and adapt to expanding environments and requirements. These forward-leaning capabilities help agencies better plan for the future while ensuring security remains a top priority even amid ongoing changes.
SASE and SD-WAN as a security umbrella
Government agencies are rapidly acquiring new capabilities and launching new IT systems to address the growing demand for tech-driven services. This growth establishes countless divergent network functions, while the expanding perimeter must be managed and protected. Many traditional security technologies were not designed to keep up with environments in constant flux or monitor and protect perpetually shifting perimeters and resources.
The SASE model secures distributed networks and increases secure connectivity, access control and threat detection capabilities from anywhere on any edge. SASE can improve federal network security by reducing complexity and consolidating essential networking and security functions for multiple networks with one unified management system. With this model, government IT administrators can exercise more control over network access from a single web panel.
SASE and SD-WAN solutions create a dynamic security umbrella that allows the underlying infrastructure to evolve and adapt without compromising visibility or protections. Their centralized network and security management approach provides greater flexibility and increased protection for agencies with geographically dispersed operations, such as the Department of Defense or the State Department. Moreover, this flexibility encourages intra- and interagency collaboration because agencies can perform these activities without sacrificing the security of sensitive information, assets, controls or key network functions.
SASE achieves this by combining network and security functions with WAN capabilities to support the requisite safeguards and access policies between disparate locations and distributed resources. This robust enterprise security strategy brings together the most critical network protection elements, fusing aspects of physical and cloud-based security and seamlessly integrating end-to-end protection.
SASE also addresses the demands of virtual environments, which is crucial as government agencies increasingly depend on cloud applications and migrate operations between environments that enable and support remote work. As agencies implement multicloud strategies, mission-critical networks and data must be secured in all places, on any device and at any time.
And because SD-WAN is a key component of the SASE architecture, a SASE solution can deliver secure, scalable and flexible connectivity across different federal network environments. The result can improve secure access, collaboration, productivity and mission success for a remote government workforce.
Another critical challenge resulting from the government's current telework strategy is that remote workers increasingly rely on personal devices to access federal networks. A recent threat report revealed that cybercriminals exploit these new work arrangements via phishing, ransomware and email-compromise attacks.
SASE helps mitigate these growing threats by offering secure access to cloud-based resources, secure communications between remote users and constant security for remote devices. Agencies can also deploy the SASE security model as a replacement for legacy VPN technologies. Federal employees working remotely can leverage SASE services to access cloud and on-premise resources over a secure channel while maintaining optimal application performance and user experience.
The most effective approach to delivering an effective, integrated system is to embed the networking functionalities of SD-WAN and SASE into a security platform. This approach ensures that connectivity, traffic management functions and advanced security can interoperate as a single, holistic solution. Because these platforms are designed for the heavy lifting required to inspect today's encrypted content and traffic, security will not become a bottleneck for critical applications.
To top it off, SASE and SD-WAN security’s flexible consumption models help government agencies more effectively and efficiently mitigate data vulnerabilities, secure remote work capabilities and react to ongoing network and connectivity changes. This provides government IT administrators with the capacity to quickly adapt to expanding networks and evolving requirements and to do so at scale.
SASE provides comprehensive security services for rapidly evolving requirements by optimizing performance while safely connecting personnel to the networks, applications, data and communications resources needed to accomplish agency missions -- regardless of locale.
The secure path forward
Traditional security solutions no longer provide the level of protection, performance and access control that today's government agencies and missions demand. To address this challenge, infrastructure and security must not only evolve simultaneously but become increasingly integrated. This is the only reliable approach to ensure data protection and secure access to resources whenever and wherever applications are launched. It requires integrating dynamic security solutions into the government's core network elements with a security-driven networking approach.
If agencies build new IT systems and expand their networks without a foundation of fully integrated security, digital innovation efforts could ultimately backfire. The convergence of networking and security improves visibility, encourages the orchestration of security policies and promotes a unified threat response, now and into the future.
Bob Fortna is president and board member of Fortinet Federal Inc.