Defending Distributed Networks with Zero Trust Edge

For more than a decade, there has been a trend towards a more distributed enterprise network edge. It started with the introduction of cloud computing and the increase in employees using personal devices to connect to the network, aka bring your own device (BYOD). The rapid move to a work-from-anywhere model that began last year accelerated the trend. Today, off-network workers, devices, applications, and the “branch of one” home network are a central part of many enterprise networks. And more changes are coming with 5G, which promises to increase the performance and reliability of remote devices and services. The rise in 5G is also fostering new edge computing strategies that move data, applications, compute resources, and storage closer to end-users

IT teams are struggling to manage these ever-widening distributed networks with their growing number and diversity of devices, users, and applications. The changes have revealed weaknesses in remote access security, and cybercriminals have moved from directly attacking core networks to targeting edge environments. They have been quick to exploit home network vulnerabilities and the lack of security awareness of remote workers. Some recent ransomware and other high-profile attacks that have targeted critical infrastructure originated from users and devices connecting remotely to a core network.

Because many highly distributed networks have a hybrid IT architecture with a mix of both on-premises and remote locations, Zero Trust Edge can be an effective cybersecurity approach.

The zero-trust security model is based on the principle that every device or user is potentially compromised, and therefore every access request must be authorized. And even then, users and devices can only access those resources required to do their job and nothing more. This same approach is now being applied to the remote edges of the network and helps ensure the critical convergence of security and networking is applied everywhere. With Zero Trust Edge, security seamlessly adapts to dynamic changes in the underlying network infrastructure, including connectivity, while providing explicit access to applications based on user identity and context.

Zero Trust Edge is an example of security-driven networking, which converges security and networking everywhere across the network to provide secure access to critical applications and resources, whether users are on-premises or accessing resources through the cloud. Organizations need a Zero Trust Edge solution that can:

  • Securely connect all offices everywhere – Connections must be provided to every datacenter, multi-cloud, and software-as-a-service (SaaS) environment. In addition to providing reliable connectivity and on-ramp cloud, solutions should include advanced security that enables dynamic segmentation and digital experience monitoring.
  • Maintain an optimized user experience – Today’s business runs on applications, and users such as employees or customers need secure access to any application and service from any device regardless of location. A Zero Trust Edge solution should include comprehensive web security from the cloud with multiple layers of defense and artificial intelligence-powered web filtering, video filtering, DNS filtering, IP reputation, and anti-botnet service. The solution should have the ability to address data loss prevention and protect mobile users with in-line cloud access security broker (CASB) integration.
  • Secure the hybrid enterprise and remote workforce– Traditional perimeter-based security becomes less effective the more distributed a dynamic network becomes. Zero Trust Network Access (ZTNA) should be used to secure access to critical applications and resources, no matter where users, devices, or resources may be located. Unlike a traditional VPN, ZTNA provides access to users per application based on identity and context.
  • Converge security and networking into an integrated system – Adding security as an afterthought, especially to highly dynamic environments, inevitably leads to higher deployment and overhead management coupled with diminished user experience. To be effective, security and connectivity functions need to operate as a single, unified solution that provides consistent policy distribution, orchestration, and enforcement for deploying consistent security everywhere, both for on-premises and remote users.

An effective Zero Trust Edge solution reduces complexity, ensures consistent security, and maintains optimal user experience. A fully integrated solution secures the mobile workforce with direct access to SaaS for cloud on-ramp optimization and a seamless, fluid user experience for remote users who rely on a variety of devices, access points, and connectivity methods to do their jobs. A Zero Trust Edge solution that functions as part of a converged networking and security strategy across all edges provides a better digital experience and protects the organization from cybercriminals looking to exploit weak links in their distributed networking model.

Instead of attempting to build a Zero Trust Edge solution from a collection of point products, a better approach is to use a unified platform that can be deployed consistently to any edge. A platform approach to securing the distributed network helps ensure consistent visibility and control. It enables security and networking to work together so protections can follow end-to-end applications and workflows. Administrators can see and manage every user, device, and application in use and identify and respond to unusual behaviors happening anywhere across the network.

Zero Trust Edge can connect and secure distributed networks, both on-premises and in the cloud. But solutions must be carefully evaluated to ensure consistent user experience and protection across the entire distributed network. Hybrid networks are a reality for many organizations today, and the connectivity and security solutions they choose need to support that reality.

Discover how Fortinet’s Zero Trust Edge architecture brings networking and security technologies together, both on-premises and in the cloud, to deliver Zero Trust everywhere.

Copyright © 2022 IDG Communications, Inc.

Leave a Comment