eWEEK content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More.
To compete effectively in today’s rapidly evolving digital marketplace, most organizations have accelerated their efforts at digital innovation. One outcome has been the rapid expansion of the network edge, including developing hybrid networks that span constantly evolving data centers, campuses, branch offices, and multi-cloud environments. And the transition to a hybrid workforce has added home and mobile work-from-anywhere strategies to the mix.
But digital acceleration is a double-edged sword. One of the biggest security challenges facing organizations is providing consistent protection across their expanding network edge. Each new edge expands the potential attack surface, and cybercriminals have been quick to target these new attack vectors. Over the past two years, we have seen a dramatic rise in attacks, especially ransomware. And many of these occur through the less secure access points of the network edge.
Part of the challenge of protecting the expanding network edge is that the network is expanding faster than traditional security can adapt. Most existing security strategies have been built around isolated point products designed to defend predictable, static network environments—which means they struggle to maintain consistent security when the network they are protecting is in a constant state of flux. And all a cybercriminal needs to infiltrate the network is to breach an undersecured edge and then exploit the implicit trust within the network to move around looking for data to steal and systems to corrupt or hold for ransom.
What’s needed is an adaptive edge security strategy that provides consistent visibility and control no matter where or when new edges are deployed, even when the underlying infrastructure or connectivity elements change. Zero Trust Edge converges networking and security to create an integrated protection framework that can ensure consistent policy deployment and enforcement at every edge. This includes granting explicit, per-session access to applications combined with the continuous validation of user identity and context regardless of how rapidly the network is expanding and evolving.
As with most security strategies, implementing a Zero Trust Edge is easier said than done. But for those organizations looking to embrace digital acceleration without compromising security, a Zero Trust Edge strategy is essential. Here are five steps to follow to simplify the process of ensuring you provide consistent protection and eliminate weak links at the edges of your network.
Step 1. Gather Authentication Tools
Gather together the zero-trust access authentication tools you will need to establish a Zero Trust Edge. These include Zero Trust Network Access (ZTNA), Secure SD-WAN, a next-generation firewall (NGFW), and a secure web gateway (SWG) that includes intrusion detection systems (IDS) and intrusion prevention systems (IPS), a sandbox, a cloud access security broker (CASB), and network access control (NAC). These tools allow any user or device, regardless of location, to be properly authenticated and inspected before accessing any connected resources, whether on-premises or in the cloud.
The key here is interoperability. Using these tools should provide network-wide visibility and consistent monitoring and enforcement end-to-end, even for applications and workflows that need to span multiple environments. These tools should either be consolidated through a single vendor or integrated through a common framework that uses open standards and APIs, ideally on a single, universally deployable platform, to ensure seamless communication, coordination, and enforcement.
Step 2. Add Security Controls
Security controls will need to be hosted both on-premises and in the cloud so every user can be authenticated from any location on any device. And while different tools are required for physical cloud and cloud-based networks, they all still need to work together as an integrated system. This ensures that users are protected, whether on-premises, at the home office, or traveling between them. In addition to working together, these tools also need to support convergence with the underlying networks so that protections can automatically adapt to changes in configurations, connectivity, or scale.
Step 3. Implement ZTNA
Implement ZTNA on every edge and device to enable secure access to on-premises and cloud-based applications for all users. ZTNA clients on end-user devices provide secure connectivity combined with per-session authentication and continuous monitoring to detect and respond to aberrant behavior. A ZTNA solution should also be implemented as part of your edge security solution so authentication and real-time traffic inspection can be a seamless part of the secure access and authentication process. And because the user experience is critical, NGFWs should also be able to inspect encrypted traffic, including streaming video, at wire speeds.
Step 4. Secure Remote Users
Remote users should be directed to cloud-based Security such as firewall as a service (FWaaS) and SWG to provide secure internet access while accessing SaaS applications. Remote users can also access private applications in data-center using cloud-delivered ZTNA enforcement. ZTNA and SWG can work with CASB to monitor and enforce policy for remote users, whether they are working from their home office or traveling between locations. But those solutions need to be integrated into the larger security architecture so that policies can be centrally deployed and orchestrated, and cyber events can be shared and correlated to protect all edges.
Step 5. Control Cloud Application Access
Secure SD-WAN is the foundational technology for controlling access to cloud-based applications from on-premises locations, including data centers, campus environments, branch offices, and retail locations. Unlike traditional SD-WAN, Secure SD-WAN includes a full suite of enterprise-grade security that allows security, network, and connectivity functions to operate as a unified solution. On-premises security is also useful for network segmentation deployment to prevent lateral movement of threats. And with SD-WAN deployed on the same platform as other on-premises access and security tools, organizations can establish and maintain consistent security and networking policy without managing multiple consoles or troubleshooting issues between solutions.
Zero Trust Edge
The Zero Trust Edge approach to securing ever-expanding network edges helps ensure the critical convergence of security and networking everywhere. With a Zero Trust Edge architecture, security can seamlessly adapt to dynamic changes to the underlying network infrastructure, including connectivity, while providing access to applications based on user identity and context. Zero Trust Edge extends enterprise-grade security and provides granular access control to remote workers, providing secure access to the applications and resources they need, whether they are on-premises or accessing resources through the cloud.
Read more about Zero Trust Edge in the recent Forrester report and find out how you can implement an enterprise-wide Zero Trust Edge architecture with Fortinet’s Security-driven Networking approach.