Organizations have historically always had to make a trade-off between network functionality and security. A line of business wants to do “X”, but the security teams says they can only do “Y”. Business applications that run fine in trials slow down dramatically when run through edge firewalls for inspection. A fairly new strategy, known as security-driven networking, is about to change all of that.
Some security vendors and IT teams have done their best to address the tension between making businesses fast and keeping them secure. For example, the performance of many security solutions has increased dramatically over the past decade, albeit with a pretty hefty price tag. But until recently, such solutions still only addressed the issues of moving data across a clearly defined perimeter. As the volume of data got larger, and performance requirements got higher, security issues could be solved by simply buying a bigger and faster firewall.
The Problems Have Changed. Security Hasn’t
But today’s problems are entirely different, making the traditional approach to addressing these challenges no longer valid. For example, networks now span multiple network environments, creating a dramatic increase in the edges that need to be protected – the LAN edge, WAN edges, multi-cloud edges, data center edges, remote and mobile worker edges, the OT edge, the expanding IoT edge, and now, even the home network edge.
And worse, these edges are in a state of constant flux. Perimeters are porous, flexible, and increasingly, they are also temporary. Regardless, workflows and applications have to continually access, move, process, and relocate data across these edges. And at the same time, business-critical applications demand consistent performance regardless of the network domains they need to operate within or edges they need to cross, while hyperscale is outstripping the ability of all but the most robust systems to keep up. And additional issues, such as hyperconnectivity between users, devices, and edges, are overwhelming systems attempting to track, manage, and configure connections.
Unfortunately, traditional security tools were never designed to operate in these kinds of environments. Instead, security likes clear rules to follow. It likes to always know where data is coming from, about how much data can be expected, what needs to be done with it, where it needs to go, and where it will return from. All of that is now entirely off the table. As a result, far too many organizations have now reached the point of having to either lower their expectations by limiting growth and innovation or increase their risk by disabling security.
No one should be forced to make that choice.
A New Way Forward is Needed
What’s needed is an entirely new approach to both networking and security. Fortunately, this new approach can take its cue from the way companies are organizing their teams and resources. Historically, security and networking teams were separated, and often working at cross-purposes. Today, convergence is affecting the way people are designing networks and how the functional entities responsible for those networks are working. CISOs and CIOs, for example, are working more closely together than ever. And security and networking teams are not just working together. Security experts are being embedded directly into IT teams across the organization.
Agile companies looking to rapidly respond to, or even anticipate constantly shifting business trends understand that putting these teams together is essential. And how these teams are being structured showcases that now is the time for a security-driven networking strategy. Because the only thing that isn’t integrated are the tools these teams use to do their jobs.
SD-WAN solutions that do not include integrated security is an interesting and valuable case study on the challenges organizations are facing. SD-WAN connections are designed to constantly shift and adjust, replacing one connection that has become unstable with another without interrupting application performance. They also need to monitor application performance to ensure optimal user experience. Adding security as an overlay to such a dynamic, latency-sensitive operation is deeply problematic. Naturally, security protocols cannot be manually reconfigured every time a connection changes. But even a system that is automatically alerted once a change has been made so a security configuration can be automated adjusted still leaves security gaps that can be easily exploited. And inspecting encrypted traffic in such an environment can still completely undermine any performance gains resulting from an SD-WAN deployment.
This lack of an integrated approach is a serious issue, and not just for SD-WAN. There are examples all across today’s businesses. Workflows that span a multi-cloud environment can be bogged down or exposed to risk when security tools deployed in each cloud system cannot communicate with each other. Huge elephant flows of data have to be left unprotected because security cannot dynamically scale large enough or fast enough to secure them. Mobile workers experience different levels of protection whether on or off network. And hyperperformance environments, like gaming networks or financial trading floors—where success depends on split-second transactions, need security solutions that can adapt seamlessly to dynamic network adjustments while performing flawlessly at unprecedented speeds.
Security-Driven Networking Enables the Next Generation of Innovation
Security-driven networking makes all of this possible. It enables organizations to bridge the gap between dynamic networks and the usually static security tools available to secure them. By weaving security and networking functionality into a single, fully-integrated system, organizations can build whatever they want, regardless of how dynamic or scalable.
Want to add a new branch office? Expand cloud operations? Securely add hundreds of new remote workers? Run workflows between different cloud and data center environments? Stream high-performance, latency-sensitive applications to everyone? Security-Driven Networking has you covered because security is already part of the solution.
The implications are significant, especially as new things like 5G, edge networking, and converged smart systems, such as cars, buildings, manufacturing environments, virtual healthcare, and critical infrastructures come online. There is simply no place in this new world for the traditionally isolated security tools most organizations still rely on. Security-Driven Networking is not just a new way to deploy security. It is going to enable the next generation of digital innovation. You simply can’t get there from here without it.
