Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Management & Strategy

Security is Everywhere. Can Your Services Keep Up?

Today’s networks require flexible services designed to accompany efforts to protect any user accessing any service from any location on any device

Today’s networks require flexible services designed to accompany efforts to protect any user accessing any service from any location on any device

Cloud adoption and the rapid transition to remote work have permanently changed how companies do business. And now, as organizations begin to bring employees back to the office using a hybrid work model, organizations have had to deploy highly dynamic and adaptable hybrid networks. These recent changes have resulted in a proliferation of devices and users working from anywhere, which has expanded the digital attack surface and exposed more applications, devices, data, and users to risk. 

Understanding and controlling data, applications, and traffic moving across and between these divergent environments is crucial to maintaining security. But this becomes complicated as hybrid and multi-cloud environments adopt new technologies like zero-trust access (ZTA), zero-trust network access (ZTNA), secure SD-WAN that combine physical, cloud, and endpoint devices into an integrated solution. And it becomes even more complicated when things like identity and access management (IAM) policies and an array of tools designed to protect applications and platforms are added to the mix.

But while the ability to create dynamic environments has rapidly evolved, security services have traditionally failed to keep up. Security services help organizations manage licenses, keep solutions current with the latest product updates and real-time threat intelligence, and ensure their policies and configurations align with critical compliance requirements and regulations. But most security services are still tied to specific silos. As a result, many organizations now struggle to manage the complex array of inflexible siloed offerings with different licensing models they have in place.

License management tends to fall into one of three categories. Device-based licensing is used to support endpoint protection (EPP) and advanced endpoint detection and response (EDR) solutions. Hardware-based licensing is used for physical devices, such as firewalls, IPS, and SD-WAN platforms. And user-based licensing services are the primary solution used to manage cloud-based tools, such as email, identity, and zero-trust network access (ZTNA). But the networks where these solutions are deployed and the users and devices that depend on them are much more fluid. 

In today’s networks, a user, device, or application could be anywhere. This fundamentally changes the networking paradigm from location (Where is a user connecting from? Where is an application located? On what server or in which data center?) to who or what needs to access which resource, regardless of where they might reside. Resource use is fluid and can move between physical, cloud, and end-user edges from moment to moment. Hybrid workers, for example, now need to move between campus and home networks, while applications, data, and workflows can span on-premises and cloud environments. As a result, today’s networks and security architectures are being designed to support distributed resources, cloud-based platforms, and remote workers. But static service models can bring all of that to a standstill.

Today, CISOs struggle to accurately forecast spending for advanced security use cases like ZTNA or SASE because they are a mixture of device-based, appliance-based, and cloud-based licenses. Pricing such solutions can be challenging because traditional licensing models don’t fit. Because they span the traditional services silos, they require custom quotes, making comparisons almost impossible. And the challenges increase when an organization needs to add or reduce security capabilities because budget and needs change due to mixed structures and end dates.

That’s because traditional services models were never designed to support devices and solutions that need to rapidly adapt to shifting business requirements. Inflexible services limit the ability of users, networks, and applications to dynamically adapt to things like shifting connectivity needs, hybrid workers, or applications that may need to move between on-premises data centers and cloud environments. Instead, organizations need services that seamlessly follow users, applications, and data across any environment or form factor. This approach would allow them to build and leverage dynamic environments without the burden of anticipating how many licenses are needed for the different technologies, edges, and solutions in use.

Advertisement. Scroll to continue reading.

New advanced services need to support various use cases on the fly, regardless of where data, applications, and users are operating—especially as resources move back and forth between physical and virtual environments and form factors. Flexible licensing models and services will not only allow true network flexibility but enable organizations to quickly deploy new technologies designed for highly dynamic networks and distributed solutions, such as ZTNA, SD-WAN, and SASE.

Today’s networks require flexible services designed to accompany efforts to protect any user accessing any service from any location on any device. Unified services need to secure the organization across any network, endpoint, or cloud with simplified consumption and unified licensing models for any use case or form factor. Advanced services designed for the way companies do business will enable organizations to run their business the way they need, enjoying the flexibility such environments provide while knowing that their hybrid networks and users are always secure because their licenses and services can adapt with the network.

Written By

John Maddison is EVP of Products and CMO at Fortinet. He has more than 20 years of experience in the telecommunications, IT Infrastructure, and security industries. Previously he held positions as general manager data center division and senior vice president core technology at Trend Micro. Before that John was senior director of product management at Lucent Technologies. He has lived and worked in Europe, Asia, and the United States. John graduated with a bachelor of telecommunications engineering degree from Plymouth University, United Kingdom.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Identity & Access

Zero trust is not a replacement for identity and access management (IAM), but is the extension of IAM principles from people to everyone and...

CISO Strategy

SecurityWeek spoke with more than 300 cybersecurity experts to see what is bubbling beneath the surface, and examine how those evolving threats will present...

CISO Conversations

Joanna Burkey, CISO at HP, and Kevin Cross, CISO at Dell, discuss how the role of a CISO is different for a multinational corporation...

CISO Conversations

In this issue of CISO Conversations we talk to two CISOs about solving the CISO/CIO conflict by combining the roles under one person.

CISO Strategy

Security professionals understand the need for resilience in their company’s security posture, but often fail to build their own psychological resilience to stress.

Malware & Threats

The NSA and FBI warn that a Chinese state-sponsored APT called BlackTech is hacking into network edge devices and using firmware implants to silently...