The Emergence of Central Policy Driven Network and Security Convergence

R. Muru

Summary Bullets:

• The majority of network traffic in future digitalized enterprise environments will be outside the enterprise data center.

• Network and security will converge, with central orchestration and policy controls through the ‘as a Service’ delivery model.

The last ten years have seen CIOs proactively prepare their businesses in the modern era by embracing technology. Digitalization continues to make head way as businesses rework their business models and create new services in innovative ways. These include enabling mobile devices to support new services, digitalizing processes, and making use of remote intelligent devices (with data being pushed closer to the edge device) in sectors like manufacturing. In terms of technology maturity, modern digital environments will increase the use of cloud architectures running vendor applications like Salesforce, Zoom, and Office365, enabling big data and artificial intelligence (AI) in centrally configured data centers that now sit outside the enterprise environment. In addition, the growth of any place/any device/any setting, private networks (including 5G), and edge computing, is driving data away from the enterprise data center and closer to the user/device in a distributed manner. Subsequently, from a network and security perspective traditional network and security architectures fall short. Additionally, due to the uptake of cloud applications, the majority of data traffic terminates at public cloud services and branch offices rather than in enterprise private data centers.

From a marketplace perspective, the majority of enterprises have security protecting both the enterprise perimeter and enterprise data center. They also have set ups that externally connect networks to third-party cloud environments running various enterprise applications like Salesforce and Office365. In most cases, many of these cloud-based services will run closely coupled to the enterprise data center, and any form of cloud based proxy solutions, web, and network firewalls protecting the perimeter will be insufficient as the majority of the data will be routed externally at data centers outside the enterprise, with the various orchestration and policy controls in place. In particular, digital environments will promote further networks incorporating SD-WAN (with security at the network) and converge with other security service functions like Cloud Access Security Brokers (CASB) and Firewall as a Service (FWaaS) which are delivered via cloud.

The strategy to centralize security policies across physical, virtual, and cloud based infrastructures, with adequate rules and policies, with correct levels of security based on application and workload, has been discussed many times over the last several years. Subsequently, the market is experiencing a change in vendor strategies, with traditional firewall vendors closely coupling their core security portfolios with their cloud offerings, resulting in an increase in cloud acquisitions by leading players like Cisco, Palo Alto Networks, and CheckPoint. In particular, strategies include promoting existing network and security products in a cloud environment and strengthening the messaging around network and security convergence – e.g., network and security convergence with zero trust, positioning of SD-WAN in a converged setting, and strategies for protecting data.

Recent market acceleration of digitalization has led security vendors and third-party organizations to redefine and reintroduce new proprietary frameworks and solutions. Secure Access Service Edge (SASE) is one of them, which combines WAN and networking security functions, delivered in a ‘as a Service’ model to support secure access needs in future digital environments. The premise of SASE is that security capabilities are delivered as a service base on the identity of the entity, with real time context and zero trust.

Overall, converging network and security with centrally controlled policies delivers a number of benefits if executed effectively. These include:

• Delivering security solutions effectively with the right policies in place

• Ensuring adequate security measures at key focal areas within the overall network environment (internally and externally)

• Improving performance/latency in applications like unified communications & collaborations (UCC)

• Flexibility and agility to introduce security solutions quickly ‘as a Service’ without the need for significant investment in enterprise hardware.

However, the market is in its infancy in embracing a fully converged network and security environment with centralized policy control delivered ‘as a Service’. There are a number of vendors jumping on the SASE bandwagon while maintaining their proprietary frameworks as a way of reinforcing their market messaging. However, there are a number of hurdles to overcome to make frameworks like SASE mainstream. Some of these include changing the CISO mind-set in how they view their security environment, complexities and implications in how networks and security will fully converge and policies work without further complicating the enterprise security architecture, and lastly the lack of willingness of some leading vendors with core legacy portfolios to completely embrace network and security convergence due to potential cannibalization of core revenue streams. However, as enterprise digital environments evolve and change, and new architectures come in to play, particularly with the maturity of 5G, we would expect better and more innovative models which address the network and security convergence story.