This is a summary of a byline article that first appeared on the SecurityWeek website on May 09, 2019, entitled, “The Need for Tiered Security at the Edge.”
When thinking about digital transformation, most people consider things like the cloud, smartphones, and new applications. Some may also consider IoT. But one of the most disruptive results of digital transformation has been the rapid emergence of the edge.
Edge-based networking is replacing the traditional perimeter, enabling organizations to more dynamically expand their networks, build dynamic WAN connections, adopt mobility and IoT strategies, and enable distributed processing. It is also introducing a wide range of new security challenges that can’t be addressed with our current security solutions or strategies.
Any time an endpoint or IoT device, a cloud container, a branch office, or any other configuration connects back to your core environment to deliver or collect data, process information, or run an application or workload, you have created an edge.
The edge consists of several key elements:
Edge Computing: One of the most consistent elements of any network change is to move data as close to the place it needs to be processed in order to respond to events in near real-time. Today, flexibility and mobility are a requirement for many industries, including health care, telecommunications, manufacturing, and finance. Supporting this requires moving data closer to the edge.
Edge Devices: And any device with a discoverable IP address is an edge device. They can be smart consumer devices such as phones and watches and cars, devices deployed at a branch office—such as specialized routers, integrated access devices (IADs), multiplexers, SD-WAN solutions, or even containers in the cloud.
Multi-Edge: Combining these elements together creates multi-edge environments, such as using an SD-WAN connection to enable interconnectivity with other branch offices, back to the core data center, out to mobile users, along with separate connections to the public Internet and to cloud applications.
There are currently several times more IP-enabled devices on earth than humans, and many of these can support multiple connections. Which means there are billions upon billions of edges in use at any given moment, with billions more potential edge devices just around the corner.
And each of these requires protection.
While the security of an organization is only as good as its weakest link, a personal device at a branch network connecting to the public Internet may not require the same degree of scrutiny as a video conference discussing intellectual property development. Striking a balance between securing critical data and managing limited resources such as bandwidth as technical overhead requires building a tiered security strategy.
How do you ensure that each new edge connection receives the security it requires? Here are five basic requirements:
Secure connections: Encryption is essential for devices connecting over publicly available networks. Complex communications and collaboration requirements will also require developing and maintaining a meshed VPN overlay. Keep in mind that some transactions may require encryption beyond what is provided by IPSec and SSL.
Control access: All devices need to be identified at the moment of connection, and appropriate policies need to be applied. Those policies then need to follow the connection so security and network devices along the data path, even as it moves across and between cloud and edge environments, can participate in enforcing those policies.
Segment networks: Authorized devices need to be assigned to a specific network segment where it can be closely monitored, access to unauthorized resources can be prevented, and devices or applications that begin behaving badly can be immediately quarantined.
Enable inspection: Applications and data need to be inspected. Security tools must inspect encrypted data at network speeds and detected security events need to trigger a consistent response across the entire distributed network
Centralize management: Devices need to be able to share and correlate threat intelligence, distribute policy consistently, identify anomalous behaviors, and orchestrate a consistent response through a central management system.
The growth of the edge is utterly transforming today’s networks, and the delivery of 5G will only drive that transformation faster. To address the new security challenges that the edge is introducing, we need to understand two things:
Instead, enabling the networks of tomorrow requires organizations to radically reimagine the security solutions they have in place today, starting with the recommendations outlined above.
This is a summary of an article published on the SecurityWeek website on May 09, 2019, entitled, “The Need for Tiered Security at the Edge.” Click here to read the entire article.
Find out how Fortinet’s Security Fabric delivers broad, integrated, and automated protection across an organization’s entire digital attack surface from IoT to the edge, network core and to multi-clouds.