Driven by the COVID-19 pandemic and the rise of contactless commerce, 5G creates new possibilities by enabling hyperscale operations, characterized by large payloads and millions of simultaneously encrypted connections.
For the promise of 5G end-to-end performance to become a reality, it must also be secure. Enterprises must be mindful of this when it comes to platform consolidation decisions. Consolidation is a must to reduce complexity – organizations should move from specific point defense products and platforms to a broad, integrated and automated security fabric.
A dangerous trade-off
From branch offices to regional and national headquarters, organizations need both high-performance networks and strong security. Digital transformation initiatives and the adoption of data-driven decision-making is accelerating computing and networking. Propelled by the speed at which applications, workflows and transactions need to be processed – many organizations have adopted the use of a hyperscale data center.
A growing number of these high-performance networks are built using advanced routing and switching infrastructures. Consequently, traditional security solutions are being jettisoned because they simply can’t keep pace with new performance requirements and provide adequate protection.
The inherent performance limitations of previous generations of security equipment leads to workflow bottlenecks, which results in lower productivity and poor user experience. Enterprises feel forced to choose between performance and security, and in many cases security has been deprioritized in favor of business objectives and user experiences.
To protect their high-performance environments, some organizations have even replaced their enterprise-grade security with VLANs and Layer 4 access controls lists. Unfortunately, this is a recipe for disaster. These alternatives do almost nothing to prevent attackers from impersonating legitimate users, establishing a beachhead and then moving laterally across the network to gain access to credentials, systems and data.
Using a completely different attack method, bad actors could also send massive volumes of requests to overwhelm a website. This could bring down e-commerce sites and online services, resulting in lost revenue, negative publicity and possibly even the loss of the entire business.
The security-driven network and the challenge of 5G
Security-driven networks are designed for the acceleration of digital transformation, including the transition to virtualization and the cloud, 5G, the rapid adoption and integration of IoT, and the reliance on applications as a central pillar of modern business.
5G will prove particularly challenging, as it will bring with it unprecedented rises in three key areas: a 10-fold increase in mobile broadband (eMBB), the support for a super-high density of connected devices – up to 1 million devices per square kilometer (mMTC) – and the ability to deliver ultra-reliability with ultra-low latency (URLLC).
That’s why for 5G mobile networks basic scalability will not suffice. 5G both provides and requires hyperscalablilty. This is a whole different entity than simply providing faster 4G services. 5G carries the potential to lay the foundation for global innovation across a wide variety of sectors.
Five elements of the security-driven network
The five critical elements of security-driven networking are as follows:
Planning and design – In the planning stages, everyone must agree that new infrastructures, applications and devices need to meet and support a central security strategy built around a single framework. Want a new cloud infrastructure? It not only needs to be secure, but it needs to be built using an integrated security platform to ensure it is part of the central framework.
Access control and segmentation – When new devices are added to the network, ensure that they are automatically identified and that rules related to accessing network resources are applied. Make sure they are automatically assigned to secured network segments that have been enhanced with authentication for increased control and flexibility.
Consistent protection for workflows and applications – Data gets shared, cross-referenced, mined and processed; it never stays in one place. Security-driven networking protects data, applications and workflows along their entire data path through the implementation of a single, integrated security framework.
Expanding perimeter – The modern network perimeter is expanding outward as organizations embrace remote working, new network platforms, new devices, and new compute and application models. At the same time, the perimeter is expanding into the network through the adoption of IoT devices and the connecting of networks to support smart systems.
Branch offices and secure SD-WAN – Standard MPLS connections limit application performance and dynamic communications. A more modern approach combines the built-in protections of a next-generation firewall with advanced SD-WAN networking capabilities. This eliminates MPLS-required traffic backhauling, prioritizes business-critical applications and improves overall user experience without ever compromising on security. In addition, SD-WAN determines the optimal network access methodology to ensure business outcomes and enhanced experiences.
Full security ahead
As organizations race toward new levels of hyper-connectivity, they tend to set security aside for the sake of speed. But the success of any organization is now dependent on both network and security working in unison to be both fast and secure in order to meet business objectives and to better serve customers.
Security-driven networking is an essential aspect of this double mandate. A security fabric-based approach integrated into a unified whole empowers organizations to embrace innovation without lowering performance or increasing risk. Review the critical elements of security-driven networking noted above to begin or strengthen your journey to a network that is hyperscale, hyper-speed and hyper-secure.
— Jonathan Nguyen-Duy, Vice President, Global Field CISO team, Fortinet
Photo by Georg Bommeli on Unsplash