Digital adaptation for a security-driven network

By John Maddison - Chief marketing officer and EVP of products, Fortinet

Unfortunately, the challenge of securing new digital infrastructure will only grow unless digital transformation stakeholders not only broaden their focus to include security, but begin building their networks with security in mind from day one.

The problem is not only an expanding digital footprint, but the way in which networks are expanding. They often grow ad hoc from within individual business units as employees and managers seek better digital products, without any centralised control or management tied to the larger corporate security strategy – or even input from security teams.

The result is anything but simple. In the eyes of security professionals, complexity is a red flag for security blind spots, gaps in policy enforcement, and overall increased cyber risk for their company. Vendors that offer isolated security solutions compound the problem further as those solutions not only cannot be easily monitored or managed. That means extra resources are spent hand-porting policies to the growing assortment of different devices that come under the company’s digital realm.

Visibility and threat correlation are limited, which opens doors for, but cannot participate in a unified response to an active threat. As a result, cyber adversaries are waiting in the wings to take advantage of a complex environment getting more complicated by the day, becoming virtually impossible for security teams to manage.

When faced with a traditional hub-and-spoke network design where traffic is backhauled through the hub via static WAN connections, security teams face immense challenges. They’re continuously adapting the core network to keep up with fast-paced changes in the workplace.

Static network configurations are ever-changing and most static routers simply cannot keep up with the broadband performance requirements or intent-based segmentation strategies that today’s teams now must deploy. With the ever-mounting pressure to support and dynamically adapt to business-critical digital transformation projects, security must evolve significantly and quickly, and legacy solutions based on static designs simply need to be replaced.

One area of good news is that, unlike a traditional static WAN, SD-WAN (a software-defined Wide Area Network) solutions can support advanced networking requirements, adapt to dynamically evolving business-critical applications, and support intent-based segmentation to keep critical data isolated.

Security-driven networking is how modern security teams are solving the problem of having to grow their networks in a dynamic environment without compromising on security. In fact, letting security drive your approach to networking is really the only way to ensure that, going forward, any new network environment or solution won’t pose serious risks to the company’s digital estate.

The first step to achieving a security-driven network is to draft a comprehensive security policy that covers everything a new network or solution should have before anyone even considers deploying it. That means crafting an overarching document that covers how network additions will be assessed, what protocols they must follow, how they will be inspected, the technology that’s used to enforce policies, and what protections they must offer.

The next step is choosing and integrating your arsenal of security tools so that you end up with unified threat intelligence and a seamless solution that works across virtually any environment that your company requires. Security solutions that can integrate networking and security at the outset require equipment and processors that optimise functionality, manage complex activity, accelerate critical transactions without damaging performance, and unify network and security policy and functionality into a single, integrated management and control system.

The next generation of security solutions that provide true security-driven networking is already here with Secure SD-WAN solutions that are integrated into next-generation firewalls. This approach provides a built-in, full stack of security functions that understand and start protecting the network the instant you deploy. That includes functions that, until recently, were only available via the data center in the core network. And it’s all managed through an easy-to-use console offering single-pane control over the entire network.