The need for a zero-trust edge strategy

News Desk -

Share

By John Maddison, EVP Products & Solutions at Fortinet

Today’s hybrid workers require access to distributed applications deployed in the datacenter, multi-cloud environments, and SaaS locations. Digital acceleration involves adopting and implementing new technologies and practices to improve business agility and employee productivity. But it is also redefining the network edge—especially in today’s Work-from-Anywhere world where users move between on-premises locations, interconnected branch locations, home offices, and temporary locations during travel—thereby expanding the attack surface and exposing the business to new, advanced threats.

Unfortunately, most traditional network architectures were built using disparate and statically deployed point products that provide implicit access to all applications. However, such an approach is no longer effective at providing secure access to critical resources at scale, especially as users, devices, and applications are in constant motion. And the inevitable rerouting of traffic to fixed security points for inspection severely impacts user experience, especially when those tools cannot adequately examine encrypted application, data, and video streams. Far too often, the default response in many organizations has been to bypass security to not impact critical business operations. And the result has been disastrous, with ransomware, phishing, botnet, and other criminal activity now at an all-time high.

What’s needed is a secure Digital Acceleration strategy that ensures that new technologies can be adopted and new, highly dynamic edges can be established without compromising the protection of critical data or the security of users and devices. Zero-trust is based on the principle that every device or user is potentially compromised, and therefore every access request must be authorized and continuously verify. And even then, users and devices can only access those resources required to do their job and nothing more.
 This same approach is now being applied to the remote edges of the network, a strategy known as the “Zero Trust Edge.” This new zero-trust approach to securing the expanding edges of today’s networks helps ensure that Security-Driven Networking – the critical convergence of security and networking – is everywhere. This enables security to seamlessly adapt to dynamic changes to the underlying network infrastructure, including connectivity, while providing explicit access to applications based on user identity and context.

Security-Driven Networking from Fortinet

Forrester recently described a solution they have dubbed the “All-In-One Zero Trust Edge” in the Now Tech Report published in December 2021. In that report, they described the future of next-generation networking infrastructure as bringing together networking and security in any combination of cloud, software, and hardware components, securely interweaving users, data, and resources using essential zero-trust principles.

Fortinet is recognized in this report. We believe that’s because we uniquely bring together all components needed to converge networking and security and can then deploy them on premises and in the cloud, including SD-WAN, NGFW and ZTNA. This ensures that we can deliver consistent convergence and zero implicit trust everywhere. We call this Security-Driven Networking.

Fortinet’s Security-Driven Networking approach starts with FortiOS-based innovations, including our on-premises SD-WAN and next-generation firewall secure access solutions, which also includes built-in ZTNA. It continues in the cloud with Fortinet’s cloud-based secure web gateway, CASB, and ZTNA solutions for remote users.

zero-trust edge strategy - Fortinet - Digital acceleration - FortiOS - Security-Driven Networking - Zero Trust Edge Solution - techxmedia
Figure 1: Fortinet’s Security-Driven Networking approach to Zero Trust Edge

What is a Zero Trust Edge Solution?

Fortinet’s Security-Driven Networking innovations deliver the industry’s most complete Zero Trust Edge solution:

1. SD-WAN: Providing better path and user-experience to applications and services using SD-WAN is foundational for any Zero Trust Edge solution. Fortinet was the first vendor to blend advanced security and connectivity into a unified solution. Our Secure SD-WAN solution securely interconnects all offices to every datacenter, multi-cloud, and SaaS environment. And in addition to reliable connectivity and cloud on-ramp, it includes a full suite of advanced security, enables dynamic segmentation to prevent lateral threat movement for East-West protection, and maintains superior user experience through digital experience monitoring.

2. Hybrid Convergence of Networking and Security: Zero Trust Edge must also support today’s highly dynamic networks. Legacy security solutions struggle to provide consistent policy distribution, orchestration, and enforcement when the underlying network is in constant motion. Integrating security and networking into a unified system is essential for deploying consistent security everywhere, both for on-premises and remote users. Fortinet is the only vendor to deliver networking and security convergence powered by the same operating system (FortiOS) to offer seamless policy distribution and orchestration. We also provide the industry’s highest security performance using our purpose-built security ASICs, enabling the inspection of encrypted traffic, including streaming video, without impacting user experience.

3. Secure Remote Access: Cloud-delivered security that securely connects all remote users is essential to any Zero Trust Edge solution. Comprehensive web security from the cloud must provide multiple layers of defense with AI-driven web filtering, video filtering, DNS filtering, IP Reputation, Anti-botnet service including the ability to address data loss prevention and protect mobile users with in-line CASB integration.

4. ZTNA Everywhere: Finally, Zero Trust Network Access (ZTNA) is essential for securing access to the critical applications and resources today’s hybrid workforce demands. However, protecting a hybrid workforce that may be in the office one day, working from home the next, and traveling another requires a ZTNA solution that is available everywhere users or devices are located. Unlike traditional VPN, ZTNA provides explicit access to users per application based on identity and context. Fortinet is the only vendor with a ZTNA solution designed to protect access from any edge, not just a few edges.

Fortinet’s Security-driven Networking Approach to Zero Trust Edge

Fortinet’s innovative approach to Zero Trust Edge converges enterprise-class security and networking everywhere across the network. This unique ability ensures secure access to critical applications and resources, whether users are on-premises or accessing resources through the cloud. Our Security-Driven Networking approach—including our unique combination of exclusive purpose-built ASICs, cloud-delivered security solutions, and integrated networking capabilities—enables superior user experience combined with coordinated threat protection for every network edge.

Zero Trust Edge resolves one of the most enduring challenges facing today’s IT teams: extending enterprise-grade security and granular access control to remote workers. Fortinet’s Security-Driven Networking approach provides a unique solution to overcoming user experience, siloed and disconnected networking/security technologies, and implicit trust challenges that create obstacles for today’s organizations serious about digital acceleration and implementing an effective—and secure—work from anywhere strategy.