By Alain Penel, Regional VP-ME – Fortinet
Many authors have surveyed the impact of COVID-19 on different aspects of the economy and culture, and speculations abound on what the “new normal” will look like for different segments of society and in various types of organizations. It is important to consider how the pandemic has impacted us as security leaders, and how we can navigate the uncertain waters of the emerging post-pandemic world in the coming months and years.
Digital innovation was already in full swing at most enterprises, but the pandemic forced an already accelerating trend to move even more quickly. Projects that were several years out on the roadmap were suddenly business-critical. Companies could no longer just maintain, but instead needed to enable a new generation of networks, collaboration tools, and cloud-based services with a widely distributed architecture—and protect it at the same time. In other words, we must do two seemingly contradictory things: protect and connect. The security leader is an increasingly essential part of these conversations.
As we emerge from the pandemic, no one should expect the need for digital innovation to slow down. But to do these innovations safely, a holistic approach to security is increasingly critical. This is why COVID-19 may have put the final nail in the coffin of the “point product” approach to solution selection. This approach involved conducting a separate search for each element of the network or security architecture, without regard for how the siloed solutions would work together. Ultimately, someone had to glue everything together—usually by doing a lot of manual work to collate information from different solutions.
A holistic approach means building an entire architecture as a single unit, enabling organizations to accomplish both digital innovation and security at the same time by using native integrations. I should quickly note that holistic is not necessarily monopolistic, and organizations do not have to throw away their installed base to take advantage of an integrated cyber response. However, security elements should be chosen so that they natively work together.
The holistic approach has a number of benefits that align with today’s requirement for rationalization. The perfect example is the massive adoption of secure software-defined wide-area networks. The demand for secure SD-WAN is accelerating due to its increased agility and reduced cost coupled with full visibility into traffic. Smart companies are adopting a security-driven networking approach as they perceive the need for network innovation and advanced security to be addressed as one. This merges two previously siloed functions, improves the efficiency of both, and makes security an enabler of digital innovation.
Another element of the holistic view is adaptive cloud security. The cloud is one of the biggest IT trends of our generation, enabling incredible computing power without capital expenditures. Some enterprises have tried to focus on a single public cloud because security protection is more straightforward that way. But this also locks the enterprise into following a specific technology roadmap—and a future cost structure—that it may not control. On the other hand, if security sits on top of a distributed, multi-cloud infrastructure, the enterprise has freedom to find the best cloud for every service.
A third pillar of this approach is zero-trust network access. With this approach, access to resources is dynamically granted and reevaluated based on the real-time context and behavior of the requestor. As billions of new devices are trying to access our connected world, we must permanently challenge all attempts to access the network and different resources within it.
