Let’s face it, it’s not just the future of network security that’s in the cloud — it’s the future of business itself.
The shift to the cloud and Everything-as-a-Service has been under way for more than a decade, but the global pandemic of 2020 and 2021 dramatically accelerated the pace of digital transformation across the globe.
Australia was no exception. Some sectors, such as finance, are proving to be further along the path, while others such as government, education, healthcare, and the legal sectors are all moving in the same direction — albeit with more urgency today.
Now more than ever, there is an appetite for meaningful digital transformation that brings genuine benefits to the workers who actually use the technology, in addition to the IT, networking and security teams who must maintain it. Unfortunately, the ones who don’t take secure remote access seriously run the risk of becoming a target for bad actors, who quickly pivoted to take advantage of lax security protecting workers outside the office. Although cyberattacks are nothing new, the pandemic has given rise these attacks on an unprecedented, global scale that undermines trust in critical infrastructure and does real damage to corporate reputations.
Top 5 concerns for business leaders
The events of the past year have profoundly changed business leaders’ attitudes toward top threats. This shift is reflected in PWC’s new 24th Annual Global CEO Survey of 5,050 CEOs in North America, EMEA and APAC, conducted in January and February, 2021.
In 2020, the top five concerns of these leaders were issues related to over-regulation, trade conflicts, uncertain economic growth, cyberthreats and policy uncertainty. In 2021, unsurprisingly, by far the top concerns are pandemics and health crises, followed closely by cyber threats. Lesser, but still top concerns cited were related to regulation, policy uncertainty and uncertain economic growth.
It also makes sense that cyberattacks are seen as a much more serious threat today after FireEye and Microsoft disclosed the extent of the SolarWinds supply chain attack that gained notoriety late last year. This highly coordinated attack allowed state-sponsored hackers to compromise top-tier US cybersecurity firms and nine key US federal agencies from among the 18,000 SolarWinds customers who installed the Sunburst/Solorigate backdoor through seemingly innocuous software updates.
This was a very precise and highly targeted attack designed to steal information and foster a sense of mistrust in government, critical infrastructure and cybersecurity capabilities. And it’s one reason why more companies are now turning to ‘zero trust’ principles when planning the roadmap for their future network and security needs.
In March this year, an even more widespread threat emerged via four critical vulnerabilities found in Microsoft Exchange on-premise email servers that were actively exploited by state-sponsored and ransomware threat actors.
Threats and opportunities
Life is full of risk and threats, but opportunities too. There are still massive rewards to be reaped in digital transformation and taking a cloud-first approach.
Australia’s Department of Industry, Innovation and Science estimated in its 2018 Future Productivity report that faster adoption of digital technologies could boost the Australian economy by $140-$250 billion by 2025.
Recent events, including the global pandemic, have accelerated this progress at a rate not previously experienced in AustraliaRandall Brugeaud, CEO, Digital Transformation Agency
In the discussion paper for the strategy refresh, the Digital Transformation Agency (DTA) states: “The impacts of the global pandemic, including the reduction of face-to-face services offered by government, have resulted in significant changes to the way users interact with government. Recent data highlights (that) user adoption of digital technologies has advanced 5 years in approximately 8 weeks.”
Today there are a confluence of technologies and societal changes driving digital transformation across industry and government. Technology is only one core part of digital capability, along with policy, people and alliances.
On the technology side, these include smartphones/mobility, laptops, edge computing, the Internet of Things, and borderless networks. Cloud will surely be integral to this mix and is already a key enabler of many critical business applications.
Getting SASE (Pronounced ‘Sassy’)
At NetMotion, we believe these conditions explain why network security architectures like Secure Access Service Edge (SASE) are the right fit for organisations approaching large-scale digital transformation.
These organisations need a cloud-first solution with powerful tools to contextually enforce policy. They need low-latency access controls based on user identity, and continuous monitoring of risk and trust levels to reduce risk.
First described by Gartner’s Future of Network Security report in 2019, SASE involves building network security around user identity, cloud architectures, and having a network that supports all edges — from data centres to branch offices, cloud resources, mobile devices, and browsers, all regardless of where they are physically located.
A critical aspect of this is that network and security functions must deliver a low-latency experience to all users and services. That makes sense because the gains made by a highly distributed organisation could be negated if its network security architecture impedes productivity. No user likes struggling with network and security issues to get a task done.
These demands, which are answered by SASE, translate into a set of technologies and concepts that many in the IT industry are familiar with, such as the Software-Defined Perimeter (SDP).
Adopting zero trust
NetMotion’s platform functions as an SDP. It’s a network perimeter based on software that lives on the end device and ideally in a cloud-hosted gateway. This restricts unsanctioned access to enterprise resources through real-time risk assessments and on-demand, dynamic tunnelling to the requested resources. As a service that can be hosted in the Microsoft Azure cloud, NetMotion’s platform offers customers the flexibility to deploy network perimeters that are backed up by a VPN, a firewall, web application, API security (WAAP), and much more.
Zero Trust Network Access, or ZTNA, is a key objective in deploying an SDP because it uses many parameters to establish the validity of a request. In other words, it first assumes that no entity, device or user is trusted until they can prove their identity. This is a far different approach to traditional tools that provide access to a network and its assets based on a simple set of user credentials. Hence the name “zero trust.” SDP is a great application of SASE and zero trust methodologies because it ensures the authenticity of a user and device before authorising access to network resources, wherever they are, while also protecting the network from a multitude of threats.
All organisations should consider this fundamental approach when evaluating the future security needs – and ultimately the success of – any unique digital transformation program.
NetMotion is the future of secure remote access. Request a free, no obligation demo of the platform here.
- Verified IT and security leaders reveal highest-rated ZTNA platforms in new G2 Grids
- Best practices in finance IT: Sven Goelles from Lincoln International
- Inside NetMotion: A security engineer’s view of SASE
- Best practices in public safety: Alex Bowen of the UK’s National Enabling Programmes
- Accountancy firms look for best practices in a “work-from-anywhere” world