Loss of the perimeter
Today the network perimeter is largely gone. Users, devices, apps, and services are dispersed all over the world. For most organizations, trying to sustain a perimeter-based security architecture for the entire enterprise is no longer feasible.
Forcing remote workers to have all of their network traffic routed to HQ and then immediately back out to reach a cloud-based resource slows things down. Branch sites could face the same problem as remote workers.
But not forcing remote workers’ traffic through HQ means that the organization’s network security controls wouldn’t be applied to it. That’s a big problem. Losing most of the perimeter means losing the ability to enforce security policies through the network for many or most users and devices.
Loss of control and trust
Organizations are also losing control of devices, networks, apps, and other aspects of the technologies they rely upon. Sometimes the loss of control is partial, like adopting cloud-based apps. In those cases, there’s a new shared responsibility model between the organization and the third party providing the technology or technology service. This is yet another change for organizations to accommodate.
Organizations already feel that they shouldn’t trust the technologies they don’t control, but they’re also learning they shouldn’t trust the ones they do control, either.
The Path Forward
Technology has changed, so security and networking need to change in response. The old model of routing all communications through HQ no longer works. Users need direct access to the internet to use cloud-based apps from whatever client device they choose. Trust in networks and devices has been lost. So where do we go from here?
Organizations need to regain control over technology. Since they can’t trust client devices, they need to examine their users’ network traffic, enforce policies on it, and look for threats. The only way to do that while achieving reasonable performance is to force client devices to send their traffic through cloud-based security services. This is a key principle of secure access service edge (SASE), but SASE is much more than that.