Organizations have often relied on multiple vendors to connect and protect branch offices. Through a DIY approach, you may have installed a variety of WAN edge appliances such as routers, firewalls, and WAN-optimized devices. As a result, network installations are often complex and difficult to manage. These installations are not optimized for the digital age. As more and more applications and workloads are hosted in the cloud and more employees connect from anywhere, network security boundaries are breaking down. However, organizations may not know where to start transforming their network and security architecture. It may also be tied to a multi-year contract that prevents the current architecture from migrating to a cloud-first SASE architecture.
Organizations need to perform these simple steps to transform their network and security architectures and implement a secure access service edge ()SASE) At your own pace.
Step 1: Implement SD-WAN between headquarters and branch offices
While SD-WAN adoption continues to accelerate, some organizations still rely on traditional, robust and expensive MPLS lines to connect their branch offices. However, MPLS does not provide the flexibility and security needed to directly access applications hosted in the cloud. In fact, enterprise data centers are no longer the hub of all network traffic, as most enterprise applications are migrating to the cloud. To provide the best cloud application performance, organizations need to manipulate traffic directly over the Internet rather than backhauling it to corporate data centers.
SD-WAN provides flexibility and reduces complexity by virtualizing the network. You can flexibly combine multiple WAN transport services such as MPLS, broadband internet, and 5G / LTE. Connections can also be configured based on your business needs.
Leveraging advanced SD-WAN with public internet services, organizations can easily launch new branches, reconstruct lost packets in transmission, forward error correction, and packet ordering to reorder packets. With the correction, you can get the same or better performance as the leased line. It was delivered in no particular order across multiple lines.
In addition, centralized orchestration automatically pushes application QoS configurations and security policies to branches with zero-touch provisioning, eliminating the need for human intervention. Therefore, you can quickly and easily set up a new branch office and automatically distribute policy changes to hundreds or thousands of branches in minutes with minimal error. You can now replace firewalls, routers, and WAN-optimized devices with a single SD-WAN device, simplifying your network and operations.
Step 2: Automatically incorporate best-in-class cloud security features into your natively integrated SD-WAN solution
SASE models include Secure Web Gateway (SWG), Firewall as a Service, Cloud Access Security Broker (CASB), Zero-Trust Network Access (ZTNA), Antivirus, Data Loss Prevention (DLP), Sandbox, and much more. Describes the component. ..
When migrating to the SASE architecture, enterprises consider incorporating best-in-class cloud security features that better protect their organizations, rather than an all-in-one solution that may not support equal protection against all types of threats. is needed.
As an initial stage SD-WAN solution You can maintain your existing firewalls and routers by simply integrating them into your existing network without major changes to your infrastructure. Then, by subscribing to new cloud security services, advanced SD-WAN solutions can provide native integration with these services. This integration is seamless because the SD-WAN solution automates cloud security “onboarding” by configuring secure tunnels (connections) to cloud security enforcement points and intelligently manipulates application traffic. With intelligent steering, organizations can backhaul data center-hosted application traffic to headquarters, send trusted cloud application traffic such as Office 365 and UCaaS traffic directly to the Internet, and all other Internet. You can build security policies that send connection traffic to the Internet. Cloud-delivered security service for further security inspection.
The SD-WAN solution should also include a firewall feature to protect the branch from incoming threats. Leading SD-WAN solutions include stateful zone-based firewalls and intrusion prevention features, paving the way for eliminating existing legacy branch firewalls.
Step 3: Beyond SASE: Security Protection IoT devices and traffic
In the post-COVID era, as resources were distributed across data centers and the number of IOT devices increased, network complexity increased significantly, making it even more difficult to secure organizations from cyberattacks. ..
In fact, IDC predicts that by 2025 there will be 55.7 billion connected devices worldwide and the data generated from connected IoT devices will be 73.1 zettabytes (ZB), triple from 18.3 ZB in 2019. doing.
IOT use cases range from automotive, video surveillance, smart metering, HVAC control, healthcare and point-of-sale terminals. These devices often do not have an authentication system and security agents cannot usually be installed on the device. Therefore, it is less secure than other computing devices. They often share the same network path that other enterprise application traffic goes through, exposing your organization to an increased threat.
The zero trust policy approach assumes that your organization does not trust any device by default.Network segmentation is essential to enable a user or device that’s all Access specific areas of the network that match its role to prevent attacks from spreading across the network and attack critical applications, and to limit user or device access to digital resources only according to business requirements. ..
It is important to provide a unified approach to zero trust across wireless LANs, wired LANs and SD-WANs. Advanced integrated network solutions provide role-based access policies to implement zero trust policies based on full 802.1X and multi-factor authentication for user devices. By implementing dynamic segmentation, devices are automatically assigned the appropriate access control policies and network traffic is segmented based on user or device type and context.
Aruba helps organizations move to the SASE architecture at their own pace through zero trust capabilities and native integration with cloud security providers.
- Aruba EdgeConnect provides industry-leading SD-WAN capabilities for optimizing and simplifying WAN edges.
- It automates orchestration to the best cloud security solutions by automatically establishing IPsec tunnels and intelligently manipulating traffic based on the identification of the first packet.
- It includes a stateful zone-based firewall to centrally manage security policy orchestration.
- EdgeConnect, combined with Aruba ClearPass user / device and role-based access control, provides a consistent zero trust edge-to-cloud security policy across wired or wireless infrastructure, branch or campus networks, WANs, and data centers. Thanks to Aruba’s dynamic segmentation feature to protect users and IOT devices.
HPE (Aruba and Silver Peak) was named Leader of the WAN Edge Infrastructure Gartner Magic Quadrant in 2021 for the fourth consecutive year- Get the report..
Copyright © 2021 IDG Communications, Inc.
Implement the SASE architecture at your own pace in 3 steps
Source link Implement the SASE architecture at your own pace in 3 steps