The enterprise network was once a castle, broadly insulated from the outside world by a LAN perimeter moat, with a WAN drawbridge defended from within the castle walls. One way in, one way out, with few reasons for data and users to leave and plenty of ability for applications to function inside the castle. Security seemed simple.
Today’s enterprise network is something much larger and broader. As businesses continue to adopt cloud services and support more mobile and flexible workflows, the network reach extends far beyond the castle walls and out into the Internet. With so much of value and critical importance outside the castle walls, there are plenty of reasons to venture out onto the WAN. Traditional client/server and on-premises security models are no longer the most effective, or most responsive, in light of changing network topology. The threat landscape is larger and more complex, with an evolving set of persistent threats and less time to act.
How do you protect a perimeter that no longer exists?
Protecting the castle perimeter is no longer enough, or indeed the most appropriate course of action. The notion of the perimeter needs to extend much further, effectively surrounding the Internet and the external locations that people are visiting outside the castle walls and destinations with which interacting.
One look at current WAN traffic levels, and it’s clear that almost all traffic is flowing to and from the Internet. WAN utilisation has grown rapidly from around 10 percent of capacity to as much as 90 percent in some enterprise environments. Even an average of 70 percent utilisation is extremely high, reflecting just how much we now need to access the wider Internet. That substantial rise in external traffic, combined with the growing number of devices in use, creates many more targets and avenues for cybercriminals, malware creators, and fraudsters.
Consider just some of what we use every day in the workplace that is no longer hosted on-site or at another branch office connected via a leased line:
- Email and instant messaging
- Office productivity (Microsoft Office 365, Google Apps, etc.)
- Enterprise software platforms (CRM, BI, Accounting, HR, etc.)
- Workgroup storage (Dropbox, Box, etc.)
- External processing and server hosting (Azure, AWS, etc.)
- Disaster recovery and offsite backup
- Consumer and B2B social networks (Twitter, Facebook, LinkedIn, Yammer, etc.)
The cloudification of the enterprise
This cloudification of the enterprise has been driven in part by the rise of mobile devices and remote users. It has helped foster a culture of any time, any device, anywhere access to services and data. The adoption of cloud computing has also helped simplify IT department workloads by moving support, service, and maintenance out of the business. Such moves free up staff resources from mundane IT maintenance, allowing them to focus on higher-value tasks.
Business productivity and communication services have migrated off the desktop and into the cloud with great success. Security needs a similar strategy, the ground has shifted, and the old way of stacking up security appliances in the data center and creating a moat is no longer effective at protecting today’s cloud-enabled, agile businesess. A new approach is needed to ensure the business is protected, while still benefitting from embracing the Internet as its wider network.
At Zscaler we see this cloud transformation happening at some of the largest and most complex organisations in the world. As they make the transformation, the Internet really does become their corporate network; business gets done in the cloud as users access critical data and processes hosted in rich cloud apps from remote offices or out on the road.
Zscaler effectively puts a perminter around the Internet, we protect users in any location on any device as they access the Internet and go about their business. Enterprise security and company polices travel with the user.
Ultimately, cloudification is not an IT issue — it’s a business transformation issue. One in which security needs to be a core component. After all, when the Internet is your enterprise network, everywhere in the world can be your fortified castle and place of business.