In Jurassic World, where giant dinosaurs ruled, cultivated the land, and maintained the natural balance, these creatures were a perfect species for that environment that served a purpose. Similarly, decades ago, in the business world, firewalls, VPNs, switches, and routers roamed the data center using routable transports to maintain ingress and egress balance providing security against external threats. This multi-layered security ecosystem protected all their crown jewels under the castle-and-moat trusted habitat. Then, the cloud meteor hit the network security world. As applications fled to the cloud and users and data scattered everywhere, a vague notion of an office emerged, and the internet became the new corporate network. The extinction of the networkrassic era has begun.
Welcome to the cloud-age
Cloud-first enterprises cannot rely on network security dinosaurs. Legacy firewalls and VPNs are network-dependent, making them slow, expensive to maintain, and ineffective when protecting against sophisticated threats and stopping lateral movement. More than 85% of network professionals surveyed said that firewalls are better delivered via the cloud (this is why you need a new approach), and 72% of enterprises actively adopt the zero-trust approach to minimize the attack surface and stop lateral movements. It's pretty simple, don't trust anyone. Only allow verified, direct, and secure access from users to intended applications, regardless of location or transport layer. Consider some additional data points from a recent survey we conducted:
- 67% strongly agree firewalls are unable to effectively provide fast, secure access for remote users
- 64% agree that firewalls are unable to prevent lateral movement within a network
- 75% say it is challenging to manage firewall hardware, upgrades, and deployments*
Source: Virtual Intelligence Briefing (ViB) | Networks Security Survey 2021
Digging up fossils prevents you from zero trust
Now you might be thinking, how can I tell if my infrastructure is living in the networkrassic world? Here are five signs that will help you identify and dig up some fossils in your network:
1 - Crumbling under heavy load: Backhauling, all Internet-bound user and branch traffic through the corporate network, stacked up with various security appliances, is not giving you the desired results. Users are frustrated, and support tickets are piling up and getting out of hand.
2 - Unable to look for hidden threats: More than 84% of global internet traffic is encrypted, and hackers take advantage. You cannot inspect it because you know that turning on SSL decryption on firewalls results in severe performance degradation.
3 - Out-of-control management: We all agree that a zero trust approach to network security is the right thing to do, but your current network with firewalls and VPN makes it almost impossible. To mimic a zero trust architecture, you have to configure hundreds, if not thousands, of policies on a swarm of internal firewalls across the network, cloud, and remote users.
4 - All-you-can-eat hacker buffet: Users and applications are moving to the cloud quickly. You extend your network perimeter to the cloud to protect them by adding more firewalls. Now you have created an all-you-can-eat buffet for the attackers. They can move freely inside your network and now have new access to all your cloud applications. You have just increased your attack surface.
5 - Let it through. We'll check it later: Firewalls/VPNs were made to play nice with your existing network plumbing. By design, they adopt a pass-through architecture that lets the traffic through without inspecting traffic for sophisticated attacks. Sure, they can analyze out-of-band traffic and determine malicious intent, but it's already too late by then.
Thrive in the cloud age with the Zscaler Zero Trust Exchange
The Zscaler Zero Trust exchange takes a fundamentally different approach that naturally fits the cloud age. It enables secure and direct-to-internet connections from users to applications without relying on the underlying IP-based networks. Imagine your life with no routing complexity, no performance issues, worry-free policy management, protection from the world's largest security cloud, and no dinosaurs.
Complete security with:
- Infinite scale and performance with full inspection on all ports and protocols, including SSL.
- Secure local internet breakouts with a fantastic user experience.
- Effortless policy management built for the cloud age.
- Cloud-delivered AI-powered protections, close to every user, device, and application, not the network.
Register for our upcoming webinar, "7 Reasons Why Legacy Firewalls Are Unfit For Zero Trust," to understand what zero trust is and isn't and why firewalls are not built for the cloud age.