What is network security?
Network security is the strategic combination of hardware and software designed to protect the sensitive data housed within the corporate data center. Network security has evolved over the years as more traffic was bound for the internet as opposed to staying on the local network. Today’s stack in a security gateway, which monitors traffic going to and from the internet, includes and complex array of firewalls, intrusion prevention systems, sandboxes, URL filters, antivirus technology, data loss prevention systems, DNS filters, and many more devices and tools designed to keep outside attacks from entering the network and reaching the data and intellectual property inside.
The way it was
The corporate network has often been described as the heartbeat of an organization. It was where most, if not all, of your company’s data was stored. It housed all of the work applications your employees needed to do their jobs. And it was protected by a firewall and other security applications in an attempt to keep unauthorized individuals from accessing your critical data. This was often referred to as the castle-and-moat model, where the castle sits in the middle with a moat surrounding it in an effort to keep out invaders.
The castle-and-moat model worked well enough when employees worked exclusively in the corporate headquarters, and when the applications they needed were either installed directly on their computers or available from the data center.
However, as companies began to grow and open remote offices, a new challenge arose − connecting these remote employees to the data center in the corporate headquarters. Of course, organizations quickly realized that re-creating their security stack at each of their remote offices was too expensive and impractical. And, this option wouldn’t help employees who worked outside one of your offices. This gave rise to virtual private network (VPN) solutions, which allowed these remote employees to access the corporate network. However, VPNs did not provide employees with the quality experience they had in the office. It was often difficult to connect or the connection would often drop. It proved to be a frustrating experience. In addition, VPNs gave users access to the entire network, opening up your organization to increased threats from hackers and other unauthorized individuals.
Network and network security architectures were designed for an era that is waning, and they are unable to effectively serve the dynamic secure access requirements of digital business.Gartner, “The Future of Network Security Is in the Cloud,” August 2019
The birth of the cloud and the rise of cloud-based applications, as well as the explosion of mobility and mobile employees, added another level of complexity to network security. With employees moving farther away from headquarters and applications no longer residing in the data center, the network was no longer the center of an organization’s universe. Yet, the security applications were still in the data center. So, how were organizations going to protect users heading to the internet? The common practice was to backhaul internet-bound traffic through the security of the data center. However, this practice came with its own problems. Mostly, it caused latency in application performance and a poor user experience. In addition, these cloud-based applications caused a huge uplift in bandwidth consumption, causing more stress on the network.
The evolution from network security to cloud security
The legacy network was slowly eroding and traditional network security was becoming ineffective. The network perimeter was gone. Organizations needed a modern security platform to address the challenges of the cloud and mobility. The best answer is a cloud-based solution that decouples security from the network and uses policies that are enforced anywhere apps reside and everywhere users connect.
The legacy “data center as the center of the universe” network and network security architecture is obsolete and has become an inhibitor to the needs of digital business.Gartner, “The Future of Network Security Is in the Cloud,” August 2019
By moving security off the network and into the cloud, you put the full stack of network security engines everywhere your users go. Because security protections are applied consistently, you have the exact same protections in a branch office, at home, or in an airport as you have in the corporate headquarters.
Compared to traditional network security, a cloud-based security solution provides:
- Faster user experience − Users can take the shortest path to the application or internet destination.
- Better security − Security teams can inspect all internet traffic, including SSL, and correlate threat data in real time.
- Reduced costs − Organizations no longer have to buy and maintain multiple network security appliances.
- Simplicity − A solution delivered as a service reduces the complexity of managing multiple devices.
When organizations transition from traditional network security to cloud security, they get fast and secure policy-based access to internally and externally managed applications. Basically, cloud security provides the complete gateway stack—inbound and outbound—delivered as a cloud service.
A cloud-based solution securely connects authorized users to internally managed applications. Users are never on the corporate network, which minimizes the attack surface. Apps are invisible and never exposed to the internet. This means they cannot be discovered or exploited by cybercriminals. In addition, organizations can segment apps without network segmentation, meaning lateral movement throughout the network is impossible. It also allows organizations to easily move internal apps to Azure or AWS, where these private apps are accessible with a cloud-like user experience.
A cloud-based solution securely connects users to externally managed SaaS applications and internet destinations. It should provide full inline content inspection on all ports and protocols, as well as provide native SSL scanning. It should feature integrated security techniques as well as a dynamically computed risk score. Using cloud intelligence, once a threat is identified, it can be blocked for all customers.
See the difference for yourself
Are you still relying on legacy network security? Could your company be safer with cloud security? Take this security preview test to find out how well your company is protected against ransomware and other threats. The test is safe, free, and informative.