A new framework for network security

The Internet was designed as a massive, distributed network. Because of this, it is naturally resilient, allowing computers, servers, and other devices to connect and route data on an as-needed basis. When a single device (or group of devices) fails or disconnects from the Internet, it typically has a negligible impact on the way the rest of the network functions.

Despite its innate resiliency, the Internet was not built in a way that it could guarantee fast or available connections. It also lacked a framework for security, making it ill-equipped to protect devices from data snooping, malicious activity, and other cyberattacks.

As a result, traditional network infrastructure was patterned after a ‘castle-and-moat’ model, where applications and data were kept in centralised, on-premise data centres (“castles”) that could be defended from external threats with a complex configuration of hardware firewalls, DDoS appliances, and other security devices (“moats”). Authorised users gained access to the castle by way of VPNs, which functioned as the drawbridge that bridged the moat.

The castle-and-moat approach allowed organisations to protect their networks on a basic level, but it was far from perfect. There were several hurdles they had to overcome:

For many enterprises, simplifying and strengthening legacy network infrastructure was a necessary but daunting task — and digital transformation made it even harder.

The cloud brings more flexibility — and more problems

The transformation of the technical landscape has made network security an increasingly arduous task. SaaS and public cloud providers allowed organisations to move their applications and data away from on-premise data centres, while smartphones and other mobile devices enabled employees to increasingly connect to networks from remote locations.

The adoption of cloud-based services helped decentralise on-premise data centres, offering organisations more flexibility and agility than ever before. However, it also meant that sensitive corporate resources no longer resided within a single “castle,” but were spread across multiple locations, making it challenging to establish a unified security perimeter.

Securing this kind of hybrid environment proved more difficult than expected. organisations had to adopt separate security solutions for on-premise and cloud-based applications and data while ensuring that employees could securely and conveniently access network resources from any location.

As a result, organisations were forced to configure and maintain a complex patchwork of single-point security solutions, most of which were not designed to seamlessly integrate. This resulted in a number of additional challenges for security teams:

The castle-and-moat model that once made it relatively simple to configure, secure, and maintain corporate networks is no longer compatible with today’s distributed hybrid and cloud-based environments. This transition was happening already, but 2020 forced a rapid acceleration of this process. Employees are more distributed and remote than ever before and have become accustomed to accessing corporate resources through an array of personal devices. Companies are increasingly recognisingthe necessity of accommodating employees, servers, and applications existing on the Internet instead of in the castle.

A new framework for network security

As old network security models failed to keep up with developing threats and modern-day network architecture increased in complexity, organisations have begun the shift to a new cloud-based security model: Secure Access Service Edge, or ‘SASE.’

First coined by Gartner in 2019, SASE combines software-defined wide-area networking with core network security services — including secure web gateways (SWG), cloud access security brokers (CASB), cloud firewalls (FWaaS), and zero trust network access policies (ZTNA) — and delivers them on the network edge.

Rather than depending on ineffective hardware appliances or patching together siloed security solutions, SASE offers a streamlined approach to network security. It replaces complicated backhauling with the Internet edge, allowing organisations to route, inspect, and secure traffic in a single pass. SASE takes the concept of Zero Trust security – the idea that every user of every application must be constantly authenticated – even further. Coupled with Zero Trust access policies and network-level threat protection, SASE eliminates the need for legacy VPNs, hardware firewalls, and DDoS protection appliances, allowing organisations to consolidate network security services and allowing security teams more visibility into and control over their network security configurations.

In practice, SASE implementation may vary considerably from vendor to vendor and organization to organization. Most SASE solutions, however, share several key advantages over on-premise and hybrid network security configurations:

SASE promises to take network security to the next level: one where siloed network and security services can be merged on a single, cloud-based platform and delivered as a service.

This approach, when implemented correctly, allows enterprises to ensure their corporate networks remain global, distributed, and consistently connected — with no lapse in security or performance.

Cloudflare introduced Cloudflare One to meet the needs of the enterprise today; a comprehensive, cloud-based network-as-a-service solution that replaces a patchwork of appliances and WAN technologies with a single network that provides security, performance, and control through one user interface. Since the network is the common denominator of all applications, by building control into the network Cloudflare One ensures consistent policies whether an application is new or legacy, run on-premise or in the cloud, and delivered from your infrastructure or a multi-tenant SaaS provider. With Cloudflare’s massive global presence, traffic is secured, routed, and filtered over an optimised backbone that uses real-time Internet intelligence to protect against the latest threats and route traffic around bad Internet weather and outages.

To learn more about the latest framework for network security, SASE, get the guide to secure and streamline your network infrastructure.

This article is part of a series on the latest trends and topics impacting today’s technology decision-makers.

Dive deeper on this topic

Learn more about the latest framework for network security, SASE, in this guide on how to secure and streamline your network infrastructure.

Get the guide