Think back to the end of 2019. Enterprises were evolving IT infrastructure at a moderate pace to reduce costs, be more competitive, and improve their ability to adapt to an increasingly digitized world. Whether migrating workloads to the cloud, virtualizing network functions, diversifying mobility, or moving applications and services closer to the edge, digital transformation was steadily evolving the business landscape.
Then came COVID, and in less than 12 months, digital transformation went from that steady evolution to an absolute imperative, accelerated by a suddenly remote workforce and realization that the network (especially user access to data, services, and applications) and its security are the lifeblood of business. Conversations in the C-Suite quickly changed in tone, focusing on one crucial question: How quickly can we pivot and securely update or even rebuild our network to provide for future business continuity and remain competitive?
Even as businesses continue to traverse the challenges of the pandemic and remote working, they are building on digital transformation strategies and investments so they can rebound to recovery. According to IDC, investment in digital transformation has been accelerated by the events of the last year, and it will continue to grow at compound annual growth rate (CAGR) of 15.5% from 2020 to 2023, approaching $6.8 trillion.
AT&T Cybersecurity also has seen a significant uptick in and acceleration of enterprises embarking on digital transformation. Typically, these initiatives involve wireless access network (WAN) virtualization (a push to SD-WAN) and cloud migration paired with cybersecurity evolution. And they are being set in motion by both the network and security teams, depending on the organization’s priorities. Regardless of who is leading these initiatives, it’s the leadership of the organization that is pushing for change as they come to terms with the challenges of managing and protecting today’s highly complex networks and the connections that support them.
With data, users, applications, and devices spread across hybrid environments, connecting to the network from hugely diverse locations, managing and controlling access — authentication and authorization — has taken on unprecedented priority and urgency. In the new reality of remote working, for example, employees must be able to access the applications and data needed to perform their jobs. Without that, the business is at a clear disadvantage. However, security teams are struggling not only to control who and what devices have access, but to also consider when, why, and for which purpose. This has brought the conversation about security to the forefront. Gone are the days of security as an afterthought. Today, a security-first mindset is driving the conversation.
Because of this, security approaches like Zero Trust have become mainstream. To this point, a global survey of 1,000 enterprises conducted by AT&T in September 2020 revealed that 95% of enterprises are researching, implementing, or have completed implementation of a Zero Trust initiative in their network.
In addition, as the mobility of the workforce continues to expand, IoT data consumption explodes with edge computing , and the attack surface continues to become more complex. Security leaders will be looking for ways to consolidate security tools and decrease the number of vendors they’re working with. However, they also need complete visibility of their complex environment (still yet-to-be-realized for many), to automate processes and in some cases preemptively orchestrate them using advanced analytics, and to improve response times for known threats and the unforeseen ones that will come with emerging technologies such as 5G and the edge applications it will actualize.
To add an extra layer of complexity, functions across security technologies are starting to overlap. For example, secure web gateways (SWG), cloud access security brokers (CASB), next-generation firewalls, and data loss prevention (DLP) solutions have overlapping functions, which is creating even more friction between security and IT teams. As an example, according to a 2020 survey by Enterprise Strategy Group (ESG), “Transitioning Network and Security Controls to the Cloud”, data loss prevention controls that are available across SWG, CASB, and DLP could result in multiple teams managing the same function in silos, which in turn potentially increases the chance of inconsistent policies or misconfigurations. Half of respondents in the survey cited increased organizational complexity, inefficiency in managing multiple form factors of the same tool, and complexity of investigating alerts as the top negative impacts on the business resulting from the use of disparate tools.
The problem and cost of managing too many tools has always been one of the main drivers to security virtualization, as security and IT teams seek simplification and centralized management. However, today they are asking for even more. They want unified edge-to-edge security and so are seeking WAN capabilities (in particular, SD-WAN) to be combined with appropriate network security functions like CASB, SWG, and firewall-as-a-service, all delivered as a cloud solution that can support their decentralized, digital business. Gartner, among others, has reported on this trend, calling it secure access service edge (SASE). It’s worth stating that depending on the entity, the definition of services included in a SASE-like solution is still being hotly debated. Regardless, the industry is moving in this direction. Key components of the trend to edge-to-edge security with network capabilities include:
- SD-WAN allows a customer to optimize the performance of its business applications by dynamically routing packets between each WAN connection at a site based upon a customer’s pre-selected routing policies, by application type and the performance of each of the WAN connections.
- Secure Web Gateway (SWG) performs internet traffic inspection to both help protect users from malicious sites and enforce acceptable use policies (i.e. blocking sports sites on corporate networks).
- Firewall as a Service (FWaaS) provides the benefits of a next-generation firewall (NGWF) delivered through cloud-based points of presence (POPs). Traffic is routed through these POPs and the centrally managed security policies are enforced on the traffic passing through them.
- Cloud Access Security Broker (CASB) adds a layer of support amid migrations to cloud-based applications like Office 365. It provides full visibility to connected services and security of personally identifiable information (PII) and other sensitive data transferred through the cloud.
- Zero Trust Network Access (ZTNA) is an access management approach that utilizes zero trust concepts based on the premise of verify everything and trust nothing. The enterprise enforces access to information systems and services based on accurate, least privilege and per-request variables and the view that the network is compromised. Therefore, user, device, and action are continuously verified for compliance and only allowed access to specific applications, opposed to offering unrestricted access to the entire corporate network.
In response to the call for these combined services, security and network vendors have begun aggressively building out solutions in the last year — natively or through acquisitions. No single vendor has fully realized the promise of SASE, despite marketing claims. Large incumbent cybersecurity, networking, and virtualization vendors are taking steps through innovation and acquisition to make the SASE market a reality.
Managed service providers (MSPs) and managed security service providers (MSSPs) alike are also increasingly teaming with SD-WAN vendors that offer native security functionality built into their platforms(4). At AT&T Cybersecurity, we are focused on working with best-of-breed providers who offer a “single vendor, multi-use” approach to deliver on the promise of SASE, selecting strategic alliances based on market leadership, maturity, and the roadmap of their respective SASE technology suite.
As the top MSP provider for SD-WAN/NFV services, AT&T has a unique vantage point of what businesses are looking for as they move forward with digital transformation. No matter the purpose, business criticality, scale, complexity, or design of the transformation, enterprises consistently ask for an evolution in security to be a core part of the initiative. In addition to seeking cost reduction and simplification, they want network security that is more resilient and able to adapt as the business embraces innovation, the networks evolve, and the threat landscape changes. The promise of SASE is that it will significantly move the dial on this. It’s not a panacea, but it will certainly give businesses a leg up as they navigate through the challenges of protecting a business today that necessitates security practices that are more granular and dynamic and security controls that are aware of identity, application, and device context. By pairing SASE with other essential security technologies, such as threat detection and response, vulnerability management, relevant threat intelligence, DDoS protection, and more, service providers like AT&T Cybersecurity are better positioned to help protect their customers in today’s complex, highly dynamic and distributed environments, making it safer for businesses to innovate.