- Security TWENTY
- Women in Security Awards
As businesses undergo extensive digital transformation, the ability to share and access data becomes an integral component in informing and enabling strategic decision making and ensuring a productive workforce. At the same time, organisations cannot afford to compromise on security measures to control who can access this resource and under what circumstances, says Yaroslav Rosomakho, pictured, Global Solutions Architect at the cloud firewall and security product company Netskope.
Before the days of remote working and the current web of cloud networks, data was typically housed in a central location; usually servers in a data centre under the watchful eye of the networking teams. Access to this data was granted based on location: those within the premises were to be trusted with access and security teams were able to build a secure perimeter around the company’s data.
With the dispersion of workers through the growth in remote work, there came a need for a data infrastructure that allowed for users to access the network and use embedded SaaS and cloud-based tools. This process, which was already well underway, was rapidly accelerated by the covid-19 pandemic as businesses raced to enable their newly remote workforces.
In this new landscape, businesses no longer have to manage just one central location but hundreds and potentially thousands of access points. This means that security and networking teams must work together more closely than ever.
Historically there has been a fragmented approach to how organisations tackle their network and their security – a divide that has stifled collaboration and hampered performance. Networking’s purpose was providing access in order to achieve optimum productivity. Security, on the other hand, manned the paths that the networks had built, keeping data, users and systems safe from both external and internal threats. While each component delivered a valuable service, keeping the two separate meant that priorities often became misaligned and at worst they could become antagonistic.
Organisations with overly cautious security teams were slow to make the move to cloud, while those expanding their networks began to rapidly lose control of the security process. At this point, moving towards a Secure Access Service Edge architecture (SASE) becomes essential to securing access, without compromising performance. But if it is to be effective, the move to SASE requires networking and security teams to work together as one. These changes are not easy but I have found that following these three principles will give organisations the best chance of success.
Principle one – work to the same standards
With the understanding that both networking and security teams are ultimately working together to support the business, they must work to develop a shared set of metrics that will allow them to assess digital risk, network performance and user experience as one team. By creating a common set of standards across network and security, a blanket review system comes into place that leaves no room for ambiguity. Each strategy taken by one team or the other can be evaluated by this unified set of metrics, and determined if the action meets the standards or fails to deliver for the organisation as a whole.
Principle two – ensure visibility over all data flows
As both teams are concerned by the flow of data, you must ensure complete visibility over all data touch points. Network and security teams can then access the relevant information to create an up to date picture of performance and threats. These can then be acted upon, within the constraints of the agreed metrics, and ultimately ensure that any intervention is rooted in the reality of the businesses’ current processes and activity. With this visibility, businesses can identify potential opportunities for growth whilst simultaneously managing their digital risk.
Principle three – coordinated responses to challenges
With the stability of agreed standards, and the clear picture of the business’ data that SASE allows, businesses have the tools they need to identify emerging risks, and then develop appropriate protective strategies to mitigate them within their organisation’s capacity for risk. This flexibility allows for a combined network and security roadmap that gets ahead of threats in a unified way.
Networking and security teams have experienced significant and fundamental shifts in the way they perform their functions over the past 18 months. The move to SASE can solve many of the challenges thrown up by these changes to working patterns, delivering significant benefits and giving organisations holistic control of their data and networks. However, this promise will only become a reality if organisations can bridge the divide between network and security teams. By following these three principles businesses can create a single unified approach that will give them the capacity to rapidly respond to new threats or business requirements, while removing barriers that might otherwise stall or delay digital transformation projects.
About the author
Yaroslav Rosomakho is a global solutions architect at Netskope, working with CTOs and technical teams to deploy SASE solutions. Yaroslav has over 15 years’ networking experience having worked at Huawei, Forcepoint and Arbor Networks, the security division of NETSCOUT.