Alain Penel, Regional Vice President – Middle East, Fortinet explains how organisations can secure the new hybrid work environment.
Shifting workforces from largely on-location to mostly or fully remote changed how companies do business. Even as organisations begin to look at bringing employees back to the office, many plan to maintain a remote or hybrid work model. With this in mind, they must carefully consider how they will secure these new hybrid environments.
Underscoring the need for hybrid environments
Despite widespread cloud adoption, many organisations still rely on their on-premises data centres. However, digital transformation has changed the look and feel of traditional data centres.
Increased cloud usage is changing how organisations use their data centres. With cloud-connected data centres, the enterprise benefits from the cloud’s scalability, control and cost savings. At the same time, it continues to gain value from its on-premises investments, highlighting the importance of hybrid cloud environments.
As organisations move on-premises data centres to public cloud services, they must maintain security and service availability.
Understanding traffic patterns
As organisations build out these hybrid environments, they need visibility into and control over traffic between their on-premises data centres and their cloud environments. Security tools provide some visibility into how data transfers between the data centre and cloud. However, with multiple disconnected point products, gaining complete visibility becomes challenging.
Understanding and controlling data traffic across these divergent environments is a key to managing security. This includes visibility into and security over north-south and east-west traffic.
According to the principle of least privilege, managing access to the data centre and cloud resources means enforcing strict Identity and Access Management (IAM) policies. Organisations must make it a priority to enforce the principle of least privilege within hybrid environments, including user and endpoint access to networks and applications.
Protecting data in these hybrid environments often becomes the driving force behind a corporate decision to adopt zero trust models.
Security for hybrid workforces in hybrid environments fundamentally relies on end user cyber awareness. Although organisations can put risk mitigation controls in place, people are bound to make mistakes, many of which can be costly.
Organisations need to protect data, but they also need tools that enable end users. Because if the security solution is too complex, end users will find a workaround that undermines the security team’s goals.
Strategies for securing hybrid and multi-cloud environments
Traditional methods for securing on-premises data centres lack the nuance that organisations need. Modernising a company’s data centre often means connecting it to one or more cloud service providers, including public and private clouds.
As the organisation looks to modernise its data centre security to meet these new demands, it should consider the following three strategies.
Establish Zero Trust Access (ZTA)
ZTA limits user and device access to networks, ultimately providing additional identity assurance. In addition, ZTNA works to limit user and device access to the applications needed to complete work functions. Combining these two approaches strengthens the company’s security posture.
Most importantly, organisations must do this strategically. To achieve a robust zero trust architecture, companies must consider “the what” as much as “the where.” For example, data centres may sit inside the organisation’s perimeter, but this does not make them secure by default. ZTNA enables organisations to focus on access to the applications that users need, thereby creating this robust zero trust architecture.
Converge security and networking
By taking a security-driven networking approach, organisations can secure both their on-premises data centres and cloud deployments. Security-driven networking brings together SD-WAN, next-generation firewalls (NGFW) and advanced routing capabilities. Embracing the convergence of security and networking removes silos that lead to security weaknesses.
Consider future needs
Connectivity goes beyond application adoption. Security must be considered an extension of connectivity because it should be integrated into every technology decision.
The connectivity that gives employees the ability to work from anywhere means that companies need a security model rooted in connectivity. However, this must be done in a way that makes sense for the organisation’s future business plans. Adopting point products can provide security for a specific use case, however, adopting too many point products lacks the scalability and flexibility needed to secure data centres and the cloud.
A security fabric approach for data centre and cloud
A security fabric approach goes beyond traditional security models. Instead of adopting point solutions that can lead to security gaps, a security fabric approach uses open standards and protocols to integrate all security activities into a single platform. With all security routed to the same platform, organisations can more rapidly detect, investigate and respond to threats. Additionally, if a security fabric approach leverages machine learning (ML), the system can become a self-healing security and networking system that protects devices, data and applications across on-premises data centres and cloud services.
With a holistic approach to security that converges networking and security as part of a security fabric, organisations can help reduce security risk and increase control over their hybrid, multi-cloud environments.
This article was originally published in the August 2021 edition of International Security Journal. Pick up your FREE digital copy here