Networks Are Becoming Cloud-centric. Network Security Must Adapt.

This post is also available in: 日本語 (Japanese)

Today’s digital journey is long and complex, creating equal parts opportunity and risk for organizations. The recent crisis of the pandemic has fueled more complexity in an already complicated world, and the digital landscape has been no exception. Networks have further expanded into the cloud, and organizations have reinvented themselves even while reacting and responding to new circumstances – and new cyberthreats. One question is top of mind: Where do we go from here? It’s clear that cybersecurity is no longer simply a defense. In a world that’s moving from cloud-ready to cloud-centric, cybersecurity has become a critical component in the foundation of the enterprise.

The physical world and the digital world have never been more interconnected and interdependent. You’ve no doubt seen the evidence – employees moving out of their offices, sensitive data and workloads leaving the friendly confines of the data center, legacy and SaaS applications needing to peacefully coexist, and every “thing” connecting to the Internet of Things. Network security is evolving to meet these challenges, and it’s critical to have the right cybersecurity strategy and partner.

 

Limitations of Legacy Approaches in a Cloud-Centric World

Legacy approaches to securing the network and cloud applications are broken due to several critical limitations:

  • Disjointed, complex SaaS security: Current Cloud-Access Security Brokers (CASB) solutions are complex to deploy and maintain, exist separately from the rest of the security infrastructure, and result in high total cost of ownership (TCO). In addition, they offer subpar security as threats morph and more data and applications reside in a “distributed cloud” that is spread over thousands of SaaS applications, multiple cloud providers and on-premises locations.
  • Reactive security: Legacy network security solutions still rely on a signature-based approach that requires security analysts to hunt down zero-day attacks in retrospect, rather than placing machine learning (ML) inline for realtime prevention. Meanwhile, attackers are using automation and the computing power of the cloud to constantly morph threats. Over the last decade, the numbers of new malware variants have increased from thousands per day to millions per day. In addition, hundreds of thousands of new malicious URLs are created daily, and security based on URL databases must evolve.
  • Lack of holistic identity-based security: The identity of users is no longer confined to on-premises directories. 87% of organizations use or plan to move to a cloud-based directory service to store user identities. Organizations need to configure, maintain and synchronize their network security ecosystem with the multiple identity providers used by an enterprise, which can be time-consuming and resource-intensive. Network security tools don’t apply identity-based security controls consistently, which creates a significant barrier to adopting Zero Trust measures to protect organizations against data breaches. As more people are working from anywhere, they require fast and always-on access to data and applications in the distributed cloud, regardless of location.
  • Trading performance for security: Users are accessing more data-rich applications hosted in the cloud. Performance of network security devices degrades severely when legacy security services and decryption are enabled. That’s why too often in the past, organizations have been forced to choose between performance in order to deliver good user experience or security to keep data and users safe.

 

Where Network Security Will Go From Here

Today’s distributed cloud operates at hyperscale – storing vast amounts of data and applications, and using near-infinite nodes to store that data. Traffic, especially web traffic, flowing between users and this distributed cloud is growing tremendously. The latest numbers from Google show that up to 98% of this traffic is being encrypted. In order to offer agility and flexibility, organizations moving toward this distributed cloud model aspire to become “cloud like,” providing on-demand access to resources and applications at hyperscale.

To meet the new challenges, security teams need cloud-centric network security solutions that:

  • See and control all applications, including thousands of SaaS applications that employees access daily – and the many new ones that keep becoming available at an incredible cloud velocity – using a risk-based approach for prioritization that takes into account data protection and compliance.
  • Stop known and unknown threats, including zero-day web attacks, in near realtime.
  • Enable access for the right users, irrespective of where user identity data is stored – on-premises, in the cloud or a hybrid of both.
  • Offer comprehensive security, including decryption, without compromising performance, allowing security to keep pace with growing numbers of users, devices and applications.
  • Have integrated, inline and simple security controls that are straightforward to set up and operate.

Palo Alto Networks has a 15-year history of delivering best-in-class security. We’re here to help secure the next steps on the digital journey, wherever they take us. Whether you’re a seasoned traveler or just starting out, we can help our customers find a new approach to network security – one that better matches today’s cloud-centric networks. What’s next for us will be revealed soon. Follow us on LinkedIn to be the first to know about our upcoming events.