The future of connectivity is networkless, writes Thomas Quinlan, Director of Transformation Architecture at the cyber company Zscaler, pictured.
As part of their ongoing digital transformation journeys, many organisations are starting to look at changing how they connect people to data and machines. For a long time, the standard way to provide connectivity was simply giving access to a network – to all, equally. But then security got in the way of this – with access limited through the use of policies for applications and managed at the perimeter of the network.
Nowadays, data, applications and people often reside beyond an organisation‘s network infrastructure. This compounds the problem of access as organisations desperately try to untangle all the threads of who needs to connect to what and from where. Adding to the complexity is not only people, but also machines that now need to interact with each other – and those connectivity requirements can’t be dealt with in the same way. As they try to simplify their connectivity infrastructure, many organisations are turning towards a zero trust based framework in their desire to connect people and devices in a secure manner, without having to involve the network to such a degree. Instead, the network becomes an underlying (and almost ignored) layer on top of which organisations define the various forms of connectivity with the help of software.
Rather than giving employees broad network access, a zero trust approach enables organisations to provide secured access over the internet to only the particular applications or things that individuals need. Two categories of access types can be differentiated. The first allows staff to access the general web as well as Software as a Service (SaaS) applications etc. directly through the internet. The second provides access to internal resources hosted in the data centre or public cloud – again using the internet. As the separate corporate network is no longer required (or needed a lot less) for both options, a zero trust model not only serves security, but also connectivity purposes.
Reducing infrastructure complexity
In a bid to further reduce traditional network complexity, many organisations will start closing their data centres, and moving their resources to the public cloud. The rationale behind this is that it is not only easier to administer cloud-based infrastructures, but this model also gives organisations the flexibility to spin their architectures up or down based on business requirements. With SaaS, they pay via a subscription fee and the IT team no longer has to administer updates manually. The same applies for the rack / stack / power in enterprises’ on-premise data centres – once applications have been migrated to the cloud, the service providers take charge of the administration of all the computing resources.
Today most organisations still rely on a lot of appliances for routing their east-west traffic to branches and subsidiaries, but this model will soon become outdated. A move to cloud-based infrastructures with hybrid working models gives staff the freedom to work from everywhere. In hybrid working scenarios, individuals just need a trust broker of some kind to connect them to the applications they require – using identity to enact policy-based access on an application level. In such a vision, the traditional network becomes obsolete.
Future market entrants will adapt to this new way of connectivity much more easily than established brands. As they never had to build up a hardware-based infrastructure to start their business, they will rely on the internet by default. To remain competitive, established organisations will have to follow suit and move away from the network.
Concerns in a post appliance world
For too long, many organisations have approached the complexities of security and networking as just something that has to be dealt with. Network connectivity has served IT teams well for a long time, but it has also had some very negative impacts on organisations, one of which is giving threat actors the ability to spread malware more easily. Despite this, there is still an inertia around moving away from connectivity that is tied to physical infrastructure. A mindset shift has to occur at the leadership level for this to happen – accepting that new cloud-based infrastructures will bring with them ways of connecting that don’t rely on the network. Alongside this, IT security decision makers will have to become comfortable with the concept of not having a physical box tied to the network perimeter for a particular security purpose.
As network and security teams have previously found themselves at odds in terms of priorities, closer collaboration between the two functions is a good starting point to overcome concerns about what security could look like in a post-appliance world and move infrastructures into the future. But part of the solution is also about both groups developing a better understanding of what it means to use identity to determine access rather than just network connectivity. Zero Trust can serve both purposes: security and connectivity. With a cloud-based zero trust platform, not only are applications accessible to users from anywhere, but they are also dark to the internet and therefore cybercriminals.
Outward bound micro tunnels between the individual user and the trust broker, and the trust broker and the relevant application are stitched together by the security platform based on policies and the user identity. That means that only authorised and authenticated users gain access to the required app on a granular level. Due to this zero trust based security mechanism, applications are not exposed to the internet and remain dark to the preying eyes of attackers. Cybercriminals can’t attack what they cannot see on the internet.
The concept of zero trust not only eliminates the previously detrimental effects of network connectivity (lateral movement of bad actors), but has a number of additional positive effects as well. First and foremost, it allows users to work from anywhere and access data and applications securely, no matter where they are hosted. In addition, by enabling a direct access path without having to detour through a corporate network, zero trust can have a positive effect on user experience by reducing latency. (This becomes more likely when connecting to Service Edges that combine compute and local access.) Whether a staff member is working from home or the office, or switching between the two, the user experience (and level of security) remains the same.
AI is to simplify access policies
The one challenge organisations are struggling with is to define access rights and policies. In order to know who is allowed to access what within a corporate infrastructure, insight is required into the application landscape as well as varying user groups and functions in an organisation. A standard corporation with 10.000 users will have possibilities to group their staff according to functions or departments as a starting point. And then the heavy lift will start to make exceptions of what individuals need to access, based on cross functional needs or specific roles within an organisation. It will, however, prove more difficult to paint the picture of the application landscape in use within an organisation.
At this point AI will step in to generate the required business insights as a foundation for policy generation. It is the ability to develop maps of what people connect to and how they use certain software that differentiates an automated process from mere human burden of administration. Based on that insight, AI can be used to generate a first set of policies for human review to speed up the process of Zero Trust based security.
Industry outlook
The future of connectivity will be networkless – how soon just depends on the industry in question. Some organisations are already in a position to move out of the data centre, while others will have to rely on core applications being run internally for a while longer, meaning that there will be hybrid models. One thing all organisations will have in common, however, is being able to recognise the benefit of moving their processes into the cloud.
Whether it is to counter high costs, administrative complexity or lack of flexibility, more and more organisations are developing an appetite for leaving their data centres entirely. Those who have done so will already be experiencing networkless connectivity – and profiting from the secure ease of connecting from anywhere to anything on any device that is really what zero trust is all about.
