Today’s wired and wireless networks require a Zero Trust approach
The digital acceleration sweeping through organizations has resulted in millions of new IP devices being connected to the network. And the productivity, efficiency, and flexibility benefits brought about by cloud-based analytics have opened up a whole new landscape ripe for attack. Wired and wireless networks must adapt to this reality by having native features to ensure security. In the same way that zero trust principles are applied to how users access applications, organizations must be able to provide the same zero trust principles to devices not associated with the user.
The zero-trust security model is based on the principle that every device or user is potentially compromised, so every access request must be authorized. When the zero-trust approach is applied to corporate campus networks (Ethernet and Wi-Fi), it often works in concert with network access control (NAC) solutions, which ensure that only devices that need to connect to the network do. However, this can lead to complexity. What is needed in this era of digital acceleration is the embedding of NAC functionality into the very fabric of wired and wireless networking equipment to restrict access by networked devices.
The Challenges of Securing the Network Edge
Device integration and network security are often incompatible. What is needed is a quick and easy method for those entering the network, but that is not always achievable by following security best practices. Network complexity is increasing and IT teams have to manage large volumes of different types of devices connecting to the network.
Company-owned employee devices can be trusted once they’ve gone through rigorous controls, but bring your own device (BYOD) situations require different security and access. The IoT is even more difficult, with headless devices that have limited or no security features. IoT devices can’t log in with a username and password, and they’re notoriously easy to hack and compromise, so giving them access to the entire network is risky. IT teams need solutions that can set each device’s security posture to the correct level at the time of connection and do so without unnecessarily complicating the network.
Efficient Network Access Gating
To ensure the network is well protected, a NAC solution must be able to scale with features that can understand what to do with a wide variety of disparate devices. This is where NAC software solutions traditionally add value. Unfortunately, as NAC vendors have attempted to cover all situations, this has led to complex solutions that cost money and time. A better way to manage complexity is to have basic NAC services built into the LAN that are simple enough not to add complexity and robust enough to cover the required set of use cases. This sentiment is echoed in a recently published Gartner article on network security and NAC titled “Campus Network Security and NAC Are Ripe for Market Disruption” by Andrew Lerner, Nat Smith, and John Watts.
To improve agility, organizations should select a solution that takes a security-first network approach and implements zero-trust principles to identify and classify all devices seeking network access, automatically assign them to control zones and monitor them constantly.
Secure access everywhere
Networks are constantly evolving with new data traffic patterns that create new challenges. At the same time, IoT in the workplace is growing. More data than ever is moving in multiple directions both within the organization and beyond into the cloud. Securing users, devices, and data in a rapidly changing environment requires that the network equipment itself be capable of — and tightly integrated with — zero-trust, endpoint, and NAC security solutions.
Taking a converged platform approach to networking with cybersecurity can help simplify things. Implementation is easier if solutions and products are integrated, as this makes them easier to deploy, configure and maintain. A cybersecurity mesh platform that includes network infrastructure elements allows a set of products to work together, share information, and even take automated action.
Networks are not going to become less complex or less critical. Driven by advances in technology and changes in work and business models, networking is often integral to an organization’s success. Organizations should expect the unexpected by building a resilient and secure network that can adapt to the demands placed on it.
Learn more about securing the LAN edge with Fortinet’s secure wired and wireless networking products.
Copyright © 2022 IDG Communications, Inc.