The Great Migration of Networking and Security and the Road Ahead

How will the evolution and migration of network and security unfold in the years to come?

March 8, 2023

In this article, John Spiegel, director of strategy at Axis Security, discusses the evolution of networking and security, from the rise of WAN, SaaS, and then SD-WAN to SASE and SSE, along with how the pandemic brought on this technology migration.

In 2018, I visited the end of the Great Migration in the Masai Mara. It was a wonderful experience I got to share with my son. For him, it was his first time traveling overseas, and experiencing the world we live in was amazing. The Great Migration starts in Tanzania in the Serengeti. Over a period of several months, it is estimated that more than 2.5 million animals travel from the dry lands of eastern Africa to the wet plains of Kenya. During the journey, the large animals of the region are subject to a number of difficult challenges. Along the path, roughly 250,000 wildebeest die of thirst, hunger, exhaustion, and, of course, the big cats.  

image3-198x300 image

In 2014, a similar migration started in the IT networking realm. Due to the complexity of delivering applications to the enterprise as a result of the rise of the Cloud, a new form of wide area networking (WAN) was born. 

What Led to the Great Migration in IT Networking?

Driven by the startup community, a great rethink in how to serve up applications residing in the traditional data center, the off-prem on-demand computing, and the rise of Software as a Service (SaaS) drove forward-thinking founders as well as hungry venture capitalists to create a technology called Software Defined WAN or SDWAN as we know it today. 

The sector took off like a rocket. It is estimated that at one point, over 30 startups entered the space. The technology provided the IT leader with a solution to connect to traditional applications residing in private data centers but also on-demand or Cloud delivered applications. This was done seamlessly, removed complexity, and, most critically, on a lower-cost model. Often, companies were able to reduce operational costs by over 60%. The great migration in IT networking was off to an amazing start!!  

But all was not well. Similar to the wildebeests on their journey, both the IT leader and enthusiastic founders ran into trouble. The big cats arrived in the form of legacy network companies looking to protect their market share. The water began to dry up as the venture capital community began to close the spigot of money and, critically, the security of the solution became an issue. As a result, early-stage startups began to fail, innovative SDWAN vendors got purchased, but the traditional vendors and the question of how to insert security into SDWAN needed to be answered better. 

image2-300x200 image

Pushing Networking and Security to the Edge with SASE

In 2019, SDWAN evolved into something new. Gartner provided a new blueprint for networking and security called Secure Access Service Edge (SASE). As the previous set of technologies demanded trade-offs between performance and security, this new concept pushes both networking and security to the edge, closest to the branch, campus, and employee. Utilizing points of presence (PoPs), both network and security treatments would be done quickly and efficiently. 

The problem of how to insert security into SDWAN was now solved. Legacy and startup vendors scrambled to adjust their offerings to make them SASE. All was good for roughly seven months. Then March 2020 hit. The branch of one was born, and attention turned to how to secure the remote worker. A new format emerged, the Security Service Edge or SSE.  

While SSE is an offshoot of SASE, what it does is create a model based on an emerging security strategy called zero trust and leverages it as a foundation for delivering applications.  Using this new model, the employee is never placed directly on the network. Instead, a service broker sits in the middle of the connection, acting as a gatekeeper. 

The result is that the employee is provided with the right level of access to applications. Not too much, not too little. Just right! This is done via a technology called adaptive trust. Adaptive trust queries the employee, their device, and the state of the connection to determine if network and security policies are in alignment. If something changes say the employee’s device shows signs of compromise, the connection can be severed in seconds.  

See More: Why SASE Will Help the New Norm of Working Together

Security, Visibility and Functionality

On top of the foundation of zero trust and adaptive trust, SSE provides additional features such as cloud security protections (CASB), data loss solutions (DLP) as well as internet browsing security (SWG). As layers, these services add additional security and visibility, which in the past was provided by point products from a mix of vendors requiring separate administration functions, specialized training, and perhaps worse, no integration. Thus, the previous mix of security and visibility functions was expensive and often did not see full utilization by the companies who purchased them. 

Conversely, when included as a feature or service of an SSE platform, utility is unlocked. As an example, an employee may access sensitive data and attempt to exfiltrate it. The unified SSE platform will recognize this via the DLP service. It can then signal the CASB to block uploads to, perhaps, Dropbox. The SWG will also participate by watching the activities of the employee as they explore the internet. If the file is detected, the SWG can take action. The best part? All of this is logged and sent to a single data lake.  Analysis can be done in both real-time and post-event.  

So, is SSE the Maasai Mara? Is SSE the endpoint for the migration of networking and security? It is possible.  But what will likely happen is SSE and its brother SASE will continue to evolve. It has only been three and a half years since this new paradigm has been unveiled. The more expected outcome is SSE, and SASE will morph into connectivity as a service. PoPs will be extended across the public clouds (AWS, Azure, Google, and others) as well as reside in private data centers. 

This will create a network and security fabric for applications to run on. Services or features like CASB, DLP, and SWG will be built into the fabric. They will no longer be referred to by their siloed technology name. Instead, they will be just an additional security treatment applied as the application is delivered. For example, CASB will be cloud security controls focused on access rights to SaaS applications and detecting shadow IT. Networking too, will evolve. Instead of SDWAN as the primary mechanism for transport, new emerging services like NaaS, and internet as the WAN will be added to the staple of connectivity choices available.  

The Way Forward with Connectivity-as-as-Service

Recommendations for the IT leader? When embarking on the great migration, ask the hard questions about a vendor’s technology. How has your technology evolved? Is it based on a zero-trust model?  Are services tightly integrated? How many administration UIs are there?  How easy is the service to maintain and administrate?  In terms of architecture, is it built cloud-native?  Do I have a choice in the types of PoPs? Does it support troublesome protocols like VoIP and ICMP?  Do the deep dive.  Evaluate. Do a proof of concept. Don’t accept your vendors’ solution at face value. 

The migration is underway. You want to be at the front of the herd to be first to obtain the water and the green grass and make the journey to the pastures of connectivity-as-a-service successful.  

How are you adapting to the evolution of network and security? Share with us on FacebookOpens a new window , TwitterOpens a new window , and LinkedInOpens a new window . We’d love to know!

Image Source: Shutterstock

MORE ON NETWORK SECURITY

John Spiegel
John Spiegel

Director of Strategy, Axis Security

John Spiegel has 25 years of experience running global networks and managing infrastructure. He is an industry pioneer in software defined networking (SDN) and software defined WANs (SD-WAN). John has spoken on the topic network transformation at industry conferences such as Gartner, InterOp, VMWorld, Palo Alto Networks Ignite as well as executive roundtable discussions. He has also been a customer advisor to companies like VMware, Palo Alto Networks and Cisco Systems. Disruptive startups have also leveraged John’s knowledge to bring products to market resulting in successful exits. When not helping companies on their journey to modernize and secure their networks, John can be found cycling on the backroads of Oregon.
Take me to Community
Do you still have questions? Head over to the Spiceworks Community to find answers.