Contact Us

How Cloud Migration Changes Network Security Architectures

Cloud security

According to market research firm International Data Corporation (IDC), 80% of enterprises around the world will be using a multi-cloud strategy by the end of 2022, leveraging a mix of legacy platforms and multiple public and on-premise private clouds to meet digital infrastructure requirements. They may rely on Software as a Service (SaaS) applications and Infrastructure as a Service (IaaS) as well as have their own proprietary apps residing at data centers or in the public cloud.

All these different network configurations highlight the need for enterprise-wide security that spans cloud and on-premise servers and everything in between. What’s more, resources that reside outside the confines of a data center and at “the edge” of a network – where data is processed as close to the originating source as possible – such as those in the cloud, can be particularly vulnerable to cyber threats. In this type of hybrid networking environment, a comprehensive security strategy that protects physical network infrastructure as well as data in transit and stored within the cloud is nothing short of essential.

The SASE Approach

One such solution is SASE. A cloud-delivered security framework, SASE (pronounced “Sassy,” or Secure Access Service Edge) delivers enterprise security for corporate resources (like software applications and customer data) that are no longer located within the protective boundaries of a centralized data center.

SASE combines two components: Software Defined Wide Area Networking (SD-WAN) and the Security Service Edge (SSE). SSE encompasses a Zero Trust model, secure web gateways, Firewall-as-a-Service (FWaaS), quality of service and a cloud access security broker. Collectively, these components provide a holistic and integrated approach to securing the physical network and an enterprise’s cloud-based apps and operations. SASE relies on a centralized security “broker” to effectively execute endpoint access, security, and control measures. Brokering activities are guided by the network’s policy framework, management structure and service level agreements.

No Trusted Devices

The Zero Trust Network Access (ZTNA) approach varies from the common strategy of authenticating a device “inside” the network and deeming it to be trustworthy. Under this scenario and without ZTNA, a network can be vulnerable if a hacker hijacks one of the “trusted” devices inside the network. With “bring your own device” (BYOD) initiatives becoming more prevalent across enterprises, the risk of insider attacks is rising.

Zero Trust models assume that no network access request can be trusted automatically. When Zero Trust is applied to a SASE framework, every network access request is verified before permission is granted, no matter where the request originates. There simply are no trusted devices inside the network. Instead, the security fabric between users and network resources tightens to reduce the attack surface. The result? Significantly decreased risk and heightened security across the entire enterprise network—regardless of how many endpoints or locations there may be.

Security and Control at the Edge

Traditional approaches to cloud-delivered security have involved “hair pinning” all traffic through a corporate data center and back again. Since SASE places security and control in the cloud, hair pinning is no longer necessary, eliminating the delays and poor application performance it causes.

When SASE is coupled with SD-WAN capabilities, network performance improves even further. While it’s not critical for SASE, SD-WAN helps to manage and optimize the traffic going to and from network endpoints, including those at the edge and in the cloud. Through traffic shaping, acceleration, quality of service policies, bandwidth optimization and other technologies, SD-WAN architecture can route traffic intelligently and dynamically – in real time – based on protocols and priority. SASE addresses SD-WAN’s limitations, by pairing SD-WAN’s network optimization capabilities with security deployed in the cloud.

As we continue to see the shift toward hybrid networking environments, it makes sense for enterprises to adopt SASE capabilities today, so they can deploy a security framework that can be expanded and enhanced as their networks evolve.

The Hughes SASE Solution was named an SD-WAN 2022 Product of the Year by INTERNET TELEPHONY. Learn more about Hughes Managed SD-WAN and our Managed Security services.