By Amit Bareket, CEO and Co-Founder of Perimeter 81
When Kodak completely neglected the rise of digital photography (an idea that Kodak itself invented) and then continued to willfully drive for a revival of technology destined for the dustbin, it became the boilerplate example of what can happen when an organization fails to embrace change and chooses to fight against the current rather than go with the flow.
Trends and new sources for demand force companies to refresh their business models and pivot around new concepts, or slowly perish. This is happening now in security, where providers still get away with offering singular and traditional solutions like firewalls, antivirus software, and VPNs – but not for long. These products do help to ward off a number of the most common attacks, but converging trends have whipped up industry waves almost reminiscent of those that once toppled the giant of film.
Crowding the Cloud
The adoption of cloud technology among companies has been full steam ahead for the last decade or more, and as it becomes our new normal, the security industry must react with new ways to protect data that’s anywhere and everywhere. For a business, ascension to the cloud has been deliberately slow, a department here, a business flow there, so the tide of this sea change has been gradual.
At least, it was until recently. No one wants to harp on the lessons taught by COVID-19, but here we are. Suddenly, organizations with a desire to exist into the next fiscal year find themselves scrambling to grant access to remote employees, and this has meant the rapid adoption of cloud technologies and subsequent creation of a host of new issues that security providers must now respond to.
Overloaded networks on traditional architecture experience high latency, and each new employee connecting to the resources they need to work slows down the connection speed of his or her peers. Performance is small potatoes, though. IT teams are more overwhelmed with the number and variety of different devices and unfamiliar sources of traffic, and security leaders are racing to provide a better solution than what was available just last year.
IT Still Catching Up Cloud-Wise
Many cloud services tied into local environments and available to many remote workers (often from personal Wi-Fi connections with dubious security) create gaps where exposure occurs, even due to small issues such as how they’re configured. A business’s resources may be secure but the wrong box ticked in the admin panel of a cloud-based service is enough to open cracks that need just a bit of pressure to widen into a breach.
Sensitive data is also exchanging more hands faster than ever, during a time when hackers are ramping up their activities to take advantage of the pandemic panic. Under these conditions, orchestrating a stack of traditional security products isn’t enough, even if they can be deployed in a way that secures the network on paper. We don’t live on paper. In reality, the tool sprawl approach creates maintenance issues that the security industry must address alongside classic ideas like threat detection and visibility.
For IT, planning security for in-office infrastructure is simpler, because all employees are always connecting from the same devices, locations, and IP addresses. Very few security “profiles” need to be built, so even with an unwieldy and piecemeal stack of different security tools, smart network access doesn’t need to be scalable. Once network traffic moves from inside the office to outside, however, each remote worker represents a unique threat.
Remote Work Accelerates the Materialization of SASE
Which providers will be the ones to respond best to the future of remote work – the one where the idea of remote network access is fast, secure, and scalable? Surely not those who still offer singular firewall services, or those with a basic VPN solution. None of these solutions alone is enough to defend the network. Funnily enough, the blueprint for a single security product that might do so was created only months before the conditions that would necessitate it.
This security ‘blueprint’ is at the heart of a new industry space race. In fact, the idea is so young that it is prevalent largely among providers rather than the consumers of security, such as in-house IT professionals. Called SASE, or Secure Access Service Edge, Gartner coined this term to describe a unified network security product deployed over the cloud (SaaS), which would change how organizations consume security and refocus it around users.
Imagined as able to integrate directly with all the resources used by any organization, sans hardware, a SASE product will make it stunningly simple for the average IT employee to segment the network and create custom access profiles based on user roles, devices, or locations. At the same time he or she can enforce the use of advanced security features still sold separately, like IPSec tunneling, 2FA, DNS filtering, FWaaS, and CASB, and route employee traffic through secured gateways closest to wherever they choose to work.
The Beacon is Lit
It wasn’t the idea of SASE that signaled the starting gun for the security sector’s space race, it was the rush to support remote workers and the off-hand realization that SASE was a prebuilt solution. The rising trend of remote work has then also paralleled the prevalence of SASE in the market, and significant progress has occurred in the space to bring the horizon closer. In the near future, any enterprise-level company will only need to deploy a single product to secure its local and cloud networks, and the employees connecting to them from couches and cafes around the world.
Mergers and acquisitions are happening at breakneck speed in the security industry right now, and the landscape a year from now will be nearly unrecognizable. Reminiscent of how other industries have seen their products and services consolidated (the evolution of Microsoft’s product suite into Office 365 is a clear example), security is soon to become a matter of simple point, and click.
About the Author
Amit Bareket is the Co-Founder and CEO of Perimeter 81. Amit is a cybersecurity expert with extensive experience in system architecture and software development. He is the author of 8 patents issued by the USPTO for storage, mobile applications, and user interface. Prior to Perimeter 81, Amit worked as a Software Engineer for major enterprises including IBM XIV Storage and BigBand Networks. He served in the Israel Defense Force’s elite cyber intelligence unit and graduated Cum Laude with a B.Sc. in Computer Science and Economics from Tel Aviv University.