Enterprises are seeking new ways to extend security across distributed environments that include IoT networks, mobile workforces, and multicloud deployments. Credit: Shutterstock The Covid-19 pandemic drove a wide swath of the economy into work-from-home and hybrid environments, and now many corporations are pushing employees to come back to the office fulltime. In recent ResumeBuilder survey of 1,000 corporate decision makers, 90% of respondents said their company will institute, or already has instituted, return-to-office policies. Many employees are pushing back, however, and arguing that remote work has made them more productive, less stressed out, and better able to balance work-life commitments. In a Cisco survey of 28,000 full-time employees, 78% of respondents said that remote and hybrid work improved their overall well-being. If employers insist on forcing workers back to the office, many say they would rather quit than comply. No matter how the corporate office vs. home office battle plays out, the enterprise edge will never go back to the way it was, and enterprise networking and security teams need to find innovative ways to provide security across IoT networks, mobile workforces, and multicloud deployments. New networking approaches needed One advantage of legacy architectures was that they limited where traffic could come into an enterprise network. As the cloud and SaaS displaced traditional on-premises applications, workers and workloads were distributed across multiple geographic regions. “The vast increase in entry points into the network requires a special kind of innovation, not just point solutions that solve specific problems in the enterprise network, but innovation constituting a rethinking of the enterprise network,” said Ramesh Prabagaran, CEO of Prosimo, a multi-cloud networking startup. Kelly Ahuja, CEO of SASE vendor Versa Networks, also pinpoints the ever-expanding edge as the source of numerous problems. “The importance of delivering a seamless and consistent user-to-application experience over a secure connection from anywhere will be a focus for every cloud-first IT organization,” he said. “Enterprises are aggressively shifting workloads to multiple clouds and adopting SaaS. Employees need access to these workloads from everywhere, but access and tools vary greatly depending on location.” Both Prabagaran and Ahuja point to the traditional OSI stack as an outdated impediment to innovation and say the stack must be reimagined to meet current and evolving threats. “Innovation on the existing network architecture paradigm will require networking, user experience, security, and cost functions to be blended. The seven-layer architecture accompanied by dozens of stakeholders in IT won’t work,” Prabagaran said. “True innovation will be in the stack, and it will be centered around the work done by network architects to harmonize all these demands into a new single network layer for experience, security and connectivity, and cost management. While there’s certainly a place for innovative point solutions, this rethinking is required before AIOps or any innovative networking solution can be deployed.” Ahuja believes that the next wave of enterprise networking innovation will focus on integrating security features into the networking stack, giving enterprises the ability to provide “granular and posture-based access to protect the business.” “The network is not one network – it’s the LAN, WAN, and data center,” Ahuja said. Each of those networks could contain some combination of Ethernet, Wi-Fi, MPLS, wireline broadband, etc. Meanwhile, extending security beyond traditional perimeter protections involves complicated trade-offs that often negatively impact the end-user experience. “Enterprises need a new approach that delivers security built into the network, so protection can happen at every edge (LAN, WAN, cloud), threats are detected and dealt with instantaneously at every edge, and a user/app-aware network can deliver the right experience,” he added. The perimeter is gone forever Startups Airgap Networks and Graphiant argue that networking and security must be more tightly integrated in order to meet modern security challenges. Whether workers are in the office or not is beside the point. The traditional corporate perimeter has been obliterated, and it’s not coming back. “Using the internet for connectivity is the core problem. To fix the business internet, we need to replace the connectivity component with something better,” said Khalid Raza, Graphiant CEO and founder. Raza says networking paradigms that extend the edge but require specialized tunnels for every connection only offer Band-Aid protection against modern threats, and they cannot possibly scale to meet challenges like remote work and IoT. Ritesh Agrawal, CEO of Airgap Networks, agrees that the expanding corporate perimeter shines a spotlight on the deficiencies of traditional architectures. “We will continue to see the boundary of the data center pushed outward towards the end-user environment. This not only includes traditional employees, but even bigger risks such as enterprises granting third-party support personnel access to critical infrastructure,” he said. In certain settings, such as with contract manufacturers, the manufacturer may not own any of the equipment. Their customers own it and require access through the manufacturer’s network, opening a poorly guarded backdoor for attackers. Airgap Networks says the best way to innovate around enterprise networking and security is to apply the tried-and-true network segmentation methods that telcos use to protect their mobile networks to the enterprise LAN and WAN. Graphiant believes that complexity is the Achilles’ heel of enterprise networking. The sprawling edge and ongoing cloud migrations have made enterprise networking hopelessly complex and riddled with vulnerabilities. Graphiant offers a service that looks similar to SD-WAN or SASE, but eliminates complex overlays. Graphiant’s “label-switched network” separates WAN data and control planes and optimizes traffic delivery across its backbone based on policies set by users. The network architecture combines SD-WAN-like cloud-based routing and control with a proprietary metadata protocol. Other SD-WAN and SASE vendors, including Cato Networks, Palo Alto Networks, Versa Networks, and Zscaler, have also been innovating around ways to marry zero-trust security with various SDx services, and they all attempt to tame complexity by integrating more networking and security functions into their services, hoping to create one-stop-shop platforms that allow customers to move away from complicated multi-vendor deployments. What the Okta and MGM breaches teach us Agrawal says the recent Okta breach shows the dangers of networking designs that require complicated tunnel overlays. In the January 2022 attack, hackers from the group LAPSUS$ gained remote access to Okta’s internal systems through a jump server that was used to provide access to a third party, customer-support provider Sitel. From there, the attacker was able to access unencrypted customer credentials. In 2023, Okta suffered another breach, which was eerily similar to the 2022 breach, exposing yet more customer credentials and again causing headaches for Okta customers. Another example of the expanding perimeter undermining security is the recent ransomware attack on MGM Resorts International. Attackers gained access to MGM’s internal networks by impersonating an employee. Via the employee’s LinkedIn account, they were able to trick MGM’s help desk into helping them recover the “lost” credentials of their target. Once inside the network, attackers infected MGM’s systems with ransomware that impacted a range of business-critical systems, forcing the casino to shut down everything from ATMs to casino gaming machines to hotel keycard systems. The attack disrupted MGM operations for at least 10 days. In contrast, Agrawal explained that when ransomware hits a telco network, it quickly hits a dead end because mobile networks are segmented in a way that makes it difficult for malware to spread from device to device. To bring that principle to the enterprise, Airgap has developed a ransomware kill switch which eliminates lateral movement with a single click in the security dashboard. The startup has also recently launched a disposable jump box service, which eliminates the threat of having a single jump server that everyone uses to connect to the central network. How quantum computing and satellite connectivity could help Many networking vendors have started to integrate tools like AI and machine learning into their services to help with routing and policy enforcement. Other vendors are kicking the tires on emerging technologies like quantum cryptography. Karl Horne, vice president of cloud solutions at satellite operator SES, cautions that in much of the world, delivering reliable, business-class connectivity will still be a challenge. “With remote work here to stay, we have seen enterprises hire people located all over the world, and some of them live in rural, semi-urban, or even urban places where network connectivity is not constantly stable,” he said. Horne argues that recent advances in satellite-delivered broadband are pushing it into the mainstream. The importance of Starlink to both Ukraine and Taiwan as they face down hostile neighbors is proving that satellite-based Internet can provide mission-critical connectivity even under harsh battlefield conditions. Horne believes that as satellite Internet develops better interoperability with terrestrial networks, it could well help cement work-from-anywhere in place. “Recent innovations in satellites in the last decade are delivering high-performance connectivity that can easily help extend existing terrestrial networks to ensure more people in remote areas can do their everyday jobs effectively,” he said. Connecting people in remote locations in a safe and secure manner will remain a challenge, even with broad, space-based coverage. But could quantum encryption change that? “Introducing quantum principles into networking is not just an upgrade; it’s a revolution,” said Mike Anderson, chief digital and information officer for Netskope, a SASE provider. Anderson believes the ability to protect all data transmitted over an enterprise network with quantum encryption would be a game-changer. “This isn’t just about speed or efficiency; it’s about reimagining network security and data processing from the ground up,” he said. Quantum encryption would not only redefine data security, but also could open new avenues for digital innovation. “This would make current networks look like dial-up Internet in comparison,” Anderson said. “While we’re still in the early days of quantum computing and networking, the momentum is building. Leading tech firms and research institutions are investing billions into quantum research.” Related content how-to Compressing files using the zip command on Linux The zip command lets you compress files to preserve them or back them up, and you can require a password to extract the contents of a zip file. By Sandra Henry-Stocker May 13, 2024 4 mins Linux news High-bandwidth memory nearly sold out until 2026 While it might be tempting to blame Nvidia for the shortage of HBM, it’s not alone in driving high-performance computing and demand for the memory HPC requires. By Andy Patrizio May 13, 2024 3 mins CPUs and Processors High-Performance Computing Data Center opinion NSA, FBI warn of email spoofing threat Email spoofing is acknowledged by experts as a very credible threat. By Sandra Henry-Stocker May 13, 2024 3 mins Linux how-to Download our SASE and SSE enterprise buyer’s guide From the editors of Network World, this enterprise buyer’s guide helps network and security IT staff understand what Secure Access Service Edge (SASE) and Secure Service Edge) SSE can do for their organizations and how to choose the right solut By Neal Weinberg May 13, 2024 1 min SASE Remote Access Security Network Security PODCASTS VIDEOS RESOURCES EVENTS NEWSLETTERS Newsletter Promo Module Test Description for newsletter promo module. Please enter a valid email address Subscribe