The End of the Industrial-Scale Network
One of the concepts gaining credibility in network security today is the idea of the software-defined perimeter. Organizations are beginning to realize that because their users are such a heterogeneous group, it’s no longer viable for them to provision network access using static rules built around firewalls and VPNs. They need to be able to segment their networks dynamically, and to change access rights in line with user identity, device posture and context.
Sounds complicated? Maybe. But in a sense, these organizations are also heading down a well-trodden path – one manufacturers and even retailers have traversed before them.
From Mass Production to Mass Customization
Let me explain. Back when the bicycle and automobile manufacturing industries were in their infancy, customers would purchase their vehicles from local, small-scale producers – mostly manufacturers in France, the UK and the US. Slowly, though, these entities started to consolidate, giving rise to the much bigger, industrial-scale production facilities of the early 20th century.
Ultimately, we ended up with the Ford Model T – an icon of mass production and, famously, a car you could have in any color you wanted “so long as it was black”.
In the 1960s and 1970s, though, significant change occurred. Car makers in Japan developed new manufacturing methodologies that focused on the customer, improved business process efficiency and simplification. Mass customization became possible: you could build to order, but still in the context of industrial-scale production facilities.
Later, the retail industry would go through a similar evolution. In the 1960s, you bought groceries from local markets that offered a personalized service. Over the next three or four decades, these markets would be replaced by supermarkets and hypermarkets, and customers would have to travel to shop – on an industrial scale.
But then the Internet came along, bringing with it online shopping. Now, we order what we want, when we want, and we have favorites and recommendations to make the purchasing process both simpler and more personal. And goods are delivered to our homes at convenient times.
The End of the Industrial-Scale Network
How do we apply this evolution to network security? Well, we’re currently at the tipping point between industrial-scale models and smarter, more user-centric alternatives.
When PCs began to appear in businesses in the 1980s, their security was managed on a case-by-case basis. Over the following couple of decades, this consolidated into an almost universal network security model in which all access was provisioned – and all users were expected to work – in a single, standardized way.
This isn’t effective any more. A connection from a smartphone in an unknown location has wildly different security needs to one from a workstation in your head office. And the large number of user roles in the modern enterprise makes it near impossible to limit access on a needs-only basis.
So, the time is now up for the industrial-scale network and the personalized equivalent is here to take its place. This new network security model focuses on the user, delivering the connectivity they need, directly to their device, in a completely secure way – regardless of the scale and complexity of their organization’s wider IT environment.
It’s facilitated by a software-defined perimeter, which delivers two key advantages: the user only has access to the resources their role requires, provisioned in a way that meets the security needs of their connection, and the organization maintains centralized control over policy, auditing and so on. It’s a kind of access that’s “built to order”, but still in the context of an integrated and efficient enterprise network.
To learn more about using a software-defined perimeter to improve your network security, read our whitepaper, Preventing Cyber Attacks with a Layered Network Security Model.