MPLS has delivered organisations secure private VPN infrastructure that traditionally requires little to no additional security infrastructure to secure user access and communication in a traditional on-premise office and datacentre design. But with an architecture that has been around for 20 years, built around the principle of “trust” everything inside and “un-trust” everything outside the perimeter of the network, this type of infrastructure design is creating additional challenges for organisations working towards a more fluid infrastructure that incorporates many Internet services.
As we see the increase in remote workers and connectivity needed for multi-cloud initiatives, we also see network traffic patterns changing, forcing the extension of organisations perimeters and provoking a hand-in-hand approach between the network and security teams to review and control access to their critical applications and sensitive data. No longer is it possible to secure with simple perimeter Firewall defences managed by the network team, but, instead, it is important for security teams to offer knowledge and skill into the building of a multi-layered security strategy through Zero Trust Network Access, and, starting from a position of never trust, always verify for every request to access an organisations resources.
To trust nobody, but still deliver critical business resources will require a modern infrastructure and software-defined perimeter of integrated security services that can accommodate a Zero-Trust approach to accessing applications and data both on-premise and in the cloud, all through the varied mix of users and roles, regardless of their location, device, or network.
In a recent report, nearly half of UK IT Professionals surveyed* stated that one of their primary reasons for deploying, or looking to deploy, technologies like SD-WAN as a replacement to MPLS, was to deliver improved branch connectivity to cloud environments to tackle the changing application and network landscape, whilst aiming to deliver security improvements with local next-generation firewalls and central security management for the newly extended perimeters.
Evidence shows SD-WAN is delivering fundamental benefits in the way an organisation can interlink office-based users to the data centre and cloud environments through the latest generation of traffic routing and visibility services. But it would be short-sighted to consider that basic early generation firewall technology was able to deliver the required levels of security required to tackle the increasing threats introduced by the new always-on/always available demands. Instead, as businesses look to make changes to how they connect their users to application services, it is important to consider moving away from the complex and costly point security solutions of today, to a more centralised cloud-native security-as-a-service model like SASE (Secure Access Service Edge).
SASE Incorporates holistic security features with centralised Firewall, Intrusion Prevention, Application gateway and Endpoint detection functionality, allowing businesses to pursue all the original motivations for replacing the WAN infrastructure in the first place.