Today’s Wired and Wireless Networks Require a Zero Trust Approach

computer security picture id533557042
iStock

The digital acceleration that is sweeping across organizations has resulted in millions of new IP-based devices getting connected to the network. And the benefits to productivity, efficiency, and flexibility driven by cloud-based analysis has opened up a whole new landscape that is ripe for attack. Wired and wireless networks need to adapt to this reality by having native features to address security. In the same way that zero trust principles are being applied to how users access applications, organizations need to be able to provide the same zero trust principles to the non-user associated devices.

The zero-trust security model is based on the principle that every device or user is potentially compromised, so every access request must be authorized. When the zero-trust approach is applied to corporate campus networks (Ethernet and Wi-Fi) it often works in concert with network access control (NAC) solutions, which ensure that only devices that should attach to the network do. However, this can lead to complexity. What’s needed in this time of digital acceleration is the integration of NAC functionality into the very fabric of the wired and wireless networking equipmentto restrict what networked devices can access.  

The Challenges of Securing the Network Edge

Onboarding devices and securing the network are often at odds. What’s needed is a quick and easy method for those entering the network, but that isn’t always achievable following security best practices. Network complexity is on the rise, and IT teams must handle large volumes of different types of devices connecting to the network.

Company-owned employee devices can be trusted once they go through rigorous checks, but bring your own device (BYOD) situations require different security and access. IoT is even more challenging, with headless devices that have limited to no security functionality. IoT devices aren't able to log in with a username and password, and they’re notoriously easy to hack and compromise, so it's risky to give them access to the entire network. IT teams need solutions that can set the security posture of each device to the correct level at the time of connection and do it without making the network needlessly complicated.

Effectively Gating Network Access

To ensure the network is well-protected, a NAC solution must be able to scale with functionality that can understand what to do with a wide variety of disparate devices. This is where NAC software solutions traditionally added value. Unfortunately, as NAC providers attempted to cover every situation, it has led to complex solutions that are costly in terms of money and time. A better way to manage complexity is to have basic NAC services baked into the LAN that are simple enough not to add complexity and robust enough to cover the required set of use cases. This sentiment is echoed in a recently published Gartner paper on network security and NAC titled, “Campus Network Security and NAC Are Ripe for Market Disruption” by Andrew Lerner, Nat Smith & John Watts.

To improve agility, organizations should select a solution that takes a security-driven networking approach and implements zero-trust principles to identify and classify all of the devices that seek network access, automatically assign them to zones of control, and continuously monitor them.

Secure Access Everywhere

Networks are constantly changing with new data traffic patterns that create new challenges. At the same time, IoT in the workplace is increasing. More data than ever is moving in multiple directions both within the organization and beyond it in the cloud. Securing users, devices, and data in a rapidly changing environment requires that the network equipment itself be capable of – and tightly integrated with – zero trust, endpoint, and NAC security solutions.

Taking a converged platform approach to networking with cybersecurity can help simplify matters. Implementation is easier if the solutions and products are integrated because that makes them simpler to deploy, configure, and maintain. A cybersecurity mesh platform that includes networking infrastructure elements allows a collection of products to work together, share information, and even take automated actions.

Networks aren't going to become less complex or less critical. Driven by advances in technology and changes in working and business models, the network often is an integral part of an organization's success. Organizations should expect the unexpected by setting up a resilient, secure network that can adapt to the demands placed on it.

Learn more about securing the LAN edge with Fortinet’s security-driven wired and wireless networking products.

Related:

Copyright © 2022 IDG Communications, Inc.