By Simon Pamplin, Chief Technologist WAN Edge EMEA at Aruba, a Hewlett Packard Enterprise company
Over the past year, we have witnessed a significant shift in organizations’ technology priorities as digital transformation continues to leap ahead with a greater proportion of business processes, applications, and data, now moving to the cloud. Nowhere is this truer than in the finance sector, where business models have shifted, distributed workforces are the new norm, and institutions look for new ways to serve the digital demands of their consumers. Online-only banking, AI, and payment innovations such as mobile and contactless payments, mobile wallets, and identity verification technologies (to name a few) are hot ticket items on the business agenda.
Despite COVID-19’s financial impact, IT leaders across every sector are planning to increase investment in cloud-based networking to meet new customer and organizational demands. But to achieve the full promise of cloud and digital transformation, financial enterprises must transform not just their networking, but also their security architectures. An emerging approach known as Secure Access Service Edge (SASE) is moving organizations in this new direction, wherein networking and security functions are becoming increasingly integrated.
The term, which first appeared in Gartner’s “The Future of Network Security in the Cloud” report, promises to support the dynamic secure access needs of modern, digital enterprises. This has quickly spurred industry interest with Gartner also forecasting that at least 40 per cent of enterprises “will have explicit strategies to adopt SASE” by 2024, up from less than one per cent in 2018. So how might finance organizations go about targeting a SASE approach, and what other technologies and frameworks need to be considered?
Leveraging SD-WAN towards SASE adoption
It is worth noting that SASE is not a standalone technology, but rather it provides organizations across the finance and banking sector with the capability to bring together security and networking functions into a single, cloud-centric security service architecture. However, SD-WAN also has a role to play here, acting as an enabler within a SASE framework. An SD-WAN that is SASE-enabled automatically identifies unique users and applications and applies policy-based security to deliver secure access no matter where they are located; a fundamental requirement in ensuring advanced security in a digital-first financial world.
Just as software-defined networking (SD-WAN) is transforming network infrastructure with uninterrupted connectivity and simplified workflows, SASE takes this a step further by placing cloud-native security services at the network edge – closer to end users and the data they generate. This means that SASE also eliminates the need to backhaul network traffic towards centralised data centres, as more and more applications now live in “centres of data” in the cloud. By leveraging SD-WAN as part of their SASE adoption, finance organizations can:
- Automatically identify, classify, and steer applications intelligently
- Transform their security model at their own pace
- Apply consistent, network-wide security policies
- Prevent application security and performance trade-offs
- Improve application response time
- Maximize WAN bandwidth utilization
Expanding technology alliances where SD-WAN orchestration capabilities are converged with best-of-breed cloud security solutions, will drive the SASE market even further, and it is expected to grow at a compound annual growth rate of 116 per cent, attaining a global market value of US$5.1 billion by 2024.
SASE’s and SD-WAN’s role in boosting Zero Trust security
Of course, SASE is not to be confused with Zero Trust, which is another term that is being widely used in the network security world. Within a Zero Trust Network Access (ZTNA) framework, all access requests must be authenticated, authorized, and encrypted, whether the connection is made inside or outside the traditional security perimeter.
Zero Trust is much discussed, but not without its limitations. A standard ZTNA approach is agent-based, and the agentless nature of IoT devices means these security controls can’t extend to these devices. However, a policy maker and intelligent SD-WAN solution at the network edge can identify data without an agent, filling in this inherent weakness within the standard ZTNA approach. In this way, Zero Trust can be fed the data it needs to ensure that the same controls applied to campus or branch networks also extend to home or remote users, as well as IoT devices.
However, perimeter-centric network security of the past was not designed for today’s mobile workforce or deluge of emerging IoT devices – it simply isn’t sophisticated enough to handle the volume and variety of devices being thrown at it. The combination of SASE, Zero Trust and intelligent SD-WAN at the edge can deliver an extremely granular and consistent level of access control. This gives security teams a single control point with end-to-end visibility and enforcement to accommodate an ever-changing, diverse set of users and devices across the entire network or at any environment.
For this reason, Zero Trust will become a critical component of SASE’s integrated security stack with this decentralization of enterprise security perimeter.
A SASE-empowered finance business in the hybrid work era
As in every other sector, finance and banking organizations have had to manage the shift to remote working over the last year – and now they face managing the opposite as restrictions lift and we edge ever closer to a new normal. Against this backdrop it is no surprize that SASE is proving to be both appealing and certainly relevant at a time when traditional work models are being reimagined and pivoting towards hybrid workplaces. As CIOs and IT leaders are tasked with designing a cloud-first and future-ready security architecture, SASE should serve as the starting point for how networking and security can work together seamlessly against emerging and persistent threats targeting previously “trusted” parts of the network infrastructure.
As applications and data move rapidly to the cloud, security controls must follow. The sensitive nature of financial data makes it extremely attractive to opportunistic cybercriminals. For new working models and technologies to become a success it’s important that financial businesses and banks gain the trust of their customers. The best first step to achieving customer confidence is to ensure people know that their bank’s systems are secure, and so too is their data. This is why an agile and flexible approach to an ever-evolving network security will become even more important in the competitive financial business landscape.