Security Experts:

Security is Everywhere. Can Your Services Keep Up?

Today’s networks require flexible services designed to accompany efforts to protect any user accessing any service from any location on any device

Cloud adoption and the rapid transition to remote work have permanently changed how companies do business. And now, as organizations begin to bring employees back to the office using a hybrid work model, organizations have had to deploy highly dynamic and adaptable hybrid networks. These recent changes have resulted in a proliferation of devices and users working from anywhere, which has expanded the digital attack surface and exposed more applications, devices, data, and users to risk. 

Understanding and controlling data, applications, and traffic moving across and between these divergent environments is crucial to maintaining security. But this becomes complicated as hybrid and multi-cloud environments adopt new technologies like zero-trust access (ZTA), zero-trust network access (ZTNA), secure SD-WAN that combine physical, cloud, and endpoint devices into an integrated solution. And it becomes even more complicated when things like identity and access management (IAM) policies and an array of tools designed to protect applications and platforms are added to the mix.

But while the ability to create dynamic environments has rapidly evolved, security services have traditionally failed to keep up. Security services help organizations manage licenses, keep solutions current with the latest product updates and real-time threat intelligence, and ensure their policies and configurations align with critical compliance requirements and regulations. But most security services are still tied to specific silos. As a result, many organizations now struggle to manage the complex array of inflexible siloed offerings with different licensing models they have in place.

License management tends to fall into one of three categories. Device-based licensing is used to support endpoint protection (EPP) and advanced endpoint detection and response (EDR) solutions. Hardware-based licensing is used for physical devices, such as firewalls, IPS, and SD-WAN platforms. And user-based licensing services are the primary solution used to manage cloud-based tools, such as email, identity, and zero-trust network access (ZTNA). But the networks where these solutions are deployed and the users and devices that depend on them are much more fluid. 

In today’s networks, a user, device, or application could be anywhere. This fundamentally changes the networking paradigm from location (Where is a user connecting from? Where is an application located? On what server or in which data center?) to who or what needs to access which resource, regardless of where they might reside. Resource use is fluid and can move between physical, cloud, and end-user edges from moment to moment. Hybrid workers, for example, now need to move between campus and home networks, while applications, data, and workflows can span on-premises and cloud environments. As a result, today’s networks and security architectures are being designed to support distributed resources, cloud-based platforms, and remote workers. But static service models can bring all of that to a standstill.

Today, CISOs struggle to accurately forecast spending for advanced security use cases like ZTNA or SASE because they are a mixture of device-based, appliance-based, and cloud-based licenses. Pricing such solutions can be challenging because traditional licensing models don’t fit. Because they span the traditional services silos, they require custom quotes, making comparisons almost impossible. And the challenges increase when an organization needs to add or reduce security capabilities because budget and needs change due to mixed structures and end dates.

That’s because traditional services models were never designed to support devices and solutions that need to rapidly adapt to shifting business requirements. Inflexible services limit the ability of users, networks, and applications to dynamically adapt to things like shifting connectivity needs, hybrid workers, or applications that may need to move between on-premises data centers and cloud environments. Instead, organizations need services that seamlessly follow users, applications, and data across any environment or form factor. This approach would allow them to build and leverage dynamic environments without the burden of anticipating how many licenses are needed for the different technologies, edges, and solutions in use.

New advanced services need to support various use cases on the fly, regardless of where data, applications, and users are operating—especially as resources move back and forth between physical and virtual environments and form factors. Flexible licensing models and services will not only allow true network flexibility but enable organizations to quickly deploy new technologies designed for highly dynamic networks and distributed solutions, such as ZTNA, SD-WAN, and SASE.

Today’s networks require flexible services designed to accompany efforts to protect any user accessing any service from any location on any device. Unified services need to secure the organization across any network, endpoint, or cloud with simplified consumption and unified licensing models for any use case or form factor. Advanced services designed for the way companies do business will enable organizations to run their business the way they need, enjoying the flexibility such environments provide while knowing that their hybrid networks and users are always secure because their licenses and services can adapt with the network.

view counter
John Maddison is EVP of Products and CMO at Fortinet. He has more than 20 years of experience in the telecommunications, IT Infrastructure, and security industries. Previously he held positions as general manager data center division and senior vice president core technology at Trend Micro. Before that John was senior director of product management at Lucent Technologies. He has lived and worked in Europe, Asia, and the United States. John graduated with a bachelor of telecommunications engineering degree from Plymouth University, United Kingdom.