You’ve heard it before: The corporate network perimeter has disappeared.
We see this in countless ways.
Organizations are collaborating and conducting digital business globally via hybrid and multicloud, and they’re interacting over social networks. More people and devices are connecting into corporate networks from just about anywhere.
Remote workers accessing information and applications worldwide via mobile devices is just one increasingly common example. Significant digital activity has become a requirement for doing business in the current era.
At the same time, it has widened organizations’ security surface areas and made legacy security boundaries more vulnerable to newer types of cyber-security threats, such as the recent WannaCry ransomware attack.
The blurring of the network perimeter requires a new approach to security. The most effective solution to is to localize security services at the digital edge, where commerce, population centers and digital ecosystems meet, versus the old method of centralizing security services at a single, corporate data center.
The digital edge must be prepared for multicloud application and data flows that service users and things across multiple global networks and cloud services.
In this environment, security can no longer be thought of as a gate, or a wall. It’s now more akin to airport security, with bidirectional domestic and international traffic and various classes of service.
Deploying an Interconnection Oriented Architecture (IOA) strategy is the best way to enforce corporate security in the digital era. It provides a framework for strategically placing networks, security, data and applications at the digital edge.
Locating security services alongside the traffic intersection points of networks, partners and clouds is a major shift from the philosophy of centralizing security services in which most chief security officers (CSO) subscribe.
However, enforcing security controls and extending your security posture to the edge, where most digital business is transacted—allows you to expand, scale and fine-tune your security controls in tune with your digital business.
Not only can you better maintain privacy and data sovereignty requirements, but you can also place latency-sensitive data and services in proximity to multiple clouds and population centers, thereby improving overall performance to all dependent services.
In addition, the strategy helps you gain insights into how cloud and SaaS services are being consumed and enable shadow IT with less risk by applying dynamic and real-time policy controls that govern the use of those services, as well as detect packet-level anomalies.
Finally, the low-latency advantages of implementing security, governance and controls locally can significantly improve the user experience.
You should be.
By following an IOA strategy, you can accomplish these security capabilities with digital edge nodes that act as communications hubs inside the infrastructure they are meant to protect.
A digital edge node is vendor-neutral, which means you can tailor it to support various network, cloud and data capabilities via interconnection solutions such as the Equinix Performance Hub, Cloud Exchange and Data Hub.
Organizations can add security services to the edge nodes to establish edge-based security checkpoints with localized firewall, SSL termination and malware and DDoS protection using a “trust-nothing” security model.
All traffic can be routed to the edge node, where a deep packet inspection zone enables other security services, such as vulnerability scanning, data leakage control and monitoring and logging for analytics.
You can also apply policy management to detect unauthorized activity and catch rogue traffic and user mistakes.
The steps for greater security and control
Equinix has published an IOA Security Blueprint with detailed step-by-step instructions for deploying a secure edge node infrastructure.
The steps involve:
The benefits of deploying security at the digital edge via an IOA strategy include:
Article by Bryson Hopkins, Equinix Blog Network