SD-WAN, SASE architectures facilitate growing need for IOT security

Gerd Altmann, Pixabay.

---

As enterprises tackle new security challenges associated with internet of things (IOT) devices, this has introduced the requirement for a zero trust security framework at the WAN edge. This is according to Scott Raynovich, Chief Analyst at research and analysis community Futuriom.

In the zero trust model, users and devices are never trusted whether the connection is made inside or outside the traditional security perimeter. Zero trust security ensures that the same controls applied to campus or branch networks extend to remote users and IOT devices.

Writing in a blog entry for global SD-WAN leader Silver Peak, Raynovich notes: “As the cloud-first infrastructure that sits at the intersection of networking and security, SD-WAN has demonstrated that it can be the go-to platform for connecting users securely and directly to applications wherever they reside.

“The latest demonstration of its growth potential has been the expansion of cloud-delivered security services that can be integrated with SD-WAN, to create a secure access service edge (SASE). Looking forward, SD-WAN will be tasked with intercepting and securing IOT device traffic to contain emerging threats and prevent lateral movement in the event of a breach.”

Johann Pretorius, Silver Peak Product Manager at Networks Unlimited, the distributor for Silver Peak in sub-Saharan Africa, explains: “The term SASE, which means the secure access service edge, describes the need for the combination of wide area network (WAN) transformation together with security transformation at the edge, to enable enterprises to realise all the benefits of moving applications and workloads to the cloud. SASE involves a certain amount of network transformation. In order to fully enable SASE, basic SD-WAN functionality falls short, and an advanced SD-WAN is required.

“Traditional network and security architectures backhaul cloud-destined traffic to the data centre, which adds latency, and this in turn impairs cloud application performance. Therefore, instead of having traffic go to security, the question was posed: why not have security come to the traffic? This would improve efficiencies and reduce bottlenecks and costs. This is what SASE addresses, both in terms of transforming networking architecture and security architecture.”

Adds Raynovich: “SASE means that SD-WAN can easily extend and integrate security functions for new use cases, including IOT and the remote-access ‘edge’, which can be anything from a remote worker on a laptop to a point of sale (POS) device or a surveillance camera. As the cloud pushes out further to the edge it will become imperative that users and devices can only communicate with destinations consistent with their role and security posture.”

Raynovich says we are seeing an increasing number of IOT devices that require secure connectivity, from traffic lights to a robot on the factory floor, for example. And, at the same time that the number of IOT devices is exploding, the mobility of the workforce is expanding, using a number of different devices to connect to enterprise networks from almost any location. This has therefore dramatically increased the attack surface.

He clarifies: “Legacy network and security architectures were never designed to address this complex mix of users, devices and locations, because they were tied to inflexible networks that were nailed into specific devices or locations by perimeter-based security architectures. Conversely, SD-WAN and SASE use a software approach to help managers build agile network services that are spun up on demand.”

Pretorius concludes: “Additionally, SD-WAN offers an ability to rapidly integrate new security features, such as zero trust authentication and encryption. As the demand for flexible security tools for IOT and remote access increases, SD-WAN will continue to evolve to become the preferred platform to manage these new functions and capabilities.”