We predict that in 2017 enterprise network security will shift to the cloud and be offered as a service.
While cloud adoption and consumerization of IT has spread through enterprises, enterprise security has failed to modernize at a similar clip. Network security has relegated the non-orderly traffic to an east-west type format, restraining it to the straitjacket called the network firewall. To support this awkward traffic enforcement, enterprises had to purchase a physical firewall for each LAN they had in place.
In a world where simplification is name of the game, traditional network security has forced complexity that network administrators have come to loathe.
This complexity was not lost on cloud and traffic providers who continuously look for ways to enhance their services portfolio, such as:
- Telcos. As the price of data drops, these vendors are on the lookout for new value-added services to offer their customers. With enterprise traffic flowing through their networks, a natural enhancement would be to add a reliable, scalable and simple service to allow them to secure that enterprise traffic.
- Content Delivery Networks (CDNs). CDN providers have data-intensive traffic flowing through their networks. These vendors are already offering “clean pipes,” where they sift out malicious incoming traffic for their customers, and WAN services that allow them to maximize enterprise network bandwidth. Providing more security services down the stack for incoming and outgoing traffic is a natural technological next step and a potential additional revenue generator.
- IaaS vendors. These vendors already offer Infrastructure-as-a-Service, and adding security makes sense. Just as easy as it is today to turn on a server anywhere around the world, tune its services, and have it in production within a few keyboard strokes, the idea is to also offer network security as a service on these servers. The enforcement of security policies on the traffic simply becomes part of the IaaS tuning.
- Emerging vendors. Startups that have recognized this gap have the agility and nascence that allows them to design and develop the easy, logical, and simplified infrastructure from Day One.
In the past couple of years, these vendors went into play in the enterprise network security field. This upcoming year we’ll see the fruits of their labor as enterprises start adopting these newly offered services. Enterprises will be relieved to consolidate that cumbersome distributed network security burden by redirecting their corporate traffic and allowing the cloud-based network security services to apply and manage the security policies.
What kinds of outcomes can enterprise network teams anticipate following such a move?
- Network security will be commoditized. Just like other services that moved to the cloud decreasing costs for customers, so will network security-as-a-service reduce the overhead cost of purchasing and maintaining multiple physical firewalls.
- The cost of network security will be a factor of the amount of traffic. Billing models of network security services will include the amount of traffic they process. As a result, enterprises will start to look for ways to decrease the amount of traffic to reduce costs.
- Network security providers will start providing visibility into enterprise network traffic. Beyond traffic enforcement, network teams will apply pressure on their service providers to offer traffic visibility. The obvious reason would be to further reduce costs given the above. But other factors will include regulatory and security purposes.
- IT/ Security teams will better collaborate on business policies. With complete visibility of traffic, IT and security teams – typically friction-prone teams (given the falsified notion of the former being the business enabler and the latter the nay-sayer) – can work together to create security policies around business-authorized applications.
- Security teams will be able to perform quicker remediation and forensics. Another key benefit of visibility, shared by the IT teams, is that security teams will be able to receive the precise details of malicious traffic, allowing for easy forensics and cleaning up of that malicious traffic. Not only will this ease up burden of security teams but will also reduce costs as these activities are typically outsourced.