{"id":9557,"date":"2020-09-03T06:43:09","date_gmt":"2020-09-03T06:43:09","guid":{"rendered":"https:\/\/www.experfy.com\/blog\/?p=9557"},"modified":"2023-11-09T10:22:25","modified_gmt":"2023-11-09T10:22:25","slug":"security-think-tank-security-at-the-distributed-edge","status":"publish","type":"post","link":"https:\/\/www.experfy.com\/blog\/bigdata-cloud\/security-think-tank-security-at-the-distributed-edge\/","title":{"rendered":"Security Think Tank: Security at the Distributed Edge"},"content":{"rendered":"\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t\t
\n\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t\n
That datacentre security is a complex subject is not in doubt, and given the trend to move beyond centralised datacentres to distributed environments, this is not going to change. How can security professionals ensure such setups are just as secure as the traditional centralised model?<\/em><\/h5>\n\n\n
\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t

Traditional\u00a0datacentres<\/a>\u00a0have served business well for a long time. But new business models have evolved by capitalising on emerging technology innovations, and the role of the centralised datacentre is now shrinking as workloads are shifted across distributed environments.<\/p>\n\n\n\n

The emergence of the decentralised software-defined datacentre, multi-hybrid cloud environment and micro-datacentres has stimulated the rapid proliferation of virtualisation, internet of things (IoT), bring your own device (BYOD) and software-as-a-service (SaaS) applications for adoption, and optimisation for cost, performance and scale.<\/p>\n\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t

\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t

The demand for distributed architecture will further intensify as the\u00a0roll-out of 5G networks<\/a>\u00a0will generate an increased volume of data and demand for\u00a0edge computing<\/a>.<\/p>\n\n\n\n

IoT technologies and artificial intelligence (AI)-enabled applications have progressively evolved, resulting in an unprecedented need for workloads to operate at the edge. In today\u2019s hyper-connected world, the size and location of datacentres built for the future will matter more and more.<\/p>\n\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t

\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t

As micro-datacentres become popular,\u00a0fulfilling the demands of decentralised edge computing<\/a>\u00a0provides high bandwidth and intensive content. The ability to address the challenges of last-mile connectivity, reliability, low-latency with redundant paths delivering real time-sensitive applications such as robotics, gaming applications, streaming digital content and autonomous vehicles are best suited and processed in edge datacentres combined with cloud computing.<\/p>\n\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t

\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t

The paradigm of change will invariably require enterprises to rethink the way they architect, design, deploy and manage security networks. They will need to consider strategically aligning organisations\u2019 security posture to the evolving need of their business objectives.<\/p>\n\n\n\n

Organisations will also need to consider managing risk given the exponential growth of the attack surface and the evolving threat landscape. Organisations now have data and applications distributed across multiple locations with distributed datacentres, branch locations, work-from-home requirements and multi-hybrid cloud deployments.<\/p>\n\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t

\n\t\t\t\t
\n\t\t\t\t\t

To deliver effective security in these evolving distributed environments, here are a few foundational security requirements to consider:<\/h2>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t

Secure access service edge<\/a>\u00a0(SASE):<\/strong><\/h3>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t

Existing network technologies and approaches do not provide the security and access control that a distributed architecture requires as organisations demand uninterrupted access to resources that include users, devices, applications, services and data as they are located outside and distributed across environments. SASE is defining a new approach for network security that will shape the way to secure application. Gartner suggests<\/a>: \u201cThe secure access service edge is an emerging offering combining comprehensive WAN capabilities with comprehensive network security functions (such as SWG, CASB, FWaaS and ZTNA) to support the dynamic secure access needs of digital enterprises.\u201d It adds: \u201cSASE capabilities are delivered as a service based on the identity of the entity, real-time context, enterprise security\/ compliance policies, and continuous assessment of risk\/trust throughout the sessions. Identities of entities can be associated with people, groups of people (branch offices), devices, applications, services, IoT systems or edge computing locations.\u201d<\/p>\n\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t

\n\t\t\t\t
\n\t\t\t\t\t

\n

Enforcing least privilege and access control:<\/strong>\u00a0<\/h3>\n<\/h3>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t

Given the exponential growth of the threat landscape and as attacks can trigger both externally and internally, role-based access control provides access to applications based on the user profile and security privileges assigned to the user profile. Implementation of identity access management and privilege access management is an effective means to combat threats in a distributed environment.<\/p>\n\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t

\n\t\t\t\t
\n\t\t\t\t\t

Micro-segmentation<\/a>:<\/strong>\u00a0<\/h3>\n\n<\/h3>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t

In a distributed environment, the cornerstone of a network security strategy is about implementing micro-segmentation across the network to provide consistent security across datacentres at varied locations and hybrid cloud platforms. Micro-segmentation provides granular security across the distributed environment to inspect all traffic, including all applications, threats and content. Micro-segmentation can facilitate support to control traffic flows between every workload and provide visibility to the east-west traffic, and system administrators can create policies that limit network traffic between workloads based on a\u00a0zero-trust<\/a>\u00a0approach to reduce the attack network surface and network. As I wrote in a recent\u00a0ISACA Now blog post,<\/a>\u00a0the goal going forward should be to drive strategic business outcomes by enabling modern security practices through zero trusts, process orchestration and automation, collaboration and threat management.<\/p>\n\n\n\n

Datacentres will still be pertinent in the future, but distributed <\/a>environments will be increasingly important. This affects speed and effectiveness, given the business transformation drivers embracing Industry 4.0 digitisation, workforce transformation, and massive supply chain disruption that are rapidly affecting organisations globally, fuelling a digital revolution that will propel widespread adoption of distributed environments.<\/p>\n\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<\/div>\n\t\t","protected":false},"excerpt":{"rendered":"

Given the trend to move beyond centralised datacentres to distributed environments, how can security professionals ensure such setups are just as secure as the traditional centralised model?<\/p>\n","protected":false},"author":901,"featured_media":9558,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"content-type":"","footnotes":""},"categories":[187],"tags":[127,593,594],"ppma_author":[3867],"class_list":["post-9557","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-bigdata-cloud","tag-cybersecurity","tag-datacentre","tag-distributed-edge"],"authors":[{"term_id":3867,"user_id":901,"is_guest":0,"slug":"anup-kanti-deb","display_name":"Anup Kanti Deb","avatar_url":"https:\/\/www.experfy.com\/blog\/wp-content\/uploads\/2020\/09\/Anup-Kanti-Deb.jpg","user_url":"http:\/\/www.paloaltonetworks.com","last_name":"Kanti Deb","first_name":"Anup","job_title":"","description":"Anup Kanti Deb leads Palo Alto Networks' managed detection response (MDR) practice in APAC and Japan. He is an acknowledged public speaker, and an active writer and blogger, with writings and research papers often published in journals of repute. He specialises in security risk and compliance, and incident response."}],"_links":{"self":[{"href":"https:\/\/www.experfy.com\/blog\/wp-json\/wp\/v2\/posts\/9557","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.experfy.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.experfy.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.experfy.com\/blog\/wp-json\/wp\/v2\/users\/901"}],"replies":[{"embeddable":true,"href":"https:\/\/www.experfy.com\/blog\/wp-json\/wp\/v2\/comments?post=9557"}],"version-history":[{"count":7,"href":"https:\/\/www.experfy.com\/blog\/wp-json\/wp\/v2\/posts\/9557\/revisions"}],"predecessor-version":[{"id":34034,"href":"https:\/\/www.experfy.com\/blog\/wp-json\/wp\/v2\/posts\/9557\/revisions\/34034"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.experfy.com\/blog\/wp-json\/wp\/v2\/media\/9558"}],"wp:attachment":[{"href":"https:\/\/www.experfy.com\/blog\/wp-json\/wp\/v2\/media?parent=9557"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.experfy.com\/blog\/wp-json\/wp\/v2\/categories?post=9557"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.experfy.com\/blog\/wp-json\/wp\/v2\/tags?post=9557"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/www.experfy.com\/blog\/wp-json\/wp\/v2\/ppma_author?post=9557"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}