cyber trends
that tries to connect to you would be
denied by the operator and wouldn’t be
able to bother you. A similar approach
works for protecting your enterprise
and starts by preventing exposure of
your enterprise’s user/branch traffic or
applications/servers to the Internet. This
approach replaces the castle-and-moat
legacy model with a digital exchange,
somewhat like a sophisticated phone
switchboard. Your applications remain
invisible behind the exchange. Users
connect to the exchange which then
connects them to their applications.
In this model, the user, the offices and
the applications are never exposed to
the Internet. This approach for secure
access to applications will become
widely used in the coming decade.
2. 5G will become your local
area network
Internet connectivity improved so much
in the past decade that enterprises
started to dump their private, expensive
Wide Area Networks (WANs) that
connected various offices to the data
centre. Frederik Janssen, Head of
Global Infrastructure at Siemens, is
a pioneer and a thought leader who
coined the phrase, ‘The Internet is the
new corporate network’ several years
ago. What he meant was that Siemens’
business was being done everywhere –
the office, coffee shops, airports, hotels
– and the Internet had become the de
facto transport for all traffic.
With the widespread use of 5G in the
2020s, local area networks (LANs) will
also disappear. Today, while sitting in
our office, we look for Wi-Fi to access
the Internet, which securely connects us
through routers or firewalls sitting at the
company’s perimeter. But when every PC
or mobile phone is equipped with ultrafast
5G, would you ever connect to Wi-Fi in
your office? No way – you will use direct
5G connections and bypass traditional
routers and firewalls. And, if there is no
WAN or LAN in your control, then there is
no use case for firewalls. The traffic from
your 5G devices will connect the right
people to the right applications – through
a digital services exchange – and this
will deliver faster, more secure and more
reliable access to apps and services.
3. VPNs and firewalls will disappear
There are countless stories about VPNs
being the launch pad for devastating
malware/ransomware attacks. This is
happening because firewalls and VPNs
were built for the network-centric world,
where apps resided solely in the data
centre and a security perimeter around
the ‘castle’ was all you needed. With
so many organisations moving towards
a ‘perimeter-less’ model, traditional
network security based on the castleand-moat
approach, which is how
firewalls fundamentally protect, is no
longer relevant. They give enterprises a
false sense of security. New approaches
are being developed that use business
policy engines to act like the previously
mentioned digital services exchange
to enforce security and provide better
enterprise security.
4. Zero Trust network access
will become the new normal in
enterprise security
Today, to provide a user access to
applications, they are connected to the
so-called trusted corporate network.
Once on the network, the user can
see more than they should. This was
acceptable when you controlled the
network but with the Internet being the
corporate network, putting users on
a network to access applications is
dangerous. If a user machine becomes
infected, the malware can laterally
As more applications
sit in the public cloud
and more offices
use the Internet to
connect to the cloud
or SaaS applications,
the attack surface
is drastically
increasing.
traverse the network and infect
all the servers on the network.
Maersk, a massive shipping
company, faced that issue
about 18 months ago,
highlighting the danger
of putting users and
applications on the same
network. A better approach to
this problem is badly needed.
Many CISOs also manage physical
security, so I like using an office
metaphor to illustrate Zero Trust. If I
am visiting an office, I get stopped at
reception and have my ID checked,
have my appointment confirmed and
a badge issued. I could be directed to
the elevators and told to head up to the
sixth floor for my appointment. But this
rarely happens anymore because I could
simply wander around the company to
do whatever I want, wherever I want. In
contrast, a Zero Trust approach would
have someone escort me directly to the
conference room and take me back to
the front desk after my meeting.
Gartner’s ground-breaking research note
on Zero Trust network access (ZTNA)
states how enterprises should provide
users access to the specific applications
they need; instead of granting access to
a network, ZTNA provides access only to
those applications a user is authorised to
use. This approach provides security for
the world of cloud that’s far better than
trying to create lots of network segments
to create application segmentation. At
a high level, think of ZTNA like this: it
starts with an assumption that you trust
nobody; you can establish a level of trust
based on authentication, device posture
and other factors, but you’ll still only
trust users with the applications they are
specifically authorised to use. Any other
activity would be highly suspicious.
These are not simple incremental
changes; these megashifts will bring
tons of opportunities and challenges to
businesses. Technologies such as cloud,
mobility, IoT and Machine Learning are
upending many large global brands
while giving rise to new businesses at a
pace never seen before. They are also
disrupting large, incumbent technology
providers while creating new giants. u
www.intelligentciso.com | Issue 29
21