Manufacturers have become increasingly reliant on cloud-based resources, such as Software-as-a-Service (SaaS) applications and data migrating from the data center to multi-cloud environments. This requires a new model for secure network access.
Securing the OT edge with SASE
Rick Peters, CISO for operational technology | Fortinet Inc.
The notion that expanded digital connectivity of IT and OT networks demanding a new approach to security isn’t exactly novel at this point – but as an industry overall, there’s still much to be accomplished to achieve cyber resilience. As the convergence or digital connectivity broadens, the network itself is changing dramatically due to several factors. The recent widespread shift to remote work, along with digital innovation and cloud adoption, have fundamentally transformed the network.
Manufacturers have become increasingly reliant on cloud-based resources, such as Software-as-a-Service (SaaS) applications and data migrating from the data center to multi-cloud environments. This requires a new model for secure network access, one that can address the challenges of implicit trust inherent in legacy network architectures.
What exactly is SASE?
Coined by Gartner in 2019, secure access service edge (SASE, pronounced “sassy”) is an up-and-coming enterprise strategy that marries network security functions with WAN capabilities. The goal of SASE is to support the dynamic, secure access needs of modern organizations. It’s growing quickly; Gartner forecasts that by 2024, 40% of companies will look to adopt SASE.
It’s a service delivered via the cloud that combines network and security functions with WAN capabilities to support the dynamic, secure access needs of hybrid organizations. SASE extends networking and security capabilities beyond where they’re typically available. This enables users to take advantage of firewall as a service (FWaaS), secure web gateway (SWG), zero-trust network access (ZTNA) and a medley of threat detection functions, regardless of the user’s location.
Why SASE’s time has come
Organizations are increasingly depending on cloud-based applications to run their businesses and support distributed workflows on behalf of remote and mobile users. The upshot has been the conventional enterprise network quickly growing beyond the conventional network edge. This has created the need to secure and manage an ever-expanding attack surface.
While network architectures and technology have advanced quickly enough to support the workflows of these remote endpoints, most security tools haven’t been able to keep up. That issue alone makes VPN-only solutions obsolete. For an enterprise to stay competitive, all endpoints must be secured and managed with the same security and networking policies as their on-premises infrastructure, regardless of where they’re located.
All of this was intensified by the pandemic-induced shift to remote and hybrid work models. Though organizations have made significant strides to secure hybrid work models in the past year, much work remains to achieve cyber security resilience. Workforces will probably remain hybrid to some degree long-term, and security must adapt accordingly.
Employees are accessing data and applications from more devices and locations than ever, and this will become a fixture of the working environment for many organizations well beyond the present pandemic. For today’s OT/IT organizations, people are indeed the new perimeter, and SASE enables them to provide secure access for employees, customers and partners across operating environments and use cases. By securing any user, anywhere on the network, a SASE solution can enable that safe access.
And we’ve witnessed clearly in OT, that manufacturing, energy, transportation, and related critical infrastructure are appealing targets to cybercriminals – it’s low-hanging fruit for bad actors. In fact, Fortinet’s State of the OT Report for 2021 found that 9 out of 10 organizations experienced an intrusion in the past year. SASE represents a big step forward, but it’s only part of the journey.
As the world moves progressively out of lockdowns, SASE is likely going to be foundational to securing remote work. And a long-term approach to SASE needs to embrace OT and the incremental risks associated with protecting unique cyber physical assets. Such active risk management strategy must be folded into an enterprise-wide approach to mitigation. The CISO has a significant role to play here, not merely as a technology advisor but as part of an overall security maturity strategy.
With this wider view, SASE is one element of a larger strategy. For effective deployment of SASE, other security elements must in place to enable and extend SASE functionality into physical networks. SD-WAN (software-defined wide area networking) is one such solution example. By combining SASE and SD-WAN, it’s possible to manage, control and monitor connectivity between data centers, branches and edges. To achieve SASE functionality in a hybrid network, it requires an SD-WAN solution residing close to users to deliver efficient networking and effective security.
SASE for the long haul
OT/IT digital transformation and the shift to the cloud necessitate a change in how manufacturing organizations tackle and implement their security practice. SASE, which combines network security functions with WAN capabilities, is the solution manufacturers need now to support their changing, hybrid-environment needs for secure access. SASE is likely to become a crucial aspect of securing remote work, and CISOs can bring their business and technology talents to the table to make SASE part of the larger security design.
About Rick Peters
Rick Peters is the CISO for operational technology, North America for Fortinet Inc., delivering cybersecurity defense solutions and insights for the OT/ICS/SCADA critical infrastructure environments. He is charged with overseeing growth of Fortinet’s penetration into the largest global OT marketspace. That charge entails identifying and partnering to gain traction on existing OT business campaigns as well as targeting emerging customer opportunities. Email: firstname.lastname@example.org
The content & opinions in this article are the author’s and do not necessarily represent the views of ManufacturingTomorrow
This post does not have any comments. Be the first to leave a comment below.
Post A Comment
You must be logged in before you can post a comment. Login now.