Infrastructure security
Trend 1: SASE framework gains ground over legacy security controls
Software-defined wide-area network adoption is already at speed. By replacing legacy multiprotocol, label-switching, and wide area networks, the SASE framework is transforming security controls to the edge. Our analysts predict that 80% of organizations will become SASE-compliant by 2024. This journey entails shifting to an “as a service” model with the SASE framework to yield better return on investments, robust security, and reduced complexity. The SASE framework also gives CXOs a single-pane view, as all technologies within the framework have full integration.
Earlier, enterprises used to acquire, deploy, configure, and build security controls in their data centers, public cloud, and private cloud within limited predefined data center locations. Thereafter, users had to access these security controls, irrespective of their geographical locations. It required high dependency on the hosted sites of security controls, resulting in network latencies and, in turn, poor user experience.
Security control technology providers are building capabilities to provide SASE security controls by themselves or with partners. They are also committing to road maps to bring them into a single management pane with tighter integration to meet the defined SASE framework. Many enterprises have started choosing SaaS while adopting the latest security controls, such as ZTNA and CASB solutions.
A global energy company wanted to transform its legacy network of multiple on-premises deployments. It wanted to ensure user activity traceability and secure remote site access. The company worked with Infosys to deploy SASE solutions (Zscaler ZIA, ZPA, ZPA PSE) across its global network, which enabled next-generation, perimeter-less security for 25,000+ users and enhanced enterprise-grade security for hybrid cloud and edge.
Infrastructure security
Trend 2: ZTNA becomes mainstream for secure and seamless zero-trust access
ZTNA enforces granular, adaptive, and context-aware policies, leading to secure and seamless zero-trust access to private applications hosted across clouds and corporate data centers, from any location and device. It can be a combination of user identity, user or service location, time of day, type of service, and security posture of the device.
On the assessment of user identity, device identity, and other contextual factors, ZTNA allows “least privilege” access to specific applications rather than exposing the entire underlying network to any user with a valid login key. This reduces the attack surface risks and prevents lateral movement of threats from compromised accounts or devices.
ZTNA acts as a key enabler for SASE solutions, transforming the concept of a security perimeter from static, enterprise data centers to a more dynamic, policy-based, cloud-delivered edge to support the access requirements of the distributed workforce. Businesses should upgrade their legacy VPN solutions to ZTNA, which enables microsegmentation in the network and makes applications secure over the internet. It secures legacy application access, enhances user experience, and optimizes infrastructure and operational costs.
A global consumer products brand wanted to enhance user experience and create a more secure user access system. It transformed its Zscaler SASE solution to enable ZTNA. It introduced SASE and a zero-trust/software-defined perimeter to connect remote users with its corporate network. The company could reduce operational costs, enhance VPN to zero trust, and improve overall security by monitoring additional noncorporate networks.
