Article
8 min

How the Convergence of Networking and Security Can Operationalize Zero Trust

Three key innovations in networking technology are SASE, SSE and SD-WAN. We will provide an overview of each, address the specific pain points they alleviate and discuss how offerings from Cisco can be integrated into your zero-trust strategy.

What's Inside
/

Zero trust requires a mindset change that can only be propelled across the entire organization when all stakeholders — executive leadership, IT teams and users — acknowledge that cyberthreats exist both inside and outside their IT environment and that users, devices and network components cannot be trusted implicitly based on their location within the network. This mindset change leads to the following assumptions, which are foundational for the zero-trust security model: 

  • Assume that any access request for IT resources or assets may be malicious. Organizations need to focus on maintaining a dynamic authorization process that adapts to evolving security challenges.
  • Assume that all devices and infrastructure inside the perimeter can be compromised. Thus, organizations should limit the blast radius with least-privilege access.

4 recommendations for operationalizing zero trust within your organization

Define strategic goals and early wins. IT landscapes are no longer static, and any security architecture modernization should include long-term IT initiatives to maximize return on investment, such as hybrid workplace, cloud services, e-commerce, IoT adoption, bring your own device (BYOD), etc. Since zero trust requires long-term leadership commitment, plan for early wins to maintain momentum.  Early wins in implementing zero trust could include a reduction in the number of security incidents, enhanced visibility and monitoring capabilities, streamlined user access management and improved data protection measures.

Find your own path to zero trust. Zero trust is not a collection of tools; rather, it is a set of principles for security and systems management. There is no defined path that works well for all organizations, as it will differ depending on each organization’s unique landscape. Some organizations may start with segmenting their networks, some with microsegmentation in the data centre, and others with identity and access management. 

Each organization’s journey will differ, shaped by its unique landscape. However, it's essential to recognize the interconnectedness of various zero-trust components. It's important to understand how each element supports and influences the others. This understanding will guide a more effective and coherent adoption of zero-trust principles, ensuring a balanced and strategic approach to enhancing your organization’s security posture.

Remember, zero trust is only as good as the weakest link in its coverage. Organizations should identify critical data, assets, applications and services and all of the network paths that access them. Create and enforce security policies to secure them consistently across the IT environment (LAN, WAN, endpoints, mobile, cloud, etc.). 

Zero trust enables intelligence and real-time threat detection. An important advantage of zero trust is that highly granular data — including authentication data, telemetry from endpoints and network, batch data from applications and more — is available for monitoring and threat detection. Enable security analytics that can consume and correlate all this data for high-fidelity threat detection and prioritization for response. 

3 innovations in networking technology that can help you on the path to zero trust

Implementing zero trust effectively involves investigating and prioritizing key technological areas that align with your organization's specific needs. Three key innovations in networking technology that are pivotal on your journey towards achieving a robust zero-trust environment are SASE, SSE and SD-WAN – not only do they represent the cutting edge in network security, but they also offer tailored solutions to the unique challenges of implementing zero trust. 

We will provide an overview of each, address the specific pain points they alleviate and discuss how offerings from Cisco, in collaboration with CDW's expertise, can be integrated into your zero-trust strategy for a seamless and secure network transformation.

What is SASE?

Secure access service edge (SASE) describes a solution that delivers security and network services for branches and remote networks. The security portion of the solution would typically be cloud delivered and may include features like secure web gateway (SWG), Firewall as a Service (FWaaS) and cloud access security brokers (CASB) while the network portion would be typically software-defined WAN (SD-WAN).

When the SASE definition was created there were few vendors that could offer a complete SASE solution. A typical deployment would involve deploying physical SD-WAN devices from one vendor to deliver centrally managed network services at branch sites and integrating those devices with another vendor’s security solution to provide next-generation security services.

What is the difference between SASE and SSE?

Due to these dual vendor network and security solutions, a new term became popular, security service edge (SSE). This drops the “A” from SASE, which is the SD-WAN component, and describes only the security components of the SASE solution. 

To provide an over-simplified summarization, SSE provides security services, SD-WAN provides network services and SASE combines the two.

How do these technologies work together in your network?

These definitions are extremely broad and cover a wide variety of solutions. The most common requests from customers are for a converged solution for remote branch sites that is secure and easy to manage; in this case a Cisco Meraki MX appliance in combination with Cisco Umbrella would be an ideal solution.

Another common request is to provide security inspection for remote users’ internet traffic and to provide secure access to on-premises or cloud applications. This use case has been especially challenging since the COVID pandemic and the increase in hybrid work. SSE can provide scalable, low-latency, always-on security services to remote users while ensuring continuous verification of user and device health according to zero trust network access (ZTNA) principles.

Customers can rearchitect the SSE components with a few clicks to integrate Cisco's Secure Access solution.

How CDW can help you implement zero-trust technologies

Risk Advisory Services

Our Risk Advisory Services practice is instrumental in cultivating defensible zero-trust architectures. Drawing upon the foundational principles discussed earlier, we leverage frameworks like the NIST Cybersecurity Framework as well as the CIS Critical Security Controls v8 to forge a tailored set of safeguards to protect our customers.

This structured approach begins with a thorough inventory and mapping of your current technology landscape, progressing through detailed analysis and recommendations. 

We meticulously evaluate coverage, capability and effectiveness, ensuring that each tool in your arsenal is optimized for peak performance. Our aim is to eliminate redundancy and pinpoint precise areas for improvement. 

The resulting recommendations feed into a nuanced roadmap, thoughtfully segmented into short-, medium- and long-term goals, and aligned with your organization's resource allocation and investment strategies. 

Ultimately, our Zero Trust Architecture Assessment and Roadmap offer a complete picture, including cost implications, to steer your zero-trust journey with clarity and precision.

Professional Services

CDW offers customized professional services for deployment of Cisco SD-WAN powered by Viptela/IOS XE, Cisco Meraki and Cisco Umbrella. CDW solution architects can work with you to understand the requirements for the solution to build the services tailored to your project. 

Managed Services

CDW’s Managed SD-WAN service allows your business to tap into resources and tooling that will help bring awareness and a sense of comfort to the business. Your IT teams can focus on providing value in other areas and feel confident that CDW is managing your SD-WAN environment. 

CDW, as your trusted advisor, takes the lead role in the management of your SD-WAN devices. Our service management team will lead you through our onboarding process to understand your requirements and goals for managing the network. We remotely and securely use our enterprise-class tools to set up monitoring, patching and configuration for your critical network devices.

CDW’s Cisco Meraki-certified architects, consultants and engineers also provide the day-to-day management so you can focus on business performance, not technology management. 

Your organization can enjoy the benefits of Cisco Meraki Managed Services, including:

  • A CDW hosted & maintained monitoring platform
  • Ensuring uptime with the 24x7x365 support from our National Operations Centre; your network is an always-on utility 
  • Allowing your critical IT resources to focus on the day-to-day business while our team monitors and notifies you of any alerts
  • CDW also offers circuit services for customers to increase resiliency and redundancy for their WAN circuits including all available options for your sites