Enterprises of all sizes are under pressure to maximise the value of their digital transformation initiatives while managing growing cybersecurity threats. It is a perfect storm of rapid operational change and new business risk. The challenge is to support growing cloud adoption and other transformation projects while evolving an enterprise’s security posture.
During the first quarter of 2023, more than six million data records were exposed worldwide through data breaches, according to Statista. Cyber Ventures predicts that ransomware alone will cost its victims around $265 billion annually by 2031, with a new attack taking place every two seconds.
At the same time, 51% of IT spending on application software, infrastructure software, business process services and system infrastructure will have shifted from traditional solutions to the public cloud by 2025, according to Gartner. Almost two-thirds of spending on application software will be directed toward cloud technologies over the same time period.
The pace of change within the enterprise and the scale of the risks that are involved put CIOs and IT teams in a difficult position. They need to deliver digital strategies that support business growth and operational efficiency while protecting their organisations from cyber-attack.
Navigating a Shifting World
- The nature of business and work has changed –The growing adoption of cloud services, remote working, and the distributed nature of modern enterprises not only increases attack surfaces but also emphasises the critical role of network infrastructure. With more endpoints being connected from more places than ever before, robust networking solutions have become essential for safeguarding business operations.
- Conventional security tools have not kept pace – Security tools built for traditional on-premises applications and service no longer match the needs of today’s enterprises. They cannot deliver the reach, flexibility, or visibility that a cloud-centric environment demands.
- Costs of breaches and regulations are increasing – Regulations around data privacy and the growing costs of data breaches put enterprises at financial risk if they do not have robust security solutions in place. The global average cost of a data breach amounted to $4.45 million in 2023, increasing from $4.35 million in the previous year, according to Statista.
Rethinking Network Security
Solving these challenges is an immense task but it starts with the foundation. The journey towards modernising security starts with networking. Networking touches every element of the digital ecosystem and is the common factor across almost all digital transformation projects. No matter what stage of transformation an enterprise is at, the network remains fundamental for defining the user experiences, application performance and security posture.
Networking is the sensible place to start. The changes we are seeing in enterprise operations have to be reflected in enterprise networking and especially their approach to security. It is no longer an option to have an isolated network setting or only rely on a security perimeter like in the on-prem days, where the basic approach was to restrict access to a corporate network and add policy and controls where required.
It is more efficient, effective, and manageable to take an end-to-end zero-trust approach that assumes a breach has occurred. The entire ecosystem of identities, endpoints, data, applications, network, and other infrastructure components are defined by policies that align with the principals of a zero-trust strategy. In this context, networking is far broader than just how an enterprise connects.
Zero Trust in Principle and in Action
- Verify explicitly – Always authenticate and authorise based on all available data points.
- Use least privilege access – Limit user access with Just-In-Time and Just-Enough-Access (JIT/JEA), risk-based adaptive policies, and data protection.
- Assume breach – Minimise blast radius and segment access. Verify end-to-end encryption and use analytics to get visibility, drive threat detection, and improve defences.
Zero-Trust strategies provide a holistic approach to security that supports cloud adoption and multiple layers of defence against attacks. Microsoft Azure’s network security offers cloud native services designed to stop attacks at the network edge. Outer rings of defence start with a web application firewall (Azure Front Door or Web Application Gateway), DDOS protection tuned to an enterprise’s application traffic patterns and virtual network isolation. This can be followed by Azure Firewall, which provides advanced network and application threat protection for Azure Cloud Infrastructure.
An additional inner ring of security can be enabled with network security groups. Network security groups offer distributed inbound and outbound network (Layer 3- Layer 4) traffic filtering on virtual machine, container or subnet. In addition to this, enterprises can restrict access to Azure service resources (PaaS) to only their networks using VNET Injection, Private Link and Service Endpoints.
Securing Hybrid Environments
The outcome is a complex set of solutions delivered within a single ecosystem that mitigate threats to enterprises and enables them to move more workloads to the cloud. Each ring of defence offers one more chance for a threat to be identified and access limited. In the case of an organisation that is still operating with on-prem infrastructure, there opportunities to deploy secure hybrid solutions. They combine the agility and flexibility with the security of on-prem hosting.
There are opportunities to provide a secure connection between on-premise networks and the cloud. For instance, businesses can collaborate with Azure ExpressRoute partners, all without exposing their services to the public internet. ExpressRoute minimises security risks while providing greater reliability, increased speeds, and consistent latencies than users would experience using the public internet. This provides a bridge between on-prem and the cloud without limiting performance or security.
Ultimately, it is about ensuring enterprises are able to securely adopt new solutions, migrate to the cloud and transform their operations with a flexible foundation. Zero-Trust strategies in networking enable transformation to happen faster and more organisations to benefit from the cloud. This becomes even more important as we see the rise of Artificial Intelligences (AI) and vast amounts of data being shared across networks and the risks of data breaches growing.
The era of AI that we’re entering will demonstrate the scalability, flexibility and security in the cloud and show that the players with robust networking strategies will gain competitive advantages. Networking remains fundamental for enabling innovation if it can be delivered securely.
Author: Nicola Gallacher, Cloud Solution Architect, Microsoft