Blog · 12 Mar 2021

Why today’s networks need embedded security

Organisations need to bring security controls closer to the edge of their networks to stay secure.

Natalie Walker
Senior Manager, Managed Security Services, BT

Today’s enterprise perimeter is dynamic, and there’s a real danger that this means companies are losing critical security visibility and control.

As organisations move from a traditional WAN infrastructure into a hybrid WAN or a cloud- and mobile-first model, the number of breakout points to the internet spirals upwards. Securing this type of infrastructure gets increasingly complex. Suddenly, companies don’t just have to worry about their own networks, they have to try and protect countless interfaces with public and private cloud, and different mixes of connectivity, locations and devices for both inbound and outbound traffic.

And it’s not going to get any easier. As edge computing becomes more widespread, direct internet breakout points are only going to increase. Fuelled by the big shift to remote working, the continued adoption of cloud technology and the introduction of IoT and 5G devices, edge computing will make staying secure even more of a challenge.

Moving security controls closer to where they’re needed

The traditional approach - putting a firewall on every breakout point - just isn’t practical. It would be prohibitively expensive and extremely difficult to deliver and manage. Instead, organisations need to recognise that an increasingly dynamic perimeter means security architectures need to change.

The ultimate solution is to move security controls closer to where they’re needed – whether that’s to users, devices, branches, applications or services – while maintaining centralised control of your overall security posture. And this is what Gartner’s concept of Secure Access Service Edge (SASE) achieves, by bringing all the security and networking tools you need into a single, cloud-delivered service model. I think it’s important, though, to see SASE as a journey, rather than a product you do or don’t have. You can add solutions to your network that gradually move you towards a SASE stance, while not having to throw out all your existing security solutions.

Embedded security is part of the SASE journey

Many organisations are moving towards SASE by adding in a managed service to embed security into their network. Instead of going to the expense of buying dedicated security controls for themselves, they’re looking to work with suppliers that can offer products with built in security controls or can provide a slice of a multi-tenanted device. This approach means they don’t have to find the resources to monitor and manage the security equipment and there are no upfront equipment costs, which is budget friendly.

I’m finding a lot of customers are looking at this embedded security approach to help them support their many employees who are accessing corporate applications and data from home. They like the fact that it can scale beyond the capabilities of VPNs, which often have problems with availability and performance when used at scale.

A new approach to embedded security

We’ve taken on board everything our customers have told us when creating our new embedded security solution. We’ve placed equipment at key points across our network, moving security controls closer to where people are connecting so we can secure your edge-facing network.

It means we can provide a streamlined approach to security that addresses multiple breakout points in a cost-effective way. Your organisation gets an easily repeatable, consistent solution across your estate that’s quick to spin up, with an OpEx-based pricing model that keeps costs down. You can add it to your existing network connectivity, whether that’s with us or another provider. Either way, we’ll manage everything for you. 

To find out more about how our embedded security solution can support your organisation’s digital transformation, please get in touch with your account manager.