Securing the Edge in a Hybrid Environment

A year ago, the buzz in cybersecurity was around how to best secure a remote workforce. Today, organizations have to consider how to secure a hybrid environment, with not just a mix of on-premises and cloud-based infrastructure but also with a workforce that is splitting time between the office and a remote site.

“The shift to remote and hybrid work is one of the most important changes to have taken place as a result of the COVID-19 pandemic,” said Rafi Kretchmer, VP of product marketing at Check Point Software, in a formal statement. “Many organizations have had to compromise network performance and protection across their distributed environments because they use multiple different point products, which leads to management complexity and fragmented threat visibility.”

The shift requires a different approach to security. Because the enterprise perimeter has dissolved and applications now reside everywhere, the cloud is defining security solutions, and that means securing the new normal work environment at the edge.

Challenges to Securing the Hybrid Environment

According to Russ Schafer, head of product marketing, Security Platforms at Check Point, the new perimeter, defined by cloud, mobile and remote work, has significant cybersecurity implications for the entire organization. These include:

Complex management: Scaling hardware-dependent remote access infrastructure impedes agility and managing multiple point products leads to higher overhead and inconsistent security policies.
Increased security risk. As users access networks and applications from outside the perimeter firewall, the attack surface expands. “Broad network access increases the risk of lateral movement and can lead to a breach,” Schafer said, as does the need to provide secure access for unmanaged and BYOD devices.
Poor user experience. Routing all internet and cloud-bound traffic to the on-premises data center for security inspection causes congestion, latency and downtime for users.
Fragmented visibility. Disparate solutions make it difficult to gain a single audit trail of all user activity and obfuscate the organization’s true security posture.

Meeting these security challenges requires a unified approach. Organizations must standardize policies and processes as well as share tools across multiple cloud providers and platforms, said Richard Blech, founder and CEO of XSOC Corp.

“The challenge is to architect and plan deployments that use native cloud applications where appropriate, but enhance security to work across all cloud environments to ensure migration and interoperability,” Blech said in an email comment. “Many of the failings resulting in data breaches are due to public cloud configuration errors and human errors. Mitigating those types of errors will go a long way toward securing the edge in a hybrid environment.”

The Right Tools to Secure the Hybrid Edge

Securing on the hybrid edge means enabling location-independent access to enterprise resources, where access is controlled on the basis of extensive user controls. It doesn’t matter if it is a device or a human connecting or what privileges are bound to each identity or device. To protect the edge, especially in a hybrid environment, one of the most efficient and effective tools to meet cybersecurity needs is secure access service edge (SASE).

“The SASE model addresses the limitations of traditional network architectures, converging networking and security into a cloud service,” explained Schafer in an email interview.

SASE is defined as a unified cloud security service that consolidates separate services including secure web gateway, firewall-as-a-service, software-defined perimeter, advanced threat prevention and networking without sacrificing performance.

However, research conducted by Check Point found that while the majority of IT and security professionals are familiar with SASE, adoption has been slow. Fewer than 10% of respondents have adopted the solution and less than one-quarter of respondents said they plan to.

“Many organizations have to compromise on network performance and protection across their distributed environments because they use multiple different point products, which leads to management complexity, fragmented threat visibility and inconsistent security policies,” said Schafer.

“Implementing a SASE framework has many advantages for today’s hybrid organizations, which need to support growing numbers of remote workers flexibly while prioritizing security and threat prevention.”

Avatar photo

Sue Poremba

Sue Poremba is freelance writer based in central Pennsylvania. She's been writing about cybersecurity and technology trends since 2008.

sue-poremba has 271 posts and counting.See all posts by sue-poremba

Secure Coding Practices