4 Ways Partners Can Work Security Into Digital Transformation Plans
MSSPs must provide full control, visibility, and automation across the entire network in a cost-effective manner to help customers deal with the impact of digital transformation, Fortinet’s Stephen Tallent said at XChange August 2019.
Solution providers have a golden opportunity to capitalize on the rise in digital technologies by providing customers security around cloud, IoT, SD-WAN and SD-Branch, said Fortinet's Stephen Tallent.
Digital transformation is focused on closing the gap between what digital customers already expect and what analog businesses are actually delivering, according to Tallent, Fortinet's senior director of managed security service providers. Millions of traditional businesses are struggling to compete in a space that favors digitally-native businesses, Tallent said.
In an effort to be more agile and responsive to customer trends, Tallent said businesses of all stripes have added billions and billions of sensors to their networks. But even though new devices are landing in customer networks, Tallent said these businesses don't really understand the impact these new technologies are having on their security.
[Related: Fortinet Rides Large SD-WAN Deals To Q2 Sales Success]
"Cybersecurity needs to change with the times," Tallent said Monday at XChange August 2019, hosted by CRN parent The Channel Co.
In order to deal with the impact of digital transformation, Tallent said organizations must be able to capitalize on full control, visibility, and automation across their entire network in a cost-effective manner. Here are four key ways MSSPs and other security partners can get involved in digital transformation:
1. Cloud
The cloud journey typically starts with virtualization, Tallent said, and from there often expands into securing north-south and east-west traffic by moving into the private cloud. From there, Tallent said businesses typically move into the public cloud for more elasticity and scale.
As customers move toward hybrid and multi-cloud deployments, Tallent said the security becomes more complex and clients need more guidance. For instance, Tallent said Gartner found that 95 percent of security incidents occurring in the cloud are the customer's fault, with 7 percent of Amazon S3 buckets having no password requirements and 35 percent of workloads being unencrypted.
"The customer doesn't know, and you need to guide them," Tallent said.
2. Internet of Things
The Internet of Things has created a parallel network of billions of devices that are gathering and forwarding information at different points to cloud repositories, Tallent said. Roughly 40 percent of the 20 billion IoT devices expected by next year are expected to land in business networks, Tallent said, with cyberattacks against IoT devices increasing by 600 percent over the past several years.
Just 48 percent of businesses said they could even detect an IoT attack, with 62 percent acknowledging that they need to do better around IoT security. And the stakes are high, Tallent said, as adversaries have started writing malware that specifically targets IoT device manufacturers.
IoT security needs to shift from an assumption of trust to zero-trust by applying learning, segmentation, and protection, Tallent said. Given the lack of pervasive and coordinated security capabilities in IoT devices themselves, Tallent said organizations need the network to learn what devices are connected, put the devices into pre-defined categories, and assign policies appropriately.
Proper network segmentation can reduce the impact of IoT devices on the rest of the business, Tallent said, as well as vulnerabilities associated with being in close proximity to other important elements of the company's ecosystem. Commercial analytics and artificial intelligence can also help organizations better predict and mitigate risks as they arise, Tallent said.
3. SD-WAN
SD-WAN is complementary to and intertwined with digital transformation since traditional hub and spoke technology creates a bottleneck by forcing all traffic into a central location, Tallent said.
And while moving workloads into the public cloud can help companies solve core problems, save money, and prioritize business applications, Tallent said plugging multiple internet circuits into a single branch would breach a traditional security apparatus.
Many SD-WAN offerings cobble together six disparate technologies into a package that might be easy to deploy at corporate headquarters, but would be virtually impossible to expand out to thousands of branch locations, Tallent said. Simple, centralized management of the SD-WAN functions is critical to allowing the management, orchestration, maintenance, and deployment to all occur in one location.
Fortinet's fastest-growing MSSP partners are slinging SD-WAN as their lead offering, Tallent said, making it possible for them to play in a space that had traditionally been reserved for carriers.
SD-WAN has been deploying around the majority of Sandra Network's customers, who have been opening to understanding the different layers of security that need to be deployed, according to Sandra Batakis, founder and system engineer at the Peabody, Mass.-based solution provider.
At the same time, Batakis said managing all of the different components without a centralized portal can be extremely challenging, especially since customers of Sandra Networks range in size from two to 500 employees across multiple locations. Streamlining the management process would make things much easier for Batakis.
"I can't survive if I'm not efficient," Batakis said.
4. SD-Branch
SD-WAN looks outbound to the cloud, Tallent said, bringing in multiple circuits and prioritizing multiple applications and data as part of the outward connection. Conversely, Tallent said SD-Branch looks back into the LAN (local area network) using a single managed interface.
All of those connections are plugged into the firewall, which Tallent said it used to manage one point within the network. Having visibility at the network layer reduces the cost of goods sold to customers since devices entering the network are promptly picked up, classified, and have policies applied to them.
Performance and complexity continue to be challenges in borderless environments, but Tallent said digital transformation will continue unabated regardless of if the security team is fully onboard.