Cloud, security, storage, DevOps, artificial intelligence, machine learning, IoT, SD-WAN, and blockchain. Of all of these, which do you think is the least understood, yet possibly most important, to secure enterprises in the future?
It’s really a trick question, because they’re all important, particularly when you’re talking about “true” security. But today we’re going to focus on one of them, what I like to call the Security-Defined Wide Area Network.
You know about software-defined WANs, of course, and how they provide a secure, virtual private network service that addresses enterprise demands for efficient, agile and cost-effective solutions. They enable streamlined provisioning and allow hardware to be updated with new configurations remotely via a centralized management platform.
Enterprises are embracing them for the positive user experience, centralized control and administration, the improved visibility they allow into networks and applications, and for how well they boost performance and provide a superhighway to the cloud.
The software-defined WAN offers the flexibility and adaptability to help drive the future of blockchain, hyperledger, consensus, distributed databases and other distributed ledger technology capabilities.
If we then combine the blockchain hardware root of trust with the software-defined WAN, we can lower transaction costs by speeding up processing times and logging detailed packet-level flow data of every node verification of every transaction. This lowers the prospect of audit and regulatory risk.
That combination is at the heart of our security-defined WAN.
Exactly what does the security-defined WAN entail?
Well, what it needs to provide is end-to-end, mouse-to-mouse security and trust and data integrity. That’s hardly an easy task, because while our security-defined WAN is dependably secure as a circuit – in the router-to-router or switch-to-switch or server-to-server segment – the same can’t be said for the devices on either edge.
True SD-WAN security also means an assurance that the server on the other end is known and is trustworthy. And that there is a notion of “attestation” there, such as a unique identity that can prove the immutability and the provenance of the appliance and resulting data in question. This is equally true in the case of an IoT appliance on the other end, or another user’s PC.
Today, the solutions that provide true mouse-to-mouse encryption, root of trust, or data immutability are few and fleeting, and are really just beginning to be talked about seriously in the security industry. Especially in light of the ever-present need to balance security with usability. You may be able to build a (nearly) perfectly secure system, but the burden it would place on users actually getting their work done would be immense. A workable and practical balance is needed.
A Platform Security Architecture (PSA) that was introduced within the past year addresses a total ecosystem of trusted computing. It encompasses things like machine learning and artificial intelligence, and is helping to shape our perceptions about how this will affect the enterprise.
We’ll get there soon
There are issues to be worked out, such as private blockchains versus public blockchains, but the use cases for a security-defined WAN are starting to materialize.
The ability to deploy these networks rapidly is an ideal fit with a blockchain-enabled network, and their reliability is key, since a successful blockchain transport layer needs low-cost network links that can be counted on to always be available to users.
It is easy to envision using blockchain architecture as a transport layer, with a centralized WAN controller to manage real-time system events and network activity. Since blockchain records transactions with permanent verifiability, and excels at securing and protecting records, this approach could leverage blockchain to manage network and system events.
In fact, hyperledger initiatives are already beginning to evaluate how blockchain can be incorporated as a software-defined (and security-defined) networking component. Since each block in blockchain is a record of a transaction or event, it is important that the entire chain be visible to everyone involved, with every new record verified by every node.
That fits with the fact that software-defined WANs already establish their own blocks, in a way, especially in cases where they measure for latency and congestion to assure optimal user experience.
We are right now in the midst of an evolution from the software-defined WAN to the security-defined WAN. The timeline for that evolution is unclear; it won’t happen tomorrow, but neither will we be waiting for a decade. Rest assured, it’s coming pretty soon.