The corporate workplace is changing and so, too, will the legacy corporate network. Jay Chaudhry, CEO, Chairman and Founder at Zscaler, explains what the changes will be in the way we all connect.
The walls of the corporate workplace will become fluid for enterprises over this decade. This will be a movement driven by the way you want to work and the birth of the fully Internet-driven workplace; put another way, it’s the death of the legacy corporate network which naturally means the death of traditional network security. It’s a dramatic improvement that will restyle the way we all connect, rewrite how IT leaders help you access work and reshape entire technology markets where legacy infrastructure companies will struggle.
This movement will drive jobs closer to workers’ lives as part of a monumental reckoning with connectivity, mobility, cloud and the way we all want to work. Mobility, BYOD, or whatever you may call it, may be commonplace in Silicon Valley, large cosmopolitan cities and some verticals like high tech but outside of these fairly early adopters, it is not mainstream. We do already see this happening, though, in pockets. However, the 5G era is going to dramatically speed the adoption of this new way of working and that will, in turn, speed the demise of the traditional corporate network.
The fallout from this change in the way we work will be extreme. Here are four of my predictions for the 2020 decade.
- Enterprises will finally eliminate the Internet attack surface
Any time you connect to the Internet, there is an IP address to connect you, often through a firewall. A firewall is like a door that protects a house or a castle. Every firewall with an Internet-facing IP address is an attack surface that creates significant business risk. New approaches and technologies will evolve this decade to mitigate this risk.
As more applications sit in the public cloud and more offices use the Internet to connect to the cloud or SaaS applications, the attack surface is drastically increasing. As you connect 100x more applications, data, devices and people to the Internet, what happens to the attack surface? It increases 100-fold.
Think of it this way. If you want 100 friends to be able to reach you, you can publish your phone number on a website. Now they can call you but so can robocallers. This is precisely what happens when you publish applications on a public cloud and use the Internet to reach them. Your users can access them but so can a million hackers who can discover vulnerabilities or launch a DDoS attack.
How do you solve it? Suppose you hired a phone operator and gave him the names of your 100 friends. Your friends would be able to quickly reach you when they call the operator but a robocaller that tries to connect to you would be denied by the operator and wouldn’t be able to bother you. A similar approach works for protecting your enterprise and starts by preventing exposure of your enterprises’ user/branch traffic or applications/servers to the Internet. This approach replaces the castle-and-moat legacy model with a digital exchange, somewhat like a sophisticated phone switchboard. Your applications remain invisible behind the exchange. Users connect to the exchange which then connects them to their applications. In this model, the user, the offices and the applications are never exposed to the Internet. This approach for secure access to applications will become widely used in the coming decade.
- 5G will become your local area network.
Internet connectivity improved so much in the past decade that enterprises started to dump their private, expensive Wide Area Networks (WANs) that connected various offices to the data centre. Frederik Janssen, Head of Global Infrastructure at Siemens, is a pioneer and a thought leader who coined the phrase, ‘The Internet is the new corporate network’ several years ago. What he meant was that Siemens’ business was being done everywhere – the office, coffee shops, airports, hotels – and the Internet had become the de facto transport for all traffic.
With the widespread use of 5G in the 2020s, local area networks (LANs) will also disappear. Today, while sitting in our office, we look for Wi-Fi to access the Internet, which securely connects us through routers or firewalls sitting at the company’s perimeter. But when every PC or mobile phone is equipped with ultrafast 5G, would you ever connect to Wi-Fi in your office? No way – you will use direct 5G connections and bypass traditional routers and firewalls. And, if there is no WAN or LAN in your control, then there is no use case for firewalls. The traffic from your 5G devices will connect the right people to the right applications – through a digital services exchange – and this will deliver faster, more secure and more reliable access to apps and services.
- VPNs and firewalls will disappear
There are countless stories about VPNs being the launch pad for devastating malware/ransomware attacks. This is happening because firewalls and VPNs were built for the network-centric world, where apps resided solely in the data centre and a security perimeter around the ‘castle’ was all you needed. With so many organisations moving toward a ‘perimeter-less’ model, traditional network security based on the castle-and-moat approach, which is how firewalls fundamentally protect, is no longer relevant. They give enterprises a false sense of security. New approaches are being developed that use business policy engines to act like the previously mentioned digital services exchange to enforce security and provide better enterprise security.
- Zero trust network access will become the new normal in enterprise security
Today, to provide a user access to applications, they are connected to the so-called trusted corporate network. Once on the network, the user can see more than they should. This was acceptable when you controlled the network but with the Internet being the corporate network, putting users on a network to access applications is dangerous. If a user machine becomes infected, the malware can laterally traverse the network and infect all the servers on the network. Maersk, a massive shipping company, faced that issue about 18 months ago, highlighting the danger of putting users and applications on the same network. A better approach to this problem is badly needed.
Many CISOs also manage physical security, so I like using an office metaphor to illustrate zero trust. If I am visiting an office, I get stopped at reception and checks my ID, confirms my appointment and issues me a badge. They could direct me to the elevators and tell me to head up to the sixth floor for my appointment. But this rarely happens anymore because I could simply wander around the company to do whatever I want, wherever I want. In contrast, a zero trust approach would have someone escort me directly to the conference room and take me back to the front desk after my meeting.
Gartner’s ground-breaking research note on zero trust network access (ZTNA) states how enterprises should provide users access to the specific applications they need; instead of granting access to a network, ZTNA provides access only to those applications a user is authorised to use. This approach provides security for the world of cloud that’s far better than trying to create lots of network segments to create application segmentation.
At a high level, think of ZTNA like this: It starts with an assumption that you trust nobody; you can establish a level of trust based on authentication, device posture and other factors but you’ll still only trust users with the applications they are specifically authorised to use. Any other activity would be highly suspicious.
These are not simple incremental changes; these megashifts will bring tons of opportunities and challenges to businesses. Technologies such as cloud, mobility, IoT, and Machine Learning are upending many large global brands while giving rise to new businesses at a pace never seen before. They are also disrupting large, incumbent technology providers while creating new giants.