The WAN Under Siege
WAN managers say they’re adopting zero trust security and using multiple infrastructure security vendors in response to the latest threats against the modern wide area network.
By Greg Bryan, Senior Manager, Enterprise Research, TeleGeography
Network security is a growing priority for corporate leaders.
And for good reason. The number of organizations impacted by ransomware attacks more than doubled from 2020 to 2021, with healthcare the most affected industry, according to a report from network security firm Checkpoint.
As corporate networks integrate internet and cloud applications and change shape, weaknesses in the traditional network security model have become more glaring. It’s this ongoing threat that underlies current attempts to modernize and strengthen enterprise network infrastructure security.
TeleGeography’s WAN Manager Survey focuses on IT managers whose day-to-day role covers designing, sourcing, and managing U.S. national, regional, and global corporate wide area computer networks. It’s through conversations with these professionals that we’ve gotten a glimpse into how technology professionals are meeting the security demands of the 21st century.
Our latest survey effort shows that one in three survey respondents reported a cyber security attack in the past 12 months at their company. Of those:
- DDoS attacks accounted for 40% of respondents’ cyber security incidents.
- Another 27% said it was caused by compromised credentials or weak passwords.
- Other reported sources included compromised applications, ransomware, and vendor vulnerabilities.
Putting Trust in Zero Trust
This brings us to zero trust security (ZTS).
ZTS encourages network security professionals to think differently about how they set up and secure their networks. It was a big part of our conversations with WAN managers during our latest survey effort.
First, some background. ZTS entails:
- Verifying users with more than one method.
- Simplifying how many passwords people need to keep track of.
- Restricting access based on identity so people only can access what they need.
- Segmenting the network to prevent horizontal movement across the organization by bad actors.
Positioning network security around aggressive user and device verification isn’t a new idea, but ZTS is more relevant than ever.
Granted, secure access service edge (SASE) has also entered the security conversation as a framework for combining SD-WAN-enabled internet networking with cloud-based network security to facilitate BYOD, work-from-anywhere set-ups. But no matter how you slice it, research shows that WAN managers understand the urgency and are trying to update their IT security regimes.
One WAN manager at a technology company mentioned that their network and security team are working on revamping their systems along ZTS pillars and are “taking a 10-15 year old paradigm and making a 2021 philosophy.”
But what does this look like in practice?
We asked WAN managers how far along they were in implementing ZTS or SASE security policies on their network. Implementation of one or more elements of ZTS or SASE jumped from just 8% in 2019 to 35% in 2021, a significant increase in just two years. In a somewhat connected discovery, we found a narrowing of the knowledge gap. Only 8% of respondents were unfamiliar with ZTS in 2021 compared to one in five in 2019.
Overall, we saw a shift down the deployment pipeline, with reductions in the percentage of respondents who either had not started, or were just beginning their implementation journey.
We also asked respondents who were in some stage of adopting ZTS what policies they were implementing or had already implemented on their network. We found that multi-factor authentication (MFA) and single-sign on (SSO) were the most widely implemented. Nearly 100% of respondents who had adopted ZTS had MFA in place.
Remote user and device access policies were implemented by almost 70% of respondents.
Privileged access management, or the restricting of access to certain data based on user profile, was implemented by 62% of respondents.
Just under half of respondents had implemented policies to treat foreign networks/devices as hostile. One-third of respondents had some sort of user behavior analytics in place.
Vendor Sourcing
When we talked to respondents about network security in 2019, we found that many companies preferred not to outsource the management of their network security vendors. They wanted to remain agile and pick best in breed vendors for particular security challenges.
In our latest WAN Manager Survey, we again find that the largest plurality of respondents, one in three, are using a mix of security vendors for their network security sourcing strategy.
Fifteen percent of respondents sourced their network security from a managed services provider or systems integrator. One WAN manager mentioned that they are allowing their broadband providers to manage internet security for them, however they had strict requirements including “policy visibility, see[ing] the logs, data on security analysis, and remote blackholing.”
Another 15% of respondents were sourcing their network security from their SD-WAN vendor.
One respondent, however, specifically mentioned that they do not plan to source their network security through their SD-WAN vendor, essentially rejecting the idea of combining the two into a SASE model. For them, “SD-WAN is just a new WAN service, not any of the additional stuff.”
Only 11% of respondents were sourcing their network security from their carrier or network service provider. One respondent said they were sourcing their network security through their carrier, as they were getting a better price since the carrier wanted it on their revenue books. However, they still manage their own security, other than DDoS protection which they have their carrier handle.
ZTS and the Future of Work
We’ve long pointed to cloud adoption and local internet breakouts as key factors moving enterprises toward ZTS over other security strategies.
But the impact of the pandemic has been palpable.
When asked to rank factors driving ZTS adoption, respondents who were in some stage of considering or adopting ZTS ranked “increased remote work” the highest. One WAN manager from an industrial company noted that they had tripled their remote workforce as a result of COVID and the company seemed open to keeping many workers remote long-term.
And remote work isn’t going away. If anything, we anticipate it will only become a more hybrid experience for knowledge workers. (I say this as I sit in TeleGeography’s DC office, my day full of both in-person and virtual meetings.)
As for how the evolution of this hybrid work experience will impact networks of the future, we’ll have to see what WAN managers tell us in our next round of surveys. More to come next year.
About the Author
Greg Bryan is the Senior Manager, Enterprise Research at TeleGeography. He’s spent the last decade and a half at TeleGeography developing a range of pricing products and reports about enterprise networks. He is a frequent speaker at conferences about corporate wide area networks and enterprise telecom services. He also hosts TeleGeography’s WAN Manager Podcast.
Greg can be reached at gbryan@telegeography.com or through TeleGeography’s website: https://www2.telegeography.com/