Network teams are forced to trust that actual branch locations, wherever they may be, are secure and that their network device is safe while on premises. Branches can be a busy retail store, a government embassy, or a pharmacy lab testing new vaccines. The network device will see any and all data as the primary routing, switching, and security center. While it is critical to secure endpoints such as workstations, mobile, and IoT devices; the network platform itself must be considered vulnerable to attack as a data aggregation point.
Network segmentation helps to protect critical traffic from prying eyes, but it remains a single-layer approach. Cloud-managed, on-prem security deployments such as IPS and NGAV help layer network device security against rogue devices beyond traffic segmentation and make a zero-trust approach more thorough. And while some vendors offer network security as a cloud service, once the location gets above a few dozen endpoints, the traffic generated through security inspection outweighs the cost-benefit of using the cloud. is computer science engineering security simply offers the highest performance levels with the most control.
Furthermore, the remote activation process mentioned in this article involves taking the network device control plane (a function once tied to the device itself, thus requiring an on-site certified specialist) and moving it to a cloud-hosted architecture. Assuming the bare-metal cloud infrastructure hosting the SD-WAN or SASE console is itself secure (many IaaS providers should have documentation on their efforts here), the data transactions that verify and use the device must traverse the internet to operate and should be encrypted in a secure manner.
No comments:
Post a Comment