Security models are always useful to practitioners trying to understand the complex threats targeting their resources. The zero-trust model promoted by Forrester, for example, has helped network designers deal with the continued reduction in perimeter focus as a protective control.
Similarly, the secure access service edge (SASE) model promoted by Gartner has led many companies to rethink their access use cases.
Our decades of experience at AT&T suggest that three broad types of network access need to be protected from cyber threats.
First, have physical business locations, including headquarters and branch offices, that must include a secure, high-capacity network connection. Our multi-protocol label switching (MPLS) solutions have served this market well for many years and continue to do so.
Second, there are end users who work from anywhere. These are typically served by some form of virtual private network (VPN) solution. Security approaches for remote access range from heavy-duty client-server VPN implementations, using underlying protocols such as IPSec, to lighter solutions built into the browser, using security protocols such as TLS. These approaches have helped users cope with the shift in work styles caused by the ongoing pandemic.
Finally, there are third parties that claim access to their corporate customers. The need for business-to-business (B2B) security became apparent many years ago with the outsourcing of corporate functions to remote support teams. Today, many B2B connections combine a VPN with a host of older protections including filtering of the source IP address for dedicated connections. Authentication is provided using an identity and access management (IAM) tool.
Zero trust and SASE are useful for these. But they require significant adjustment to support the challenges of handling modern hybrid networks, legacy systems, mergers and acquisitions, and other unique one-off scenarios. AT&T Cybersecurity offers SASE managed services and trustless consulting to help remove this complexity. But we are also looking ahead and developing something new.
The result is a new paradigm that is essentially a secure access network edge. We describe it in the context of five architectural zones – illustrated in the diagram below.