How to Securely Enable Digital Transformation

Digital transformation goes well beyond reducing physical assets to bits. Digital transformation leverages software to re-invent the entire LBGUPS (Learn, Buy, Get, Use, Pay & Support) business value chain.

I suspect almost all reading this post are involved in digital transformations at work and see it in action throughout daily life. For example, over the past two days, I’ve:

• Designed a customized pair of sneakers online and had them shipped to my house
• Ordered lunch from a quick service restaurant and had it delivered in under an hour
• Reviewed a proof-of-concept product design with colleagues and business partners simultaneously located on three separate continents—whom I have never met in person—using video conferencing Microsoft Teams and several SaaS design platforms
• Been frustrated talking to a call center to unwind a purchase I made online

We all see the blending of the physical and digital worlds accelerating, and the rate of change in digital spheres of commerce is outpacing what is happening in the “real world.”

This digital transformation requires businesses to bring together data, applications and users in a secure way—across digital and hybrid environments that are distributed, complex and expanding.

What’s Fueling Accelerated Digital Transformation?

1. Cloud and edge computing

Computing itself has undergone a digital transformation, and it is now dramatically more efficient to consume processing as a service. The shift to the public cloud from private data centers has been swift and sweeping, and cloud-based applications are the new standard. In fact, 85% of enterprises will embrace a cloud-first principle by 2025 and 95% of new digital workloads will be deployed on cloud-native platforms.

Likewise, edge computing continues to mature, bolstered by ever-more-powerful, available, and diverse wireless networks. Bringing computing and analytics closer to data sources allows for faster processing and opens new possibilities for IoT applications. With a projected eight-fold increase in applications at the edge, edge computing is fundamentally transforming the ways businesses handle, process, and deliver data.

2. Abundant bandwidth

Gone are the days when enterprises were hampered when it comes to speed. Legacy-constrained telco connectivity should no longer constrain business solutions. With widely available broadband, dedicated Ethernet options, plus access to private wireless networks, IT leaders have access to more modes of bandwidth than ever before. The task turns to orchestrating this diverse connectivity model for optimized cost and performance.

3. A hybrid approach to the modern workplace

Traditional networking and security structures were oriented around the once universally accepted practice of employees working inside an office building. Data and applications sat inside data centers. Employees accessed the internet within the confines of the on-premises network. It’s not as though remote work wasn’t a factor at all, but the norm was on-premises employees and data within a tightly guarded perimeter.

Fast forward to today, and the unexpected success of work-from-anywhere has spurred on new levels of digital innovation, with long-distance collaboration happening easily and seamlessly. With network access required well beyond a company location to a user (which increasingly could be a bot or software application, rather than a person), wherever it may be and on whatever device the call is from, the number of endpoints has grown exponentially.

Enter the Need for Integrated Networking and Security

The past few years have been a digital whirlwind, and as digital business expands, it becomes more and more clear just how inextricable security is from the equation. CIOs earned a bigger seat at the table during the pandemic, which put them front and center in boardroom-level conversations around cybersecurity.

The security implications of the three trends fueling digital transformation are profound: We need to protect data and applications that may be located anywhere, to which there are plentiful and multiple bandwidth paths, and from end users that are increasingly not even human.

CIOs are challenged with securing an ever-more cloud-reliant, distributed, data-driven and bandwidth-consuming enterprise with largely the same resources at their disposal. Addressing the security needs of this new reality comes in part through a unified networking and security approach that not only covers networking from edge to cloud and back again, but also better protects an ever-growing attack surface.

Secure access service edge (SASE), a term first coined by Gartner, is a framework that integrates networking and advanced security in a single, unified, cloud-delivered service.

Currently one of the fastest-growing network and security categories, SASE is SD-WAN-as-a-service and security-as-a-service. Let’s look at each:

Software-Defined Wide Area Networking

Offering more flexibility at low cost, software-defined networking, or SD-WAN, abstracts network control from the connectivity layer and enables real-time monitoring, reporting and analytics across network nodes.

SD-WAN architectures support modern, distributed, hybrid workforces, offering key benefits like network resiliency, application visibility and optimization, automated bandwidth management, and performance and availability of cloud-based workloads. Capabilities like application-aware routing help to reduce the threat surface by segmenting mission-critical systems from less-critical ones. Secure tunnel traffic encryption, meanwhile, helps securely connect sites across geographies. And, finally, single-pane-of-glass monitoring allows IT teams to monitor all traffic and ports from anywhere, identifying and mitigating risks and problems as they arise.

Next-Gen Security Architecture

An integrated security infrastructure that can meet the demands of a cloud-first, hybrid world needs to not only identify potential attacks, but also constantly monitor, prevent and mediate them. An effective integrated security architecture should include key functionality elements like:

• Managed UTM: Managed unified threat management (UTM) rolls several security functions—like intrusion detection, Layer 7 firewall, application control and content monitoring—into a single managed solution, delivering one management and reporting point and eliminating the need for multiple systems. With on-premises and cloud-based solutions available, managed UTM provides enhanced monitoring and greater visibility for resource-strapped IT teams.
• Firewall as a service: Many legacy firewalls are ineffective against modern threats on a distributed network. Managed firewall solutions allow for customized rules based on specific needs, helping protect against external threats to a LAN network.
• Cloud access security broker: A cloud access security broker (CASB) sits between cloud users and cloud service providers to enforce enterprise security policies. CASBs leverage tools such as single sign-on, authentication and credential mapping.
• Secure web gateway: Secure web gateways filter unwanted access, software and malware as employees access the internet.
• Zero-trust network access: Zero-trust network access (ZTNA) enables safe and secure access to enterprise applications for remote users. Zero trust operates on the assumption that trust is never implicit, offering access only to specific applications or services, as opposed to an entire network.

In addition to the above security elements, two others exist outside the strict SASE framework and are also necessary, including:

• DDoS mitigation: Distributed denial of service (DDoS) attacks flood traffic to a server, website or network resource, overloading systems, slowing down services and making networks more vulnerable to future malicious attacks. Effective DDoS mitigation detects suspicious and malicious traffic, drops and rate-limits traffic as a first line of defense, diverts traffic to scrubbing centers, and allows clean, legitimate traffic to continue to access the network, minimizing dips in experience or access.
• Managed detection and response: Through managed detection and response, organizations work with their internal cybersecurity team or third-party partners to quickly detect, analyze, investigate, and actively respond to threats via mitigation and containment, and then remediate any harm.

As digital transformation continues to evolve, taking on seemingly new definitions with each passing year, the imperative to digitally innovate and create a secure networking environment capable of supporting that innovation compounds in lockstep. The need for a new approach to networking and security—and a trusted managed service partner that can deliver flexibility and security—is now more apparent than ever before. To learn more visit https://business.comcast.com/enterprise/products-services/secure-network-solutions.

Bob Victor is SVP, customer solutions, Comcast Business.

This guest blog is part of a Channel Futures sponsorship.