Evaluating Software Defined Perimeter Solutions for Hybrid IT
Supporting business needs while enforcing security policies
Part 2 of 2, Read Part 1 of the blog here.
This week we continue the conversation with Jon Oltsik, Sr. Principal Analyst from ESG (Enterprise Strategy Group) sharing his perspective for considering and/or purchasing Software Defined Perimeter (SDP) solutions.
Whether you’re augmenting or modernizing legacy VPN installations that aren’t quite cloud-ready, or researching SDP solutions in general, common questions and topics arise such as “Has the perimeter gone away?” and “How will enterprises migrate secure access mechanisms from VPN to perimeter-less network access?
Considering some key market drivers for SDP can help determine how soon organizations should implement an SDP strategy. They include:
- Widespread adoption of cloud services, IoT, and SaaS applications
- Complexities of the global regulatory environment
- How hybrid IT and multi-cloud infrastructure is expanding the attack surface
- Ineffectiveness of standalone and disparate security tools
- Digital transformation including creating optimal digital customer experience
- Increasing sophistication, frequency, and complexity of attacks
Below are the topics discussed with ESG, providing insight on Software Defined Perimeter implementation strategies in a perimeter-less, Zero Trust world.
How will enterprises migrate from perimeter to perimeter-less network access? Does perimeter security and VPN go away?
At ESG, we often see this migration driven by a particular use case. For example, an organization may need to provide a 3rd party partner with secure access to a single specific application rather than the network at large. This same type of access control can also be used for regulatory compliance purposes, limiting access to regulated data to a select group of authorized users. We also see SDP utilization for privileged account management and IoT device access. Typically, organizations tend to move on to broader projects like adopting full perimeter-less network access technologies like SDP for large populations of internal users. Perimeter security and VPNs never go away. They continue to act as enforcement services for traditional end-user access and north/south traffic, and these functions are subsumed into a broader hybrid IT network access strategy.
What is your opinion on Pulse Secure Access approach and SDP differentiation compared to the others?
Most organizations I speak with want to minimize disruption, so they are asking ESG about the easiest path from VPN to SDP. This is one of Pulse Secure’s strength by providing a single endpoint agent for VPN and SDP. This gives organizations a lot of flexibility to add SDP gateways and set up an SDP architecture through a central management interface while maintaining the core strengths of their VPN infrastructure. Pulse Secure VPN can also act as a reverse proxy, which can help provide strong security while maintaining end-to-end network performance. Finally, Pulse Secure provides strong monitoring, reporting, and analysis for security and network operations staff.
SDP isn’t really a new market, it’s an evolution of traditional VPN technology to accommodate hybrid IT. Given this, Pulse Secure’s install base and experience give it a bit of a leg up against startup competitors.
What are the key considerations for decision makers when implementing SDP?
In answering this question, it’s important to state that SDP is almost always deployed to address some type of business need and not as a technology upgrade. Therefore, decision-makers should look for SDP solutions that support business needs and enforce security policies while remaining transparent to users. From a technology standpoint, organizations should seek out SDP technology that is easy to deploy, configure, and operate. Furthermore, SDP must verify and authenticate devices first and then provide end-to-end trusted connections from endpoints and devices to applications and services regardless of location. This requires VPN and SDP functionality. SDP should integrate into a hybrid IT environment and provide continuous monitoring for security and regulatory compliance needs.
It’s a long list so organizations should make sure to reserve ample time to research, evaluate, and test SDP technology and choose solutions that support current and future business, networking, and security requirements.
About ESG: Enterprise Strategy Group is an IT analyst, research, validation, and strategy firm that provides market intelligence and actionable insight to the global IT community. For more information, please visit https://www.esg-global.com/