Securing branch offices @ the speed of digital

Speed is of the essence when securing businesses and their branch offices in an era of digital transformation shaped by hyper-connectivity and the cloud. The WannaCry attack which took place in May this year underscored this point with its ability to infect 300,000 systems and services worldwide in just 72 hours.

In the face of such an onslaught, traditional approaches to security will not work. Enterprises no longer have the luxury of long procurement and implementation cycles as they integrate new security appliances to ramp up capacity. And they no longer have an obvious perimeter to protect.

Today, enterprise apps are run both in the cloud and the corporate data centre. The apps are accessed by users from branch offices in different locations, using different forms of connectivity from pure Internet to MPLS to hybrid networks. And these branch offices are becoming a common entry point for cyberattacks into the enterprise.

According to one estimate by industry analysts, the attack volume for branch offices was set to grow by more than 500 per cent between 2013 and 2016.

Branch security is therefore an essential aspect of overall enterprise security.

Up till recently, however, securing the branch offices of a highly-distributed enterprise seemed like an uphill battle. A study by Dimensional Research in 2016 found that over one-third of companies failed to have proper security measures at branch locations, and the top challenge cited in managing branch security was the growing complexity of the network. This was not helped by the fact that two thirds of the companies surveyed had to manage more than six physical network and security devices at each branch location.

But the tide is turning. Today, the emergence of software-defined technologies such as network functions virtualisation (NFV) is helping to address many of these challenges. With NFV, hardware-centric network and security technologies are abstracted into software-based services which can significantly improve the deployment and management of security at the branch.

These virtualised versions of security functions can be centrally managed and policy orchestrated, zero-touch provisioned and service-chained to achieve multi-layered security. For example, security functions such as a next-gen firewall and anti-virus can be service chained using application programming interfaces and centralised orchestration and management tools to provide security for direct Internet access from the branch.

Using the software approach, services such as Singtel Virtual Security (vSecurity) are helping enterprises to remove the speed barriers to security deployment.

Singtel vSecurity is a suite of fully integrated and layered multitenant security services which include next-generation firewall, secure web gateway, anti-virus, malware and intrusion prevention. This eliminates the need for enterprises to procure, deploy and manage separate appliances and to have different technical skillsets to install, configure, test, and maintain proprietary hardware.

Security services can be spun up quickly to protect the branch offices without having to wait for hardware to be shipped. Each virtual security function can be easily configured, and moved in the network as required. Capacity can be scaled quickly without deploying new hardware. Time-to-deployment for security is shortened from months to days.

The software approach is therefore key to dealing with an increasingly complex threat landscape while reducing deployment time, operational costs and capital expenditure. In so doing, it plays an important role in ensuring that security is able to keep pace with the speed of digital transformation.