Building a Secure, High-Performance Edge

Digital leaders are accessing security ecosystems on Platform Equinix to protect digital infrastructure at the edge without sacrificing performance

Kunal Handa
David Tairych
Building a Secure, High-Performance Edge

The cost of security breaches continues to rise as distributed users, systems, applications and cloud services expand the attack surface exponentially. A recent study by IBM shows that between March 2021 and March 2022, the global average cost of organizations’ data breaches reached an all-time high of $4.35 million—increasing nearly 13% over the last two years of reporting.[1] To add insult to injury, these breached companies say their customers are paying for these cyber-crimes, with 60% of businesses raising product prices post-breach.

This is not news. Businesses worldwide have been dealing with the increasing threat of cyber-attacks, security breaches and data leaks for decades. In fact, the Equinix 2022 Global Tech Trends Survey reports that IT leaders see these challenges as the number one threat to business success. To combat the growth in attack vectors, companies are pushing securities services closer to the edge, securing and inspecting traffic as soon as it enters an environment.

Leaders’ guide to digital infrastructure

Learn how 50%+ of the Fortune 500 have leveraged Platform Equinix to implement and capitalize on their digital-first strategies.

Download Guide
Screen Shot 2022-08-22 at 3.32.23 PM

Trending security services at the edge

Many digital leaders are relying on security services that employ zero-trust security principles, which assume there’s no implicit trust granted to users or devices, to block breaches in their distributed IT infrastructures. As a result, IT organizations can gain more granular perimeter control based on users’ identity, devices, geolocation and historical usage patterns to identify whether something is to be trusted.

The following are some of the most common edge security applications that digital leaders are deploying, which can help them create a zero-trust security environment:

  • Distributed denial of service (DDoS) environments that identify and mitigate cyber-attacks where too many requests are being sent to an online resource, such as a web server, forcing it to slow or shut down.
  • Virtual firewalls, like physical firewalls, allow or deny network access to traffic flows between trusted and untrusted zones via software. Next-gen firewalls can provide intelligent security up through the application layer for greater end-to-end application access protection.
  • Virtual private networks provide secure, encrypted connections between public and private environments, such as remote workers going over the internet to access a corporate network.
  • SD-WAN security enables private connectivity when accessing users, systems, applications and clouds, such as delivering encryption services (Secure Sockets Layer (SSL) and Transport Layer Security (TSL)) and user authentication. SD-WAN providers are increasingly adding security overlays to SD-WANs, including combining them with SASE capabilities.
  • Secure access service edge (SASE) solutions combine SD-WAN and network security services, such as secure web gateways (SWG), cloud access security brokers (CASB), firewalls as a service (FWaaS) and others in front of traffic sources (users, devices, apps, etc.), and deliver it as a cloud service (i.e., cloud-native security).
Many digital leaders are relying on security services that employ zero-trust security principles, which assume there’s no implicit trust granted to users or devices, to block breaches in their distributed IT infrastructures."

Centralized security, with distributed security points

Increasingly, digital leaders are looking at the distributed nature of their users and digital IT and seeing the importance of maintaining core centralized security services, while creating distributed security points at the edge. This gives them perimeter security that delivers greater control, visibility, performance, scalability and simplified governance. By distributing security at the edge, you can deploy traffic inspection and other security controls (e.g., authentication, access, etc.) before attackers get into your corporate network or cloud environment—where they can propagate the most damage.

We see digital leaders taking the following five steps to create a secure edge:

  1. Identify edge locations in proximity to remote offices, mobile workforces and digital consumers.
  2. Determine traffic patterns and provision network services to secure edge access and segment traffic based on its trust profile.
  3. Standardize, orchestrate and monitor edge access control policies.
  4. Offload low-value traffic at the edge.
  5. Extend the secure edge as needed (for example, for new or emerging markets).

From deploying these secure edge practices on Platform Equinix®, organizations have seen an 80% reduction in traffic over the public internet, improving their edge digital services performance by 5-10x. They are also reducing risk by localizing their security controls and decreasing the time to secure edge deployments from months to hours.[2]

A successful and performant edge requires a dense ecosystem of security partners

No single company can deliver the wealth of security services that provide these distributed security capabilities, which is why digital leaders rely on the secure interconnection, digital services and dense security provider ecosystem on Platform Equinix. And though edge infrastructure can reside anywhere, the most effective place to put your security control points for the best performance is where the greatest volume of traffic is being created and exchanged.

Network Edge supports a number of virtual network functions (VNF) devices such as SD-WAN, routers, firewalls, VPNs and load balancers from industry-leading vendors, such as those represented in the diagram below.  These security companies, and others like them, are hosting their infrastructure on Platform Equinix so they can participate in the world’s largest interconnected ecosystem of network, cloud and internet service providers, business partners, and enterprises.

VNF Vendors on Network Edge

For example, VMware, along with hosting its SD-WAN VNF on Network Edge, is also leveraging Equinix to build out it’s secure SD-WAN gateways. Cisco harnesses Network Edge to deliver end-to-end firewall security and Equinix Fabric™ to deliver WAN MACsec encryption over global networks. Cisco also offers its SASE services in Platform Equinix along with SD-WAN on Network Edge to be closer to the rich ecosystems of cloud providers that Equinix offers. And we’ll be adding the Aviatrix multicloud networking solution to Network Edge soon, which will allow customers to leverage Platform Equinix for a private layer 2 underlay with Aviatrix multicloud networking and security layered on top.

Equinix Metal™ can provide the compute and storage resources to support data security or data replication. In addition, Equinix Fabric enables private interconnection between a company’s digital infrastructure, employees, partners and customers across our global platform.

One of the biggest challenges of securing the edge really comes down to what the best solution is for your business. However, digital leaders such as Friend MTS and Dojo Financial Services have found that building their security infrastructure on Platform Equinix — close to large volumes of data exchange, dense ecosystems of security partners and service providers, and a wide choice of private interconnection options — gives them all the right components to secure their digital edge.

 

[1] IBM Report: Consumers Pay the Price as Data Breach Costs Reach All-Time High, July 27, 2022.
[2] Find more information on Equinix benchmarks and analytics in the Global Interconnection Index (GXI).

Increasingly, digital leaders are looking at the distributed nature of their users and digital IT and seeing the importance of maintaining core centralized security services, while creating distributed security points at the edge."
Kunal Handa
Kunal Handa Edge Specialist
David Tairych
David Tairych Solutions Architect, Asia-Pacific
Subscribe to the Equinix Blog