WEBVTT

1
00:00:00.000 --> 00:00:01.350
In this lesson,

2
00:00:01.350 --> 00:00:04.227
we will learn about deperimeterization.

3
00:00:04.227 --> 00:00:08.280
The deperimeterization refers to the shift away

4
00:00:08.280 --> 00:00:12.570
from relying solely on a traditional flat-network perimeter

5
00:00:12.570 --> 00:00:15.669
and instead focusing on verifying and securing

6
00:00:15.669 --> 00:00:18.180
every user and device

7
00:00:18.180 --> 00:00:21.360
regardless of their location within the network.

8
00:00:21.360 --> 00:00:23.790
The concept of deperimeterization

9
00:00:23.790 --> 00:00:26.310
acknowledges that a network boundary

10
00:00:26.310 --> 00:00:30.240
is no longer defined by a geographic location.

11
00:00:30.240 --> 00:00:33.960
This is because users, clients, and vendors

12
00:00:33.960 --> 00:00:37.047
often need to access our network infrastructure

13
00:00:37.047 --> 00:00:39.540
from remote locations.

14
00:00:39.540 --> 00:00:42.168
Deperimeterization concepts include

15
00:00:42.168 --> 00:00:44.640
Software-Defined Networking,

16
00:00:44.640 --> 00:00:47.070
Software-Defined Wide Area Network,

17
00:00:47.070 --> 00:00:50.160
and Secure Access Service Edge.

18
00:00:50.160 --> 00:00:54.660
Let's learn more about these deperimeterization concepts.

19
00:00:54.660 --> 00:00:59.660
First, we have Software-Defined Networking or SDN.

20
00:00:59.730 --> 00:01:01.470
Software-Defined Networking

21
00:01:01.470 --> 00:01:03.990
is transforming network architecture,

22
00:01:03.990 --> 00:01:07.320
especially in large scale cloud environments.

23
00:01:07.320 --> 00:01:11.370
At its core, Software-Defined Networking allows software

24
00:01:11.370 --> 00:01:13.560
to control network functions,

25
00:01:13.560 --> 00:01:16.740
replacing traditional hardware-based methods.

26
00:01:16.740 --> 00:01:20.220
But it's more than just software replacing hardware.

27
00:01:20.220 --> 00:01:23.370
Software-Defined Networking uses controllers

28
00:01:23.370 --> 00:01:25.830
or application programming interfaces

29
00:01:25.830 --> 00:01:28.470
to manage the underlying infrastructure

30
00:01:28.470 --> 00:01:32.310
and direct traffic as it moves throughout the network.

31
00:01:32.310 --> 00:01:34.230
Software-Defined Networking

32
00:01:34.230 --> 00:01:37.290
separates a network into three layers:

33
00:01:37.290 --> 00:01:39.600
the control plane, the data plane,

34
00:01:39.600 --> 00:01:41.550
and the management plane.

35
00:01:41.550 --> 00:01:43.890
The control plane handles decisions

36
00:01:43.890 --> 00:01:46.290
like routing and traffic management,

37
00:01:46.290 --> 00:01:49.350
while the data plane is responsible for the movement

38
00:01:49.350 --> 00:01:52.560
of the actual traffic between devices.

39
00:01:52.560 --> 00:01:55.110
The management plane provides oversight

40
00:01:55.110 --> 00:01:57.960
and allows administrators to make changes

41
00:01:57.960 --> 00:02:00.270
to the software-defined network.

42
00:02:00.270 --> 00:02:02.070
In traditional networks,

43
00:02:02.070 --> 00:02:06.090
these functions are all contained within physical devices.

44
00:02:06.090 --> 00:02:08.250
But with Software-Defined Networking,

45
00:02:08.250 --> 00:02:10.020
they are handled virtually.

46
00:02:10.020 --> 00:02:12.450
This allows for greater flexibility

47
00:02:12.450 --> 00:02:16.050
and automation within software-defined networks.

48
00:02:16.050 --> 00:02:18.690
By using Software-Defined Networking,

49
00:02:18.690 --> 00:02:21.210
organizations can set policies

50
00:02:21.210 --> 00:02:24.630
and automate the deployment of network components

51
00:02:24.630 --> 00:02:26.220
in cloud environments.

52
00:02:26.220 --> 00:02:29.880
This enables faster setup, increased agility,

53
00:02:29.880 --> 00:02:32.790
and more effective use of automation.

54
00:02:32.790 --> 00:02:35.400
However, it comes with challenges,

55
00:02:35.400 --> 00:02:37.470
such as needing to secure

56
00:02:37.470 --> 00:02:40.920
the central Software-Defined Networking controller,

57
00:02:40.920 --> 00:02:44.820
which if compromised could disrupt the entire network.

58
00:02:44.820 --> 00:02:47.670
Different types of Software-Defined Networking

59
00:02:47.670 --> 00:02:51.480
or SDN models include open SDN,

60
00:02:51.480 --> 00:02:55.080
hybrid SDN, and SDN overlays.

61
00:02:55.080 --> 00:02:57.450
Each offering different advantages

62
00:02:57.450 --> 00:02:59.939
depending on the organization needs.

63
00:02:59.939 --> 00:03:03.780
The biggest benefit of Software-Defined Networking

64
00:03:03.780 --> 00:03:05.610
is that it allows networks

65
00:03:05.610 --> 00:03:08.197
to scale and adapt in real time,

66
00:03:08.197 --> 00:03:12.720
which is essential in high availability architectures

67
00:03:12.720 --> 00:03:15.360
or disaster recovery scenarios.

68
00:03:15.360 --> 00:03:19.350
However, the downside is that losing connectivity

69
00:03:19.350 --> 00:03:22.320
to the Software-Defined Networking controller

70
00:03:22.320 --> 00:03:24.300
or having it compromised

71
00:03:24.300 --> 00:03:27.000
could bring down the entire network.

72
00:03:27.000 --> 00:03:28.620
In terms of security,

73
00:03:28.620 --> 00:03:32.040
Software-Defined Networking enables better monitoring

74
00:03:32.040 --> 00:03:35.640
and more granular control of network traffic,

75
00:03:35.640 --> 00:03:38.940
making it easier to detect unusual patterns

76
00:03:38.940 --> 00:03:41.790
and respond quickly to potential threats.

77
00:03:41.790 --> 00:03:45.990
Second, we have Software-Defined Wide Area Network

78
00:03:45.990 --> 00:03:47.700
or SD-WAN.

79
00:03:47.700 --> 00:03:50.280
Software-Defined Wide Area Network

80
00:03:50.280 --> 00:03:53.670
builds on the concept of Software-Defined Networking,

81
00:03:53.670 --> 00:03:56.250
but is specifically designed to manage

82
00:03:56.250 --> 00:04:00.810
and optimize connections across wide geographic areas.

83
00:04:00.810 --> 00:04:03.120
It is ideal for organizations

84
00:04:03.120 --> 00:04:06.330
with multiple branch offices, remote sites,

85
00:04:06.330 --> 00:04:09.450
or employees working from different locations.

86
00:04:09.450 --> 00:04:12.180
Software-Defined Wide Area Network

87
00:04:12.180 --> 00:04:15.840
allows companies to securely connect their offices

88
00:04:15.840 --> 00:04:18.840
and remote workers to the central network

89
00:04:18.840 --> 00:04:21.750
regardless of their physical location.

90
00:04:21.750 --> 00:04:24.570
Traditionally, connecting branch offices

91
00:04:24.570 --> 00:04:26.280
over a long distances

92
00:04:26.280 --> 00:04:29.430
required expensive dedicated lines,

93
00:04:29.430 --> 00:04:32.070
but Software-Defined Wide Area Network

94
00:04:32.070 --> 00:04:36.000
allows organizations to use cheaper internet connections

95
00:04:36.000 --> 00:04:39.060
while still ensuring security and performance.

96
00:04:39.060 --> 00:04:42.390
It does this by intelligently routing traffic

97
00:04:42.390 --> 00:04:44.610
based on the type of application

98
00:04:44.610 --> 00:04:47.160
and best available network path.

99
00:04:47.160 --> 00:04:50.130
For example, critical business applications

100
00:04:50.130 --> 00:04:52.890
like video conferencing can be prioritized

101
00:04:52.890 --> 00:04:55.560
and given a more stable connection,

102
00:04:55.560 --> 00:05:00.150
while less urgent traffic can use less reliable routes.

103
00:05:00.150 --> 00:05:04.080
This ensures that all resources are used efficiently

104
00:05:04.080 --> 00:05:07.710
without compromising performance or security.

105
00:05:07.710 --> 00:05:09.300
Another key benefit

106
00:05:09.300 --> 00:05:11.559
of Software-Defined Wide Area Network

107
00:05:11.559 --> 00:05:14.944
is its ability to enforce security policies

108
00:05:14.944 --> 00:05:18.630
consistently across all connected sites.

109
00:05:18.630 --> 00:05:20.820
No matter where a branch office

110
00:05:20.820 --> 00:05:22.950
or remote user is located,

111
00:05:22.950 --> 00:05:25.470
Software-Defined Wide Area Network

112
00:05:25.470 --> 00:05:28.980
applies the same rules and access controls,

113
00:05:28.980 --> 00:05:31.950
ensuring a uniform security approach

114
00:05:31.950 --> 00:05:34.680
across the entire organization.

115
00:05:34.680 --> 00:05:37.680
It also makes network management simpler

116
00:05:37.680 --> 00:05:39.949
by centralizing control in the cloud,

117
00:05:39.949 --> 00:05:43.740
where administrators can monitor and adjust settings

118
00:05:43.740 --> 00:05:47.460
for all locations from a single interface.

119
00:05:47.460 --> 00:05:51.330
Software-Defined Wide Area Network supports the idea

120
00:05:51.330 --> 00:05:54.150
of deperimeterization by acknowledging

121
00:05:54.150 --> 00:05:56.070
that users and devices

122
00:05:56.070 --> 00:05:58.949
need access to the network from anywhere,

123
00:05:58.949 --> 00:06:02.520
not just from inside a physical office.

124
00:06:02.520 --> 00:06:05.010
With Software-Defined Wide Area Network,

125
00:06:05.010 --> 00:06:07.350
the focus shifts from protecting

126
00:06:07.350 --> 00:06:09.570
a single geographic perimeter

127
00:06:09.570 --> 00:06:12.090
to securing all network connections

128
00:06:12.090 --> 00:06:13.920
no matter where they originate.

129
00:06:13.920 --> 00:06:16.051
This shift allows organizations

130
00:06:16.051 --> 00:06:19.020
to maintain strong security standards

131
00:06:19.020 --> 00:06:21.175
while also improving the flexibility

132
00:06:21.175 --> 00:06:24.870
and efficiency of their wide area networks.

133
00:06:24.870 --> 00:06:26.580
Third and last,

134
00:06:26.580 --> 00:06:31.580
we have Secure Access Service Edge or SASE.

135
00:06:31.590 --> 00:06:34.740
Secure Access Service Edge is a framework

136
00:06:34.740 --> 00:06:37.500
that combines networking and security

137
00:06:37.500 --> 00:06:40.350
into a single cloud-based service.

138
00:06:40.350 --> 00:06:42.810
With Secure Access Service Edge,

139
00:06:42.810 --> 00:06:46.020
organizations can ensure secure access

140
00:06:46.020 --> 00:06:47.880
to data and applications

141
00:06:47.880 --> 00:06:50.370
no matter where users are located.

142
00:06:50.370 --> 00:06:52.110
This is especially important

143
00:06:52.110 --> 00:06:54.360
as more employees work remotely

144
00:06:54.360 --> 00:06:56.820
and need to access company resources

145
00:06:56.820 --> 00:06:58.860
from various locations.

146
00:06:58.860 --> 00:07:01.140
Secure Access Service Edge

147
00:07:01.140 --> 00:07:03.640
works by integrating multiple security

148
00:07:03.640 --> 00:07:07.110
and networking tools such as firewalls,

149
00:07:07.110 --> 00:07:08.790
secure web gateways,

150
00:07:08.790 --> 00:07:11.040
and zero trust network access

151
00:07:11.040 --> 00:07:14.220
into one cloud delivered service.

152
00:07:14.220 --> 00:07:17.760
This allows organizations to manage everything

153
00:07:17.760 --> 00:07:19.470
from one central point

154
00:07:19.470 --> 00:07:22.352
while still applying consistent security policies

155
00:07:22.352 --> 00:07:25.170
across the entire network.

156
00:07:25.170 --> 00:07:28.560
For example, if an employee is working from home,

157
00:07:28.560 --> 00:07:30.900
Secure Access Service Edge

158
00:07:30.900 --> 00:07:34.230
ensures that their connection to company systems

159
00:07:34.230 --> 00:07:37.050
is secured and continuously monitored

160
00:07:37.050 --> 00:07:40.110
just as it would be if they were in the office.

161
00:07:40.110 --> 00:07:41.760
One of the key benefits

162
00:07:41.760 --> 00:07:44.040
of Secure Access Service Edge

163
00:07:44.040 --> 00:07:46.560
is its ability to protect data

164
00:07:46.560 --> 00:07:49.440
as it moves between different environments,

165
00:07:49.440 --> 00:07:51.660
like from an on-premise server

166
00:07:51.660 --> 00:07:53.850
to a cloud-based application.

167
00:07:53.850 --> 00:07:55.950
Secure Access Service Edge

168
00:07:55.950 --> 00:07:58.980
applies security measures to each connection,

169
00:07:58.980 --> 00:08:01.500
making sure that data is encrypted,

170
00:08:01.500 --> 00:08:06.060
monitored, and accessible only by authorized users.

171
00:08:06.060 --> 00:08:08.790
This continuous security is important

172
00:08:08.790 --> 00:08:10.320
in today's environment

173
00:08:10.320 --> 00:08:13.110
where data moves between cloud platforms,

174
00:08:13.110 --> 00:08:15.870
offices, and remote locations.

175
00:08:15.870 --> 00:08:19.650
So by integrating security and network functions,

176
00:08:19.650 --> 00:08:23.250
Secure Access Service Edge simplifies the way

177
00:08:23.250 --> 00:08:27.030
organizations manage security across their network.

178
00:08:27.030 --> 00:08:30.630
Instead of using separate tools for different tasks,

179
00:08:30.630 --> 00:08:34.410
everything is handled through one cloud-based service.

180
00:08:34.410 --> 00:08:37.860
This makes it easier to enforce security policies,

181
00:08:37.860 --> 00:08:39.235
monitor user activity,

182
00:08:39.235 --> 00:08:42.075
and ensure that all connections are secure

183
00:08:42.075 --> 00:08:45.480
regardless of where they originate from.

184
00:08:45.480 --> 00:08:48.960
Secure Access Service Edge plays a vital role

185
00:08:48.960 --> 00:08:51.960
in this shift toward deperimeterization,

186
00:08:51.960 --> 00:08:53.430
where network security

187
00:08:53.430 --> 00:08:56.670
is no longer tied to physical locations,

188
00:08:56.670 --> 00:09:00.720
but extends to wherever users or devices are.

189
00:09:00.720 --> 00:09:04.290
So remember. deperimeterization

190
00:09:04.290 --> 00:09:06.870
is about moving away from relying

191
00:09:06.870 --> 00:09:09.000
on traditional network perimeters

192
00:09:09.000 --> 00:09:12.526
and focusing on securing every user and device

193
00:09:12.526 --> 00:09:14.490
no matter where they are.

194
00:09:14.490 --> 00:09:17.250
This approach acknowledges that networks

195
00:09:17.250 --> 00:09:20.520
now extend beyond physical locations

196
00:09:20.520 --> 00:09:24.990
because users, clients, and vendors need remote access.

197
00:09:24.990 --> 00:09:28.320
Software-Defined Networking allows software

198
00:09:28.320 --> 00:09:31.230
to control and manage network traffic

199
00:09:31.230 --> 00:09:34.680
by separating network functions from hardware.

200
00:09:34.680 --> 00:09:36.990
Software-Defined Wide Area Network

201
00:09:36.990 --> 00:09:39.093
optimizes and secures connections

202
00:09:39.093 --> 00:09:42.630
between geographically distant locations

203
00:09:42.630 --> 00:09:46.410
such as branch offices or remote sites.

204
00:09:46.410 --> 00:09:50.310
Secure Access Service Edge integrates the networking

205
00:09:50.310 --> 00:09:54.150
and security functions into one cloud-based service,

206
00:09:54.150 --> 00:09:57.900
ensuring secure access and continuous monitoring

207
00:09:57.900 --> 00:10:00.423
across various environments.