Getting SASE, Without the Hyperbole
Secure Access Service Edge (SASE) Can be a Game-Changer When Compared to Security of the Past
In the world of information security, it’s hard to flip between internet browser tabs without hearing a new term, and one of the biggest in 2020 was Secure Access Service Edge (SASE). With all the buzzwords and tech jargon flying around, it can be confusing to define and differentiate the latest terms and acronyms, but this is an important one to familiarize yourself with. The bottom line is, heading into 2021, you need to know what exactly SASE is and why you should care.
Those in the industry know that cloud infrastructure investment has been growing year-on-year, but according to Canalys, it spiked more than 30% in 2019. This was a huge jump and growth did not slow in 2020. A recent IDG report stated that more than 50% of buyers planned to be in the cloud within the next year.
There are many advantages to cloud, especially scale and reliability, which are essential when supporting the needs of employees, customers and partners. However, the cloud introduces uncertainty in how to ensure data security best practices are adhered to, with rapid expansion potentially eroding the network perimeter.
The top concerns for an enterprise moving to the cloud are security-related: data-loss/theft, unauthorized access and insecure interfaces, to name a few. SASE can help, preparing the modern business to be ready for the cloud with agility, elasticity and security in place to manage data risk.
Why do we Need SASE?
Gartner introduced SASE as a methodology for bringing network and security capabilities together. Controls are moved closer to the user, wherever they are, to provide appropriate access based on security risk at a given moment in time.
We need to think differently about risk assessment, as the profile for any part of the business is both complex and dynamic. The posture constantly changes as users and devices connect and disconnect, add new devices or modify software/update software configurations. To understand business risk means to know your digital business and how it operates. Visibility and monitoring of the environment are essential to see in real-time where weaknesses lie and challenges faced by the network. A few questions businesses should ask every day include:
• What is my risk tolerance?
• How much more risk can we take on?
• Which areas of the business carry the most/least risk?
The answers to these questions drive changes in data protection and risk policies. The move to the cloud does not mitigate the challenge. You are still responsible for securing the enterprise – even if a vendor is managing some portion of it.
Enter SASE to Help with the Journey
SASE has one overarching purpose – to simplify the challenge of addressing security across the enterprise. SASE is the coming together of cloud benefits, applied to security and designed for streamlined deployment and management – making risk assessment and enforcement less stressful.
What is meant by this? Take retail, as an example. At holiday periods like Thanksgiving and Christmas, there will be increases in both in-store and online traffic, resulting in increased network load and additional resource requirements. Leveraging SASE capabilities means organizations can spin up those extra resources when demand is high, then when the holidays are over and traffic dissipates, the resources can be scaled back to meet normal needs.
It is this flexibility that makes SASE a game-changer when compared to security of the past.
SASE Takes Off as Cloud Accelerates
In recent months, the journey to the cloud has accelerated for many organizations, with plans that had been laid out over years being compressed into a few months. This has been challenging and yet, at the same time, proof that the cloud enables agility and adaptability.
The benefit of SASE is that in being delivered as-a-service, integration and administration move to a specialized team for management of the service. However, this will not remove all the visibility gaps and any SASE strategy needs to include policies for the on-premises infrastructure. There is no golden key; it is not possible to outsource all responsibility for data security and cloud-access – this is a responsibility which must be taken seriously.
The need to secure data is high priority and many different tools and controls exist to achieve this. This can introduce complexity for security with issues of configuration and interoperability between vendor products. Interoperability can result in visibility gaps, which leaves systems and data more vulnerable to threats.
SASE should be designed from the ground up to focus on and provide the best possible user experience. When considering a vendor for SASE, look at how they approach the user and deliver capabilities that provide a positive impact on the business. Ultimately, the design is to bring services closer to the user, maintain uptime and reliability and secure access to the network, all without compromising the end-user. The ultimate SASE solution delivers all this invisibly – the user should not be aware of the enhanced security, meanwhile, enjoy an improved overall service experience.
In the next few years, we will see more companies moving to the cloud, but it will take some time for the organization’s dependency on hardware to fully disappear. It is essential to focus on the consistency of configuration and policy across security devices, which makes troubleshooting and remediation tasks simpler. When designing for SASE, make sure to account for physical, virtual and cloud, as part of the initiative. Visibility rules in security – you cannot protect what you can’t see.
The move to a SASE environment will require an investment of time and resource. There will be new things to learn on the journey about how to better utilize what you have today , as well as how to spot the gaps that are across the network, security and user management. There are many resources out there that can help guide you in the right direction, but my recommendation before anything else is to learn what you have, understand what it does, design for improvement and futureproof your enterprise.