SBN

The journey to SASE: Four critical steps to take

As remote and hybrid work models become the norm and mass migration of application workloads to the cloud accelerates, the need to evolve the underlying infrastructure is much discussed and the benefits of a Secure Access Service Edge (SASE) approach to a next-generation architecture are now widely documented. A much tighter convergence and integration of network connectivity and security functions secures work from anywhere at any time—as demanded by modern businesses while they transform to digital—and ensures that workers remain productive, and work is optimized.

 

Deciding to embrace SASE acknowledges that today’s work environment has forever shifted to a cloud-based model that gives employees access to the digital assets and applications they need to do their jobs. For many organizations, that’s overcoming a major cultural hurdle indeed. But even with the pandemic accelerating SASE adoption from 10 years to five years, transforming the legacy perimeter into cloud-based, converged capabilities doesn’t happen overnight. It requires work and planning, since enterprises have already invested heavily in the hardware and software that underpin their existing data center–oriented model. Most businesses simply can’t afford to abandon those investments.

 

Step 1: Assess your tech stack

The first step in any SASE journey should start with an assessment of your existing investments. Take an inventory of hardware and software to fully understand refresh cycles and develop a reasonable timeframe for phasing out on-premises perimeter and branch hardware. Enterprises must understand the parameters of their existing contracts, the time that remains on them, and how that maps to near-term capacity needs.

 

Also critical: Soliciting input from voices on both the operations and network sides of the organization. Enterprise network and operations teams often operate separately, which could further complicate a move to a new converged architecture, albeit one that relies on many of the same tools already in use, like secure web gateways (SWG), cloud access security brokers (CASB), firewall as a service (FWaaS), data loss prevention (DLP), SD-WAN, and Zero Trust Network Access (ZTNA). Any migration plan should include bringing together members of both teams—if not physically, then virtually—to assess potential benefits, sticking points, and impacts.

 

Enterprises should also take inventory of their human capital. People are key to any successful SASE strategy. Understanding the existing skill sets of employees—particularly those who deal with operational and security issues—will help organizations build on those strengths as well as identify and fill in any gaps.

 

Vendors bear close scrutiny as well. After years of building on a data center–oriented, perimeter-based model, most organizations now find themselves managing a mish-mash of software tools and vendors, and some will be more capable than others of making the shift to an anytime, anywhere approach. A note here—it’s crucial to find a vendor or vendors with platforms that can integrate all elements critical to a successful SASE strategy, and that can securely scale up as business horizons and workforces shift and expand.

 

In the rush to move to SASE, it may be tempting to plunge in headlong without much prep work. But simply taking the above-mentioned steps alone can pick up the pace for SASE adoption, cutting the time to implement by half.

 

Like any migration project from on-premises to the cloud, simply taking a “lift-and-shift” approach—assuming that the functional requirements for yesterday are the same as for tomorrow—is flawed. Taking the time to do a much deeper assessment at the beginning will save a lot of time and pain down the road.

 

Step 2: Know your data and let insights drive you

In the enterprise, data makes the world go around. It’s the lifeblood of an organization, the currency of modern-day business. Getting a grip on data—understanding what the business has, where it’s located. and how it’s used—has proven confounding to many organizations. Migrating to SASE offers the perfect opportunity for the enterprise to assess its data landscape from both operational and security standpoints.

 

Knowing what data employees need in order to do their jobs and how to protect it will go a long way in securing newly defined ways of working. From there, the enterprise can turn its attention to developing a set of policies, processes, and procedures to implement as it migrates to a SASE architecture.

 

As with anything, solving for the big rocks first—securing the early project wins that drive the biggest business impact—is just good practice. In the case of moving to a SASE type of architecture, bringing together operational data and business impact data to align on a schedule of priorities is critical. For example, what cyberattack vectors are having the biggest impact on end users and how can you mitigate that risk first? Or how do you ensure that remote users are working safely now that they’re spending 75 percent of their working day in a browser and VPN capacity is limited?

 

Step 3: Document your plan

Using the post-pandemic accelerated rate of adoption as a guide, like Gartner, we believe a migration plan should include the following milestones:

 

    • Phase-out of hardware and software. Much of what’s in use is no longer needed in a cloud-first strategy.

    • Consolidate and eliminate vendors. From a management standpoint, the fewer the better should be a guiding principle. Many of the tools currently in use were made for a data center–oriented environment and won’t transition easily to the cloud. This is where companies can save money.

    • Eliminate legacy VPNs used at the network level for remote access. As enterprises found when the pandemic forced workers home, VPNs just didn’t cut it and actually became an operational and security liability.

    • Establish metrics for measuring migration success. The best-laid plans might not yield the expected results. Metrics can serve as an early warning system that something is off and give the enterprise an opportunity to fine-tune its game plan.

    • Ensure continuous authorization for access requests. Couple that effort with continuous monitoring, which can help security teams ferret out risky behaviors and head potential security problems off at the pass.

 

Step 4: Nail down security

Security, stuck firmly in a box at the edge of the data center, hasn’t caught up with the move to the cloud. Putting a SASE framework in place will bring security up to speed to adequately protect the modern business. Focus on these key security stages:

 

    • As we’ve advocated previously, an enterprise should start with a SWG to provide security coverage no matter where a user is located.

    • Rework and revitalize a data loss prevention policy. Layout where data can be stored, how it can be used, and who can access it.

    • Increase visibility into assets across the computing environment. Without clear visibility, security teams don’t know what to protect or where the real threats lie. This is especially true in multiple cloud environments that use both public and private cloud offerings.

    • Add CASB data authentication and encryption points to protect applications on the cloud, establish control, and improve visibility.

    • Adopt a ZTNA mindset that assumes no one is trusted and access to resources is given on a one-at-a-time determination.

 

None of these changes are an easy lift for companies, so adopting the SASE architecture with the proper security controls in place will take time and resources. For skittish organizations or those with limited resources, even a partial implementation will yield the many benefits of SASE and put companies in position to meet the requirements of modern-day business.

 

On the road to SASE, don’t forget to put a premium on the user experience. That’s what the journey is all about—protecting productivity by giving employees, administrators, and others access to the applications and tools they need to do their jobs, no matter where they are, without the friction that security can often cause. That’s good business.

 

 

Discover how you can define your journey to SASE and attend this exclusive learning series and be sure to download our SASE resource bundle here.

 

*** This is a Security Bloggers Network syndicated blog from Menlo Security Blog authored by Mark Guntrip. Read the original post at: https://www.menlosecurity.com/blog/the-journey-to-sase-four-critical-steps-to-take

Avatar photo

Mark Guntrip

Mark Guntrip has over 20 years experience in security marketing including strategy, product management, and product marketing across enterprise and commercial markets. Specific market areas include advanced threat protection, web security, cloud-based security, firewalls, and managed security services. He has a proven track record of building success in new markets as well as promoting growth within more established areas. Prior to Menlo Security, Guntrip held various management roles with Proofpoint, Symantec, and Cisco.

mark-guntrip has 17 posts and counting.See all posts by mark-guntrip