Just about everything today happens in the cloud—except security. Employees do most of their work there, and their critical tools like SaaS applications and email are found there. Even much of an organization’s data is located there. Naturally, security needs to be there as well.
Unfortunately, though, it’s not. It wasn’t too long ago that all those elements, along with employees, resided together within the confines of a building. Data traveled securely between a data center and employees working onsite or in satellite offices. But one by one—beginning with data migration to cloud services like AWS, followed by apps such as Microsoft 365 and G Suite—these elements started moving to the cloud. That migration accelerated in 2020, as the COVID-19 pandemic struck, which quickly forced people out of the building, too.
Having people, data, and applications “everywhere” while security is confined to one spot has created a mismatch. Organizations have had to relay traffic between multiple checkpoints like firewalls, thereby interrupting traffic flow, increasing vulnerability to attack, and struggling to protect multiple network edges.
Defenders initially turned to VPNs but quickly found that they didn’t scale, and that the resulting bottlenecks hampered productivity and, ultimately, compromised security. Trying to shoehorn a security fix into a flat data center scheme simply doesn’t work. Instead, security teams are slowly adopting a new security-driven network architecture strategy that protects employee productivity in the cloud.
Enter Secure Access Service Edge (SASE).
What is SASE?
SASE tightly integrates software-defined wide area networking (SD-WAN) capabilities with network security functions such as Secure Web Gateway (SWG), Cloud Access Security Broker (CASB), Firewall-as-a-Service (FWaaS), and Zero Trust Network Access (ZTNA). SASE also integrates with connectivity like 5G to create a framework that supports the dynamic secure access needs of modern organizations looking to secure modern work.
The emphasis is not on remote access, but rather on a device’s identity using real-time contextual information. SASE applies the security and compliance policies of an enterprise, as well as functions that allow organizations to continuously assess risk and trust during a session. Those identities aren’t always associated just with devices or people, but can be linked to applications, different groups of people, and even IoT systems or computing locations at the edge.
While the SASE concept has just started to create a buzz, none of the tools used in this emerging framework are new—in fact, they’re familiar to most security teams, which already use them liberally, albeit separately. They’re simply packaged together to dynamically create a policy-based secure access service edge that moves the security perimeter out from the confines of a box in the data center.
What benefits does SASE deliver?
For companies continuing their digital transformation to become more nimble and differentiate themselves from competitors, SASE delivers a number of benefits. The convergence of networking and security will position modern organizations to:
Better safeguard data. Through the tight integration of networking and security offered by SASE, organizations can marshal the resources to prevent data loss, provide secure access, and guard against advanced threats across an organization’s systems.
Protect and increase productivity. SASE provides the visibility, scalability, and flexibility that organizations need to let employees work from anywhere using the applications they need, add users, see and monitor data no matter where it resides, and head off potential security issues before they become a problem.
Reduce friction and dissuade users from skirting security. Users frustrated with barriers created by security controls will often find workarounds, putting their organizations at risk. But in a SASE model, security happens in the cloud and behind the scenes, improving both the user experience and workflow.
Apply consistent security policies to all devices. Tablets and smartphones are often treated like second-class citizens when it comes to security. But with SASE in play, organizations have the tools they need to deliver the same type of security experience to those computing devices as they would deliver to desktop computers—regardless of the location of the user, either in an office or remote. Consistent policy tightens security across a company’s assets.
Simplify management of security tools. The number of tools that organizations must manage has exploded in the last few years. Through SASE, those tools are integrated into a single architecture that is more easily managed.
Reimagine security as a business enabler. Security is often known as the “Dr. No” of any organization, rigidly holding users to strict policies and nixing requests to use much-needed technologies and apps that fall outside those policy norms. But SASE enables users to capitalize on the advancements of cloud applications and SaaS applications while allowing security to still implement sound policy without changing user behavior.
How does SASE work?
SASE relies on a distributed group of cloud gateways called POPs, or local points of presence, that receive traffic from other locations running SD-WAN devices. Within these POPs, all security functions and policies—from web and email security, to firewall and access control—are implemented. By deploying security in a SASE framework, security is close to users and their data and applications, visibility and control is maintained regardless of location or device type, and security is invisible to end users, who continue to work normally.
What are the challenges of adopting SASE?
Making good on the SASE premise that the cloud is smart enough, dynamic enough, and scalable enough to deliver secure access to resources, no matter where a user is located, requires some heavy lifting. A good starting point in the SASE journey is at the Secure Web Gateway, which provides a blanket of security no matter where a user is located, before adding features like CASB and DLP. That’s not a trivial change for a lot of companies because they’re moving from on-premises security, so they must put the time and resources aside and partner with the right vendor to ensure a smooth transition.
Gartner and others initially predicted that widespread adoption of SASE would take 10 years organically, but the changes in workforce and working habits compelled by the pandemic have accelerated adoption to a three- to five-year timeframe, but given the changes of the last year alone, many are looking to adopt it much quicker.
The COVID-19 pandemic has had immense impacts on organizations, primarily in the form of remote workforces that require anywhere, anytime access. This has resulted in rapid adoption of SaaS applications to cater to productivity needs but has in turn opened the door to threat actors that are taking advantage of the expanded attack surface. Security organizations are now looking to the SASE architecture as a response. According to the 2021 CyberEdge Cyberthreat Report, 74 percent of the 1,200 IT security decision makers surveyed are adopting technology that delivers on the promise of the SASE architecture.
While the pandemic initially cracked the door open to SASE, user demand for maximum flexibility and the need to support a hybrid work environment will drive most companies to embrace it going forward. Organizations that ignore these new realities and fail to build them into their decision-making process will likely pay a steep price by creating more friction around security for users and stifling productivity. Those that get on board with SASE in the next few years will be well positioned to secure and support a hybrid work environment and transform their organizations into nimble, dynamic, and competitive businesses.
Ready to take the first step in your SASE journey? Discover how security leaders are tapping into isolation-powered security solutions that deliver on the promise of SASE security.
*** This is a Security Bloggers Network syndicated blog from Menlo Security Blog authored by Mark Guntrip. Read the original post at: https://www.menlosecurity.com/blog/the-skinny-on-sase-why-its-primed-to-secure-the-cloud-first-enterprise