We mentioned the Gartner-coined term SASE, in our ‘First Steps to Take’ blog and we have also explored the benefits. But whether you subscribe to Gartner’s SASE (Secure Access Service Edge) or Forrester’s ten-year-old version, Zero- Trust Edge (ZTE), it is undeniable that the next step in the evolution of enterprise security will involve zero-trust and zero-trust network access (ZTNA).
We are so interconnected in 2022, that almost all organisations have some digital exposure. According to the Cyber Security Breaches Survey 2021, 77% say that cybersecurity is a high priority. This is almost certainly linked to the increase in cyberthreat over the past two years. The same survey found that two in five businesses have experienced cybersecurity breaches or attacks in the past year. Among these, over a quarter (27%) are experiencing these problems at least once per week. These are worrying figures and clear reasons for a changing approach to security.
Bringing together network as a service (NaaS) and security as a Service, or the Security Services Edge (SSE) regardless of location and access – SASE ensures that both the network, and the data sent over it, can be accessed safely. But although it is considered the next step in security there are still some misconceptions about SASE that need to be set straight.
One size does not fit all
Despite how it sounds, SASE isn’t a single product. It is a framework or model that needs to be implemented based on individual needs and the unique attributes of your organisation. You wouldn’t go into a supermarket and buy the same groceries as the person next in line. You would purchase items based on the unique needs of your household. SASE is the same and is made up of many different components. Revisiting the grocery analogy, think of SASE as the supermarket and each item as an element of that SASE supermarket. Businesses need to collate each security product based on their unique needs. With SASE, one size does not fit all.
As simple as A, B, C
Defined perimeters securing an organisation’s network are a thing of the past. The events of the past 24 months put the final nail in their coffin. Although flexible working isn’t new, the mass remote working initiated by the pandemic led to flustered employees using any technology they could find to work under these new circumstances. This meant that many were using personal devices and consumer-oriented collaboration tools.
As a result, data and intellectual property no longer reside on servers within the traditional perimeter but are open to those that want to access and exploit it. To avoid opportunistic attackers, security leaders need to use context – and identity in particular – as the new perimeter. This is as simple as A, B, C. Access should be granted based on (A) activity, (B) behaviour, which is built over time by activity, and (C) context. By understanding malicious activity, unusual behaviour, and abnormal context you can start building control at a business level and move towards SASE.
Avoiding the roadblocks
With that said, to continue on the road towards SASE there are some roadblocks to be mindful of.
Avoid taking any routes down dead ends and check the direction of travel occasionally. If you are about to invest heavily in proxy-based solutions or increase MPLS (Multiprotocol Label Switching) significantly, then there is a chance that you might be on the wrong track. If you are yet to decide on a route, then head towards Zero-Trust or ZTNA which is a significant part of the SASE journey.
A look inside the crystal ball tells us that while SASE is on the horizon, there is still work to be done before it can be fully realised. In the interim, making the right decisions today, could determine successes tomorrow.
Want to learn more about the common roadblocks and myths of SASE? Join Richard Walters Thursday 27th January at 2:35pm for Plan Smart: The Future is SASE.