Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Security Architecture

The SASE Conversation in 2022, a Resolution for the Future

SASE can be a game-changer to manage risk during the continuing journey to the cloud

SASE can be a game-changer to manage risk during the continuing journey to the cloud

In 2020 Gartner introduced Secure Access Service Edge (SASE), its security methodology for integrating network and security controls to ensure that users receive the correct, risk-based level of access to systems at any moment in time. SASE is gaining momentum and according to Gartner, more than 50 percent of organizations will have an adoption strategy by 2025. Security has become more important than ever for today’s business landscape.

Now, in 2022, I’m sure that many CISOs/CIOs have SASE as a business priority with pressure for a fast and successful implementation. But SASE cannot be simply completed using a tick on the New Year’s resolution list underneath ‘Veganuary’ and ‘Couchto5k.’ SASE is a multi-element end-to-end architecture. Some elements, such as Zero-Trust Network Access (ZTNA), are new for many organizations, but another, Cloud Access Security Broker (CASB), is mature technology and in daily use. Successful adoption of SASE will need time, resource investment and focus.

In an earlier article, Getting SASE without the Hyperbole, I discussed what SASE is and how it could be such a game-changer to manage risk during the continuing journey to the cloud. This emphasized the importance of user experience and ground-up design for success. The last thing any user needs is additional stress from a new security solution when workers are already dealing with continual switches between the office and home-based working (WFA).

[ Read: Vendor Survey vs Reality on SASE Implementation ]

In SASE conversations, I have heard concerns about the need for new technologies to support the adoption. Understandably, IT managers do not want to rip out existing investments and be obligated to deploy and train their teams on different technology. This does not have to be the case, because a well-designed SASE architecture will leverage existing solutions but improve on them with greater client-to-workload visibility, system assurance and single-policy management to give a cleaner, faster and more efficient experience.

What Should you Consider for SASE?

Technologists looking at SASE should be aware of the risk that they may fall into a comfort zone and consider solutions first, but with experience being an important business metric, the right place to start is by looking at SASE benefits which include:

• Leverage existing solutions: Moving to SASE does not have to be a rip-and-replace. Recognize the investments already made in solutions and staff to manage your security, leverage the best of what you have today, work with vendors who offer a seamless move to cloud-based security and make the change at a pace that suits your business.

• Secured WFA (Work from Anywhere) Access: How and where people work has changed – at home, in a coffee shop or from the office are all now normal. User access must consider any possibility for all users and ensure fast and secure access to resources and applications, with a security layer that follows the user and automatically adapts to their changing environment.

• Adopt a single policy framework: Teams do not want to switch between multiple consoles to manage policies; it’s complex and introduces unnecessary configuration risks should a radio button or option get missed in configuration. SASE solutions should offer common policy frameworks, allowing a single policy to be applied to multiple devices, locations and resources at once. This simplifies management and can reduce the risk of configuration errors.

• User segmentation based on Zero-Trust: In the last two years there has been a shift in working practices for users, with demands for flexible and always available access. It is essential to maintain consistent security in this environment. Only consider solutions that can deliver dynamic security policies which understand changing contextual risk profiles and adapt instantly as users connect to resources.

• Security Assurance: Managing security can be complex, which a SASE architecture looks to simplify by considering needs to the network edge. Security assurance provides the next level of confidence as security teams design, modify and update policies by flagging duplicate settings, possible errors or shadow configurations before they are committed. Changes can be created, approved and committed with confidence.

• Integration with Identity Providers: Protection to the network edge requires user management, and it is essential that any solution can integrate with your chosen identity provider to give visibility into what users are doing, when and where. This visibility provides invaluable data about application usage and data insights to assist in defining effective security policies for traffic traversing the corporate network. 

Changes to How People Work are Here to Stay 

Work From Anywhere is now ‘business as usual.’ Users expect to have always-on access to the resources they need to be effective, and this must be reliable and fast – with no impact on their experience. To deliver this you need a network that just works, always providing seamless and reliable access – ideally, users should not even be aware of the network or any of the dynamic security changes that keep them successful. When done correctly, this is what a SASE architecture promises, and it is certainly a bright spot for the future of security. 

Written By

Click to comment

Expert Insights

Related Content

Identity & Access

Hackers rarely hack in anymore. They log in using stolen, weak, default, or otherwise compromised credentials. That’s why it’s so critical to break the...

Audits

Out of the 335 public recommendations on a comprehensive cybersecurity strategy made since 2010, 190 were not implemented by federal agencies as of December...

Application Security

Fortinet on Monday issued an emergency patch to cover a severe vulnerability in its FortiOS SSL-VPN product, warning that hackers have already exploited the...

Application Security

Big-game malware hunters at Volexity are shining the spotlight on a sophisticated Chinese APT caught recently exploiting a Sophos firewall zero-day to plant backdoors...

Endpoint Security

Apple has launched a new security research blog and website, which will also be the new home of the company’s bug bounty program.

Incident Response

Implementation of security automation can be overwhelming, and has remained a barrier to adoption

ICS/OT

The White House announced on Wednesday that the Industrial Control Systems (ICS) Cybersecurity Initiative has been expanded to include the chemical sector.

Application Security

Vulnerability researchers at Google Project Zero are calling attention to the ongoing “patch-gap” problem in the Android ecosystem, warning that downstream vendors continue to...