BLOG – As businesses rely more than ever on cloud and SaaS applications, and people literally work from anywhere, security and network architecture must evolve as well. Things have moved so fast in recent years that updating old systems is no longer enough. To protect data and applications, another framework is needed that shifts the security perimeter from the classic IT environment to the cloud: SASE.
Sase, or secure access service edgeis a framework of solutions and technologies that make transactions safe and efficient. It offers an architecture that is more scalable than tying together firewalls that are already fifteen years old. SASE basically consists of two building blocks: wan edge services (sd-wan), software-based network management; and security services edge (sse), the component within sase that specifically focuses on security.
On the one hand, these building blocks provide a consistent network and security policy with context. This gives security teams a very granular view of the profile of users, the device and network they use, but also the actions they take and the data they interact with. On the other hand, SASE ensures that users enjoy a consistent user experience, wherever and whenever.
Ultimately, this should provide the ability to enforce a zero-trust policy, something that many organizations still struggle with because they don’t know how to implement that security concept (never trust, always verify) to be able to put into practice.
Tools
Sase reduces risk and simplifies management for security teams, which is necessary when you look at today’s security tools. From a secure web gateway or a cloud access security brokerto a next-gen firewall and a vpn; each components that only capture a fraction of your security policy, but all have their own management module that you cannot consistently transfer to other components. The risk of leaks is therefore not small, especially because the management of all those tools is simply too complex.
The as-a-service model also offers the flexibility that organizations are looking for. Suppose you suddenly have to scale up perimeter defenses after a takeover, because twice as much traffic is flowing through… In many cases, a new investment is required, but with a SASE platform, scaling is not a problem and continuity for the business is assured.
Finally, a SASE approach provides unprecedented visibility into your SaaS and IaaS transactions. It maps data flows that you were not aware of. Anyone who works with URL categorization unknowingly provides access to a whole range of applications and – worse – activities within those applications. These accesses are shadow IT applications that the business uses, but are not known to IT management. Full visibility is crucial to gain control and limit risks. Many organizations will have to comply with this within the framework of NIS2.
Cause
However, there are organizations that do not opt for a SASE architecture. The main reason is the impact of a transformation on their network architecture. For that reason, guidance by the right partners is very important. Ultimately, companies have often been skeptical about transformations. Think of the transition from centralized to distributed computing. Virtualization techniques were also not immediately popular everywhere, but today they are indispensable. Perhaps the same can be said about the adoption of SASE as about generative AI: those who do not embrace it now will soon be overtaken by companies that do jump on the bandwagon.
SASE gives IT the ability to secure the business without slowing down the user experience
We live in a time where everything wants to connect to everything. The rise of AI gives this an extra boost. In addition, 50% of all threats come from the cloud, but many organizations cannot inspect the most important traffic of applications such as Microsoft 365. As a result, their technology is full of blind spots and the data in the company is therefore insufficiently protected. An organization that wants to increase its cyber resilience must therefore focus on data.
Security teams should not allow data to be stored in untrusted or unknown places. Sase gives them insight into data flows, while simplifying management and improving the user experience. In addition, Sase makes your users more aware of the risks of their activities, without limiting their capabilities.
Sase is in no way a replacement for an existing security approach. It is part of a communicating ecosystem. It must also integrate seamlessly with tools that are in use (siem, edr, iam, pam…). With less risk, complexity and costs as a result. Thanks to sase it has the possibility to secure the business without slowing down the user experience. That makes it the architecture of the future.
Andy Quaeyhaegens is a senior channel solutions engineer at Netskope