A SASE-y Future Awaits Cybersecurity
- By Lachlan Colquhoun
- January 04, 2021
One of the significant trends from 2020, which will continue into 2021 and beyond, is the decentralization of people, networks, and infrastructure.
Fortunately, many of the trends seem to be complementary. In a decentralized world, there is more collaboration, cloud migration, and interconnection. The business environment is also exploding with APIs and apps, all of which help businesses scale, become faster, and be agile.
Behind all of this lies security. And alongside it is a new approach to security, which is likely to be one of the other big technology movers of the year.
More than an acronym
The IT world is justly famous for creating meaningful new acronyms. If I could make a 2021 prediction, it will be that we will all be talking a lot about the Secure Access Service Edge (SASE) this year.
A distributed workforce with a decentralized infrastructure needs a different security posture as part of that architecture. Cloud-based SASE is rapidly developing as an appropriate solution.
The number of remote users and SaaS applications are increasing. A new approach is required to deliver security in a dispersed environment where data is moving between users, devices, data centers, and the cloud.
With modern working, the whole idea of the perimeter is redefined, and security needs to be delivered beyond its traditional bounds. SASE does this through automatic and destination-based policies, which are independent of where the users are.
The organization is no longer a fortress with medieval curtain walls and moats as a firewall. It is more like a configuration of linked locations, like a constellation.
Keeping pace with change
With a comprehensive SASE platform, organizations can keep pace with cloud adoption, remote work, BYOD and benefit from the convergence of SD-WAN capabilities and a full network security stack.
Will Houcheime, the Product Marketing Manager for security vendor Bitglass, uses the example of a single remote worker using their own device to illustrate the SASE point.
“For example, let’s say Karla, a marketer, attempts to use her personal computer or phone to access a sensitive file in Box that Mark, a member of HR, sent her,” says Houcheime.
“If she accesses this on an unmanaged device without data loss prevention tools in place, it could lead to a security breach. This is where cloud access security broker (CASB) technology comes into play; it enables the IT team to provide secure access to cloud resources on managed and unmanaged endpoints. Scenarios similar to that one are becoming more and more common as organizations increasingly adopt cloud, BYOD, and remote work.”
Houcheime says that a CASB vendor can use advanced, behavior-based detections to identify and block even zero-day malware at upload, at download, and at rest. This unique capability cannot be obtained with reactive, signature-based protections.
“Policies that accomplish this are easily configurable within a selected vendor’s dashboard,” he says.
“Admins simply select the malware data pattern and block. This way, when employees fail to implement best security practices, ATP can stop malware in its tracks.”
Time to focus on SSO
Identity management and proper authentication are the cornerstones of security and are needed for granular, contextual data protection policies.
Houcheime urges organizations to seek a vendor that provides single sign-on (SSO) natively and integrates with other leading identity providers.
SSO serves as a single point of authentication for users accessing cloud resources. Additionally, step-up multi-factor authentication (MFA) can be used to confirm each user’s identity, exhibiting unusual behavior, or accessing sensitive corporate information in the cloud.
“As a part of a SASE platform, CASB technology can provide cross-app visibility through detailed logs of all cloud transactions, including logins, uploads, and downloads. When employees like Mark or Karla interact with applications, all file, user, and app activity is logged. Detailing all interactions in the cloud enables audit, assists with demonstrating regulatory compliance, and ensures that security policies are working properly,” says Houcheime.
“Chosen vendors give administrators activity logs that display which users are accessing sensitive data when it is being accessed, which applications are being utilized, as well as what type of documents are being downloaded and when DLP policies are triggered.”
With data protection, threat protection, identity management, and full visibility, organizations need assurance they have proper security over their managed SaaS and IaaS instances.
We are likely to hear a lot more about it as organizations continue to evolve their infrastructure and assets to address the 2021 environment in configurations that will require new thinking on security.
Image credit: iStockphoto/Natali_Mis