Security as Flexible as Today’s Workforce

cybersecurity digital technology security picture id1310129244 2

The pandemic has changed the way we work. Employees are choosing to work from their homes and organisations are adopting a remote or hybrid workforce.

Existing network approaches and technologies no longer provide the security and access control digital organisations need. They demand immediate, uninterrupted access for their users no matter where they are located. With an increase in hybrid workforce and Software-as-a-Service (SaaS) applications, data moving from the data centre to cloud services, and more traffic going between public cloud services and branch offices a new approach for network security has arisen.

Secure Access Service Edge (SAS) is the convergence of wide area networking (WAN), and network security services like Cloud Access Security Brokers (CASB), Firewall as a Service and Zero Trust, into a single, cloud-delivered service model. SASE is delivered as a service that integrates identity, real-time context of activity, enterprise security and compliance policies, and continuous assessment of risk and trust. It protects people and groups, devices, applications and services including IoT systems, and edge computing locations.

Platform, not systems, thinking

Historically, businesses invested in point solutions to meet specific needs. But by investing in platforms that can flexibly adapt to changing needs, they can more easily adapt. Digital transformation has changed the way companies do everything from internal processes through to customer experience. That shift to platforms that are externally hosted and managed has redefined the network and its edge. This requires a rethink in security architecture.

SASE addresses these challenges by combining networking and security services directly from the cloud. It converges network capabilities and security functions by uniting zero trust, SD-WAN, data loss prevention, cloud access security brokers, and more into a cohesive security platform.

Avoiding ‘Frankenstein’ solutions

Building a robust security platform is about looking for integrated solutions. Research from IBM reveals that it’s common for organisations to deploy more than 30 different security tools. But data from Gartner reveals that almost a third of enterprises will adopt a variety of different cloud-delivered security capabilities from the same vendor. By consolidating security functions, businesses can lower total cost of ownership and improve operational efficiency in the long term, leading to better overall security.

This avoids vendor sprawl – a common challenge when trying to piece together security solutions from different vendors that aren’t designed to operate as a cohesive platform. SASE is the antidote to this. It is acquired and consumed as an integrated cloud service that can be adapted to suit an organisation’s specific needs and risks.

Evolving from CASB

CASB enforces security policies and detects anomalous activity when users access cloud applications. SASE takes this further by securing all activity from end to end including endpoint protection and application security. The pandemic created an increasingly mobile workforce with new risks to face.

On-prem solutions are no longer seen as the default answer with the cloud now seen as the optimal delivery method for new apps and services. SASE is an enabler as it can go further than CASB by delivering tools such as Zero Trust, Firewall as a Service, Data Loss Prevention and Secure Web Gateways through cloud-native tools and platforms that can adapt and grow as needed. Instead of looking for separate solutions for each, SASE integrates all these capabilities, and more, into a cohesive package

Security flexibility

The demand for business flexibility has been met by several new technologies. SaaS, as well as Infrastructure- and Platform-as a Service offerings, allow businesses to deploy applications and services faster than ever before. SD-WAN allows businesses to open and close branch offices using commodity internet rather than leased lines.

SASE can secure those new applications, services and offices quickly and with far more ease than traditional security solutions that required physical infrastructure and on-site security support.

Security for the new world

The pandemic accelerated the shift from on-prem to the cloud and completely changed the way businesses operate. As well as seeing three years of digital transformation in three months according to Satya Nadella, we now recruit the best person for the job wherever they are, not the best local person for the job.

Organizations are realizing that the traditional security architecture no longer fits a world, where a hybrid work model is the new normal. With a distributed workforce accessing apps anytime, anywhere via cloud and/or data center, SASE architecture is becoming the new standard. As a result of hybrid work, the attack surface has exploded exponentially. This means that the traditional ZTNA 1.0 model that underpins many SASE solutions is no longer adequate," cautions Peter Molloy, SASE Leader, JAPAC, Palo Alto Networks. 

He further elaborates on the need for a paradigm shift to ZTNA 2.0, a fundamentally new approach, where security is cloud-delivered integrating key aspects of Zero Trust: Least privilege access, continuous trust verification, continuous security inspection for all traffic to protect all data, and secure all applications across the entire enterprise. "Palo Alto Networks Prisma SASE platform is based upon ZTNA 2.0 that delivers on all those principles for a complete Zero Trust outcome," he adds.

Today’s organisations need greater visibility over applications and users, greater context of the remote user traffic, and greater controls to enforce consistent Zero Trust policies across users, devices, data, and apps. To do this, they need a single unified solution.

You can learn more about how to get started with SASE with this free on-demand

Peter Molloy SASE Leader, JAPAC Peter Molloy SASE Leader, JAPAC

SASE Masterclass: Shift to SASE - Practical Recommendations to Get Started.


Copyright © 2022 IDG Communications, Inc.