• United States



Chris Hughes
Contributing Writer

The 3 biggest challenges of SASE in hybrid cloud environments

Nov 11, 20215 mins
Cloud SecurityNetwork SecuritySASE

Tool sprawl, inadequate cooperation between network and security teams, or lack of trust can derail SASE adoption in hybrid cloud environments.

staffing the hybrid cloud public private cloud clouds
Credit: Getty Images

Despite all the promises of secure access service edge (SASE), some challenges lie ahead for organizations looking to adopt and implement SASE technologies and practices in a hybrid cloud environment. These include driving the required organizational change to make this paradigm shift, aligning responsibilities appropriately and ensuring you choose the right vendors and products to support your desired outcomes.

Hybrid cloud environments inevitably warrant a new approach to cybersecurity, including new tools and practices, and that is where SASE comes in. Many IT and security professionals will argue that there is nothing new about SASE or that it is essentially a consolidation of existing tools, technologies, and practices. There is some truth to this perspective but in many ways, consolidation and integration of disparate capabilities and methodologies is a form of innovation in itself.

Why SASE is likely coming to your hybrid cloud environment

SASE began gaining momentum around 2019 with organizations such as Gartner as the future of network security for cloud computing. Gartner also predicts that by 2024 40% of organizations will have a strategy to adopt SASE.

SASE is largely considered to be the consolidation of various security tools and methodologies such as cloud access security brokers (CASBs), firewalls-as-a-service and zero trust, each of which come with their own nuance and complexity. So why the push for SASE? In part, to consolidate the rapidly growing list of tools and methods used to secure cloud-native environments, but also to realize the benefits of the approach of SASE and its associated security model. Those include improved security, enabling zero trust, resilience, and reduced complexity.

With the quick growth of the remote and distributed workforce, many challenges were presented with how to enable secure access to organizational resources without compromising security. One way SASE does this is it shifts from a site-centric security model to a more user-centric and contextual based approach (e.g., zero trust). This could include contextual information such as geographic location, authentication method, and device posture. Rather than routing user traffic through the organization’s on-premises security stack, users are given flexibility to access applications and services regardless of whether they are on-premises or in the cloud. Security is shifted in part to the users’ devices to identify malicious behavior or compromised devices and mitigate their potential security impact appropriately.

With the move to the hybrid cloud and the remote workforce, a convergence from a security and networking perspective has to occur. The fact that with the adoption of SASE, organizations are moving away from WAN-style networking models and leaning into the use of the internet as the primary mode of communication further complicates things. This requires a different security approach given it is a network that you no longer own. That is why leaning into zero-trust methods of security and subsequently SASE are important.

These are the three key challenges organizations must face when adopting SASE in a hybrid cloud environment.

1. Greater collaboration between networking and security teams

Much like the push in devops/devsecops to break down silos between teams, SASE warrants a revisit of the roles and responsibilities, and more importantly, collaboration between networking and security teams. This is particularly true in hybrid cloud environments where you may have different security staff managing the on-premises infrastructure and security and another one focusing on cloud, although not ideal. This also includes cloud-native environments where the developers are increasingly owning more of the tech stack through infrastructure-as-code deployments.

2. Navigating the tool landscape

Another challenging aspect of SASE is just navigating the tooling landscape and associated ecosystem. Since SASE is essentially a consolidation of tools and methodologies, it creates a complex and confusing vendor ecosystem for many organizations to navigate. This is partly driven by a non-stop onslaught of vendor marketing and the diversity of tools and capabilities available to choose from.

Even once an organization settles on a specific set of tools to implement, they then need to look to their existing tech stack. This involves an analysis looking for duplicative capabilities that can sunset as the organization moves to the more modern cloud-driven SASE tool paradigm. Failing to perform proper tool consolidation can lead to tool sprawl, disjointed capabilities, and an incoherent enterprise architecture.

Surveys also show that security teams are dealing with the side effects of tool sprawl including fatigue, burnout, and frustration, which may leave critical security risks falling off the radar as teams struggle to keep up. Hybrid cloud environments exacerbate this challenge due to legacy security tooling often not supporting nor being ideal for securing cloud environments. This leads organizations to seek out additional tools to secure their cloud environments and need to integrate them with existing on-premises security tooling and practices.

3. Instilling trust in SASE

Trust is also a lingering concern for many traditional professionals when it comes to embracing the SASE approach for hybrid cloud environments. Due to the heavily consolidated functionality and goals of SASE tooling, organizations are inherently expected to provide a great deal of trust in SASE providers when it comes to covering their network and security needs. Organizations must do their due diligence to ensure they are working with partners who are reputable, have widespread market adoption, defined service level agreements, and can act as that trusted partner.

Chris Hughes
Contributing Writer

Chris Hughes currently serves as the co-founder and CISO of Aquia. Chris has nearly 20 years of IT/cybersecurity experience. This ranges from active duty time with the U.S. Air Force, a civil servant with the U.S. Navy and General Services Administration (GSA)/FedRAMP as well as time as a consultant in the private sector. In addition, he also is an adjunct professor for M.S. cybersecurity programs at Capitol Technology University and University of Maryland Global Campus. Chris also participates in industry working groups such as the Cloud Security Alliances Incident Response Working Group and serves as the membership chair for Cloud Security Alliance D.C. Chris also co-hosts the Resilient Cyber Podcast. He holds various industry certifications such as the CISSP/CCSP from ISC2 as holding both the AWS and Azure security certifications. He regularly consults with IT and cybersecurity leaders from various industries to assist their organizations with their cloud migration journeys while keeping security a core component of that transformation.

More from this author