Steps towards SASE: next-generation cybersecurity for a distributed world

The network is changing. The way people connect and from where continues to change, too. Recent years have seen enterprises transform and move applications increasingly into the cloud. And to keep up, security needs to transform together with that shift. Secure Access Service Edge (SASE) is the cybersecurity approach you need.

To begin with, it is worth stressing that SASE is not a product. It is not a box, and it is not a solution, even if certain vendors try to pitch it like that. It helps to think of SASE as a mindset, a new way to consider cybersecurity. In fact, as explained by Orange Head of Cyberdefense in Asia Pacific David Allott on a recent webinar, SASE is “a smart marriage of networking and security.”

SASE enables IT administrators to handle both network and security together in the cloud. It is something that has become vitally important in the last couple of years, as millions of people were forced into remote working by the pandemic. The shift in where people worked meant that enterprises suddenly had a whole new attack surface to monitor. No longer was the corporate network the perimeter, the threat landscape had multiplied hugely, and malicious actors had all kinds of new targets. Personal devices, home networks and potentially unsecured access to corporate data were all now in play, all being used by workers who didn’t have the IT department team sitting a couple of floors above or below them to keep an eye on them.

What does SASE do to help?

SASE offers a new approach to security in a distributed world. SASE presents a cloud-delivered solution married to software-defined wide area network (SD-WAN) and security functions. It enables you to secure your WAN in a cloud-native way and represents a big leap forward from the traditional method of running your security in a centralized data center. “Cloud is the new data center, the Internet is the new network, and the office is not a place anymore. And in the post-pandemic world, people are the new perimeter,” said Allott.

That post-pandemic thinking must incorporate increasingly distributed and remote workforces. Your employees may be working in a hybrid model moving forward, sharing their work time between the office, their homes and other remote locations. When not in the office, they’ll be connecting to distributed resources like multiple public clouds and SaaS applications, as well as your traditional data center. It leaves the customary access via VPN seeming outdated: in a cloud-native world, you need a cloud-native approach to security. SASE addresses that need.

Furthermore, SASE is based on identity, which is also designed perfectly for our increasingly distributed world, and a more progressive approach than a user’s or machine’s IP address. The identities of users, groups or devices form how SASE delivers policy-driven access, and also factor in context around that identity to make policy decisions. That might mean a user’s location or a device’s security posture – it could even mean what time of day an access attempt is made. These identity aspects enable SASE architectures to develop continuous access enforcement rules at the network level, also known as zero-trust network access (ZTNA). Zero trust takes a user’s identity and applies policy-based decisions to each request made by that user. Identity-based authentication is the bedrock of SASE.

No one-size-fits-all SASE

Implementing SASE in your organization is not a checkbox exercise: each enterprise will have a different journey. You’ll have a starting point: you will need to evaluate your SD-WAN and SASE requirements and make decisions based on that. Also, each enterprise's endpoint make-up is different, so customization and flexibility are needed. Your SASE journey should deliver greater flexibility and data protection, reduced complexity and improved performance, which have knock-on effects on productivity and profitability.

“SASE is a new mindset, not a new solution," said David Allott. "Remember the move to SASE is going to be a series of incremental steps, and if done right, is an ongoing thing. Identifying which of your data is most sensitive, where it is and controlling it is all part of your SASE journey.”

Gartner has predicted that 40% of enterprises will have adopted SASE strategies by 2024, but it is important to remember that SASE is a journey, with a starting point and a phased approach.

Your path to successful SASE

Some steps to take to get your SASE journey started off on the right foot include:

1. Build the business case. For a SASE approach, you need buy-in from key decision makers. Do this by making an argument for both a strategic, long-term shift as well as the immediate gains that SASE can deliver in your now increasingly distributed organization.

2. Knock down internal walls. SASE needs a unified approach, but security and network teams are siloed in many organizations and do not communicate enough. Ensure your security and network teams are working hand in hand from the start, and you will reap the benefits further along your SASE journey.

3. Make your move to SD-WAN. SASE needs a software-defined network to deploy cloud-based services to the edge, so you will need an SD-WAN in place plus a remote access solution to guarantee consistent security for your remote workers.

4. Migrate your legacy data center security to the cloud. With your SD-WAN deployed, you need to move your old on-premises security to cloud-enabled POPs on your SD-WAN. A specialist cloud security provider can help you here.

5. Make the move to zero trust. You are going to need to change your mindset to deliver successful SASE, and an essential stop in that direction is migrating to cloud based security with zero trust network access, with identity based access to all applications built in.

6. Lead from the front. SASE is a mindset, not a solution, and that makes it a cultural, organizational-level change, not just a technical one. You must ensure buy-in from C-level executives and have your chief information security officer (CISO) take the lead on transforming your security for a cloud-native world.

 

Learn how SASE can transform your security for a more distributed world and how Orange Cyberdefense can support you along your SASE journey in our webinar: Intelligence-led SASE – Finding the Right Path.

Steve Harris

I’ve been writing about technology for around 15 years and today focus mainly on all things telecoms - next generation networks, mobile, cloud computing and plenty more. For Futurity Media I am based in the Asia-Pacific region and keep a close eye on all things tech happening in that exciting part of the world.