As remote working has become more common precipitated by the pandemic, the attack surface for an enterprise’s network has also increased
With employees accessing the network from a variety of locations, the corporate network perimeter has moved to the device endpoint – and with that comes a new set of security considerations and possible vulnerabilities. Implementing the appropriate cyber security measures is critical for IT teams to keep an enterprise protected from bad actors. Wherever your employees are working from, they need the same level of secure access to tools, services and applications.
To improve their security posture, enterprises are steadily turning towards the latest set of cloud-based security capabilities under the Secure Access Service Edge framework – otherwise known as SASE. There are currently different interpretations of what SASE means, making it potentially difficult for businesses to decide what solution they really need.
The main components of SASE
Underpinning the SASE concept is the integration of networking functions of SD-WAN with performance-enhancing and security features, such as secure web gateway (SWG), cloud access security broker (CASB), and zero-trust network access (ZTNA). Since the industry acronym first emerged, the definition of SASE has been gradually expanding, and what a SASE deployment should look like is still evolving. There are therefore several approaches to deploying SASE, each with inherent benefits and challenges.
The theoretical ideal is the single source approach, with one technology provider delivering a full SASE solution. Unfortunately, this approach is hindered by the fact that most vendors in the market cannot provide one or several of the key SASE components. Leading vendors are moving toward being able to deliver a mature and complete solution, but currently most organisations that are deploying SASE find themselves needing to select several vendors. To mitigate complexity, a two-vendor solution offers a fair compromise, with one provider focused on SD-WAN and network functionality and another on the various security features. Deployments featuring three or more vendors are also common, with multiple providers for the security components of the solution. Industry analysts predict that most organisations will look to consolidate vendors as the market continues to mature.
For many organisations this has made SASE a new frontier to explore, with myriad features, functionality and limitations to understand and navigate in order to optimise their secure network management.
SASE in the world of today
Despite the somewhat sprawling look of the nascent market landscape, SASE is poised to become the next big paradigm shift for enterprise network security, as it promises to reduce complexity and costs, improve network performance and latency, and enable businesses to adopt a zero-trust network access approach as businesses migrate to a more permanent hybrid workforce model.
Users gain access to the network based on their identity, device and application – rather than the IP address or physical location. The advantage of this is that it will ensure secure access to company data resources whether employees are working in the office, from their homes, or at a nearby café.
What enterprises need to be aware of, however, is that as this remains a new technology, providers are still refining their solutions. Today’s path towards SASE should reflect this – enterprises shouldn’t rush and jump at the latest technology trend but instead take a step back and consider what their needs are.
Evaluating a SASE approach as the way forward
As business leaders start thinking carefully about how they adopt this new security framework to fortify their network for the new workforce model, a few key considerations can help guide the decision-making process.
They should first ask themselves how the SASE solution needs to be designed to address their specific business challenges. This includes how the solution improves the user experience. Additionally, they need to assess the solution requirements to ensure alignment with their risk management strategy. Finally, they need to carefully evaluate the advantage of opting for a managed security versus DIY approach to realize the full benefit of the cloud security functionality integrated with the network functionality.
If in doubt, always consider working with a trusted advisor that can demonstrate a keen understanding of the expanding cyber-threat landscape and most effective technologies to protect against network breaches. Additionally, seek providers that have professional services resources that can help evaluate the key security considerations and approaches optimized for your business.
About the Author
Samir Desai, Director of Managed Services at GTT. GTT connects people across organizations, around the world and to every application in the cloud. Our clients benefit from an outstanding service experience built on our core values of simplicity, speed and agility. GTT owns and operates a global Tier 1 internet network and provides a comprehensive suite of cloud networking services.
Featured image: ©Eduard Muzhevskyi