By Paul Gillin
For years, cybersecurity strategies have relied on protecting the corporate network perimeter. Yet, as nearly every organization has learned during the COVID-19 crisis, that perimeter no longer exists. Almost all new software features are now deployed as a service (SaaS) that users access from a multitude of locations and devices. No longer does a business have the luxury of containing the enterprise IT environment within its four walls.
The pandemic has also exposed the limitations of virtual private networks, which allow remote access to secure computing resources. A VPN allows employees to “tunnel” through the corporate firewall using an encrypted connection that overlaps the public internet. But during mass shutdowns, many companies’ VPNs were overwhelmed by surges in demand that slowed traffic. Even more alarmingly, frustrated users disconnected from the VPN entirely to connect to their SaaS applications, bypassing all security checks and increasing the overall threat surface.
The Rise of the Secure Access Edge
A perimeter-less environment requires a new approach to cybersecurity. “Just a few years ago, we were talking about remote access for short periods of time due to travel, and typically for a small proportion of the workforce,” said Anand Ramanathan, product manager at Skyhigh. Security. “Today we are adapting to a vast permanent cultural change of working from anywhere.”
Three years ago, Gartner coined the term Secure Access Service Edge (SASE) to describe an architecture that combines software-defined wide-area networks (SD-WANs) with a portfolio of cloud-based security tools, including Web Gateway Cloud Access Security Brokers (CASBs) Secure (SWG) and Zero Trust Network Access (ZTNA).
SASE’s goal is to move from traditional perimeter protections to identity-based controls that securely connect people to data and applications from any device and location, even when they are not on the vpn. Gartner predicts that more than 40% of companies will have SASE in place or progress by 2024, compared to less than 1% at the end of 2018.
Introducing Security Service Edge
Transitioning to a full SASE environment is a long process for large enterprises. Recognizing that all-or-nothing approaches are impractical in times of emergency, Gartner proposed separating security and SD-WAN components and unifying the former under the banner of Safety service edge (ESS).
SSE brings together the elements necessary to secure access to websites, cloud services and internal applications in a way that generates immediate benefits in the form of reduced risk, cost and complexity while enabling organizations to integrate SD-WAN components at their own pace. .
This conservative approach has several advantages for clients. No single vendor can provide all the functionality required of a complete SASE. Separating SSE from SD-WAN allows network and security vendors to focus on their respective core competencies rather than trying to be everything to everyone. This approach also speeds time-to-market, as vendors can deliver – and users can implement – individual components faster, resulting in more immediate results.
“A tightly integrated HSE solution can address the management challenges of implementing policies across multiple vendor management interfaces by deeply integrating security controls to reduce overhead, complexity, and cost, while increasing performance,” Ramanathan said.
Convergence of security solutions
A converged security approach for SSE is absolutely necessary. By most accounts, the average business uses between 50 and 100 different security products. The highly fragmented nature of the security industry means that few of these products communicate with each other, so the task of integrating them has been mostly left to the customer.
SSE’s key business goal is to protect applications and data by creating a pervasive cloud edge that spans all ways to access those applications and data. An HSE solution delivers this pervasive benefit and enables organizations to enforce consistent data protection and threat prevention policies across their entire fleet, including users, devices, locations, and applications. Under the covers, SSE is the convergence of next-generation Cloud Access Security Broker (CASB), Secure Web Gateway (SWG), Zero Trust, and DLP technologies delivered through a single global cloud framework, with consistent policy and incident management. Each of the tightly integrated components provides coverage on distinct control points that seamlessly deliver the ubiquitous advantage.
A unified HSE platform facilitates:
- Policy application and incident management from a single screen,
- Centralized visibility and control over data, applications and users,
- The ability to apply security controls to data wherever it resides – such as websites, cloud services, unmanaged devices, and private apps – and
- Reduced operational complexity of managing multiple disparate solutions
SSE offers IT organizations the opportunity to simplify their security framework by replacing multiple special-purpose hardware devices with comparable functionality delivered as cloud services. It simplifies a chaotic mix of point products and ensures safety outcomes while making it easy for business users to access the resources they need. This is a cybersecurity reboot just when IT organizations need it most.
Click on here to learn more about how SSE can boost your cybersecurity strategy.