By Paul Gillin
Cybersecurity strategies for years have been based on protecting the perimeter of the corporate network. However, as almost all organizations have learned during the COVID-19 crisis, that perimeter no longer exists. Nearly all new software functionality is now implemented as a service (SaaS) that people access from a multitude of locations and devices. No business can afford to contain the enterprise IT environment within its four walls.
The pandemic also exposed the limitations of virtual private networks, which allow remote access to secure computing resources. A VPN allows employees to “sneak in” through the corporate firewall using an encrypted connection that sits on top of the public Internet. But during the massive lockdowns, VPNs at many businesses were overwhelmed by surges in demand that slowed down traffic. Even more alarming was when frustrated users completely disconnected from the VPN to log into their SaaS apps, thereby bypassing any of the security controls and increasing the overall threat surface.
The rise of the secure access edge
A perimeterless environment demands a new approach to cybersecurity. “Just a few years ago, we were talking about remote access for short periods due to travel and typically for a small proportion of the workforce,” said Anand Ramanathan, director of products at Skyhigh Security. “Today we are adjusting to a vast and permanent cultural shift of working from anywhere.”
Three years ago, Gartner coined the term Secure Access Service Edge (SASE) to describe an architecture that combines software-defined wide area networks (SD-WAN) with a portfolio of cloud-based security tools, including secure web gateway (SWG), cloud access security agents (CASB) and zero-trust. network access (ZTNA).
SASE’s goal is to move from traditional perimeter protections to identity-based controls that securely connect people to data and apps from any device and location, even when they’re not on the VPN. Gartner predicts that more than 40% of companies will have SASE implemented or in progress by 2024, up from less than 1% at the end of 2018.
Introduction to perimeter security service
The transition to a full SASE environment is a long process for large companies. Recognizing that all-or-nothing approaches are impractical in a time of urgency, Gartner proposed splitting the security and SD-WAN components and unifying the former under the banner of security service edge (SSE).
SSE brings together the elements needed to secure access to websites, cloud services, and internal applications in a way that delivers immediate benefits in the form of reduced risk, cost, and complexity, while allowing organizations to integrate SD- WAN at your own pace. .
This cautious approach has several benefits for clients. No single vendor can offer the full functionality required of a full SASE. Separating SSE from SD-WAN allows network and security vendors to focus on their respective core competencies rather than trying to be all things to all people. The approach also speeds time to market, as vendors can deliver, and users can deploy, individual components faster, and therefore more immediate results.
“A tightly integrated SSE solution can address the management challenges of setting policies across multiple vendor management interfaces by deeply integrating security controls to reduce overhead, complexity and cost while increasing performance,” he said. Ramanathan.
Convergence of Security Solutions
A converged security approach to SSE is urgently needed. By most accounts, the average company uses between 50 and 100 different security products. The highly fragmented nature of the security industry means that few of these products communicate with each other, so the task of integrating them has been left primarily to the customer.
The key business objective of SSE is to protect applications and data by creating a pervasive cloud perimeter that encompasses all ways to access these applications and data. An SSE solution delivers this pervasive benefit and enables organizations to enforce consistent data protection and threat prevention policies across their entire estate, including users, devices, locations, and applications. Under the covers, SSE is the convergence of Cloud Access Security Broker (CASB), next-generation Secure Web Gateway (SWG), Zero Trust, and DLP technologies delivered through a single global cloud fabric, with consistent policy and security management. incidents. Each of the tightly integrated components provides coverage over different control points providing a pervasive advantage seamlessly.
A unified SSE platform helps facilitate:
- Policy compliance and incident management from a single pane of glass,
- Centralized visibility and control over data, applications and users,
- The ability to apply security controls to data wherever it goes, such as websites, cloud services, unmanaged endpoints, and private applications, and
- Reduced operational complexity of managing multiple disparate solutions
SSE presents an opportunity for IT organizations to simplify their security infrastructure by replacing multiple special-purpose hardware appliances with comparable functionality delivered as cloud services. It simplifies a chaotic mix of point products and ensures security outcomes while simplifying business users’ access to the resources they need. It’s a cybersecurity reset just when IT organizations need it most.
Click here to read more about how SSE can boost your cybersecurity strategy.