Operating on the edge with vigorous due diligence
Moving business processes, applications, and data to the cloud is inevitable as we expand operations and distribute workforces around the globe – yet this fundamental shift provides cybercriminals a central target and more accessible attack vectors to compromise sensitive assets. Consequently, organizations are increasingly challenged to expand the security perimeter, which often forces implementation of controls that are at odds with the evolving cloud environment. Cybersecurity experts argue that secure access service edge (SASE) – pronounced “sassy” – is a timely solution to the current cloud dilemma and it is the future of network security. Continue reading for a glimpse into this cloud-centric operation.
A netscape riddled with vulnerabilities
Network security has experienced many evolutions since the early days of the internet and its subsequent explosion into the cloud.
While the stateless access controls of firewalls nearly a quarter century ago were incapable of protecting emerging stateful technology, the consequent move to proxy technology also proved to be a vain resolve because proxies couldn’t keep up with new applications and network traffic.
Stateful inspection of applications proved to be more secure and dominated the market for many years, until the explosion of internet applications demanded yet another novel tactic to secure networks.
Next-generation firewall architecture and an array of network security infrastructures, such as internet protocol virtual private networks and remote access gateways, now enable organizations to more effectively secure traffic destined for headquarters, branch offices, and data centers. But even these solutions create new problems as they solve old ones.
Now, the inherent risks of migrating applications and data to the cloud, along with protecting the growing pandemic-era remote workforce from cyber threats, perpetuate the multitude of network traffic vulnerabilities that overwhelm CISOs and their security teams.
Perhaps it is time to get “sassy” with network security
“The future of network security is in the cloud,” says Gartner, who describes an emerging cybersecurity concept known as Secure Access Service Edge (SASE):
"In cloud-centric digital business, users, devices, and the networked capabilities they require secure access to are everywhere. What security and risk professionals in a digital enterprise need is a worldwide fabric/mesh of network and network security capabilities that can be applied when and where needed to connect entities to the networked capabilities they need to access."
While Gartner predicts that more than 40% of businesses will have a strategy to adopt SASE by 2024, many enterprises have already embraced the cloud-based network security service model to converge their multitude of network traffic and managed security products.
SASE capabilities are delivered in real-time as a service based on the identity of the entity, which includes people, devices, applications, services, IoT systems, and edge computing locations.
Its cloud-based infrastructure provides flexibility to implement and deliver security services more efficiently, including threat prevention, sandboxing, DNS security, next-generation firewall policies, and web-filtering, among others.
Integrating full content inspection and enterprise data protection policies into the framework enhances visibility into network activity and improves threat prevention, ultimately minimizing the compromise and theft of sensitive information.
The model continuously assesses risk throughout network sessions. Plus, exercising Zero Trust in the cloud, reduces faulty assumptions and protects sessions even when entities are not connected to the network.
Not only can operating on a single platform increase performance by allowing us to connect to entities wherever we are located in the world, this approach also eliminates the necessity for multiple point products, which could significantly reduce costs and IT resources.
“SASE is moving us away from a model of building defensive perimeters and internal checkpoints which replicate a world of physical security to a new viewpoint where users, systems and data carry the requisite security protocols with them as a personal force field connected to a central point of security management,” says Greg Franseth, a seasoned information technology expert and Director of Professional Services at Cadre Information Security.
Operating on the edge demands vigorous due diligence
Getting sassy with a single cloud-based platform enables CISOs and risk managers to simplify IT infrastructure and reduce the complexity of network security.
But as the industry embraces this incredible shift in network security, moving to the cloud creates a new centralized attack surface for cybercriminals to target and exploit.
We must be mindful that the fundamental objective to prevent attack-ways to our people and sensitive assets hasn’t changed. We must continue to be vigilant and innovate in staying secure.
Effectively leveraging the cloud will empower us to protect the organization from hostile cyberattacks in novel ways.