Secure Access Service Edge Archives - Cyber Secure Forum | Forum Events Ltd
Posts Tagged :

Secure Access Service Edge

SASE – The risk of over-rationalising

150 150 Stuart O'Brien

Chief Information Security Officers (CISOs) are being encouraged to build a Secure Access Service Edge (SASE) migration plan to create a robust Zero Trust architecture, while also consolidating the security vendor suite. Yet, while the concept of single vendor SASE solutions may appear to meet goals for rationalising security costs and complexity, it creates untenable risks for any organisation operating in a high assurance industry. Paul German, CEO, Certes Networks, explains why a best of breed SASE framework from a single Managed Service Provider is key to de-risking SASE for high assurance companies…

Trusted Framework

Secure Access Service Edge (SASE) is the future, according to market research analysts including Gartner, which predicts that by 2025 at least 60% of enterprises will have explicit strategies and timelines for SASE adoption encompassing user, branch and edge access, up from 10% in 2020.  Encompassing multiple security capabilities into a single deliverable, SASE deployments include Software Defined Wide Area Network (SD–WAN) connectivity, Cloud Access Security Broker (CASB), Zero Trust Network Access (ZTNA), Firewall-as-a-Service and Secure Web Gateway.

But while vendors are beginning to flood to the market with branded ‘SASE solutions’, there is a degree of confusion about SASE that is adding significant operational risk, especially to organisations in highly regulated industries, where data sensitivity combined with the threat landscape demands a far more robust approach.

One of the touted benefits of the SASE framework is the opportunity to address the challenges created by a patchwork of vendors and policies deployed incrementally, often over many years, in response to evolving security threats. The result has often led to complexity for both users and administrators, with different product lifecycles creating both confusion and potential weakness within the security posture. SASE is viewed as a pragmatic security model that provides an opportunity to rationalise and consolidate vendors to reduce complexity and potentially cut costs.

High Assurance Risk

For smaller organisations and those in un- or lightly regulated industries, single vendor SASE is a viable option. It provides a clear security framework and, with a single contract and single console, an organisation has a complete view of its security posture in one place, most likely for the very first time.  For those organisations operating in regulated industries, including government, finance, critical national infrastructure and healthcare, however, single vendor SASE creates an unacceptable risk – and one that no CISO should countenance.

A key point is that no vendor can offer best of breed technology across the entire SASE solution, which means organisations will by default compromise the quality of technology in one or more areas. Far more concerning, though, is the risk created by the single source of all security components: one of the many benefits of SASE is its delivery as a cloud orchestrated service, but if there is any vulnerability within the single SASE product set, it will affect every part of the framework, every part of the infrastructure.

In contrast, a SASE framework built upon individual, best of breed suppliers for each part of the solution increases the end to end quality of the SASE deployment. Furthermore, the inevitable overlap between supplier solutions also further reduces risk by adding redundancy – if one firewall is compromised, for example, another part of the SASE solution will likely include functions that provide some degree of protection to safeguard the enterprise. Critically, by implementing a solution based on multiple vendors, an organisation avoids the risk associated with a single code, minimising the chance of a vulnerability affecting the entire security stack.

SASE without Compromise

SASE is becoming an increasingly important security model for businesses of all sizes, in all industries. But there never has been a security silver bullet. While a single vendor approach creates too much risk for high assurance businesses, the concept of SASE as a framework with all of the key components built in is absolutely the right approach. The goal is to find a solution that integrates best of breed security components from multiple vendors to de-risk the security posture, while also delivering the benefits of a single managed solution, including consolidated security dashboard, from one organisation.

eBOOK: How to get started with Zero Trust Network Access (ZTNA)

960 640 Stuart O'Brien

By Censornet

Zero Trust is a paradigm that is becoming a guiding philosophy for the cybersecurity industry. But the technology that will turn the thinking into a reality is Zero Trust Network Access (ZTNA).

By 2023, 60% of enterprises will have phased out VPNs (virtual private networks) and replaced them with ZTNA, Gartner has predicted.

Even if an organisation has not yet considered moving to a Zero Trust model and implementing ZTNA, it should be laying the groundwork to ensure the changes happen as smoothly as possible. Censornet can help you on this journey, which we’ll start by explaining a little more about Zero Trust and ZTNA.

Goodbye VPN, hello ZTNA

Zero Trust and ZTNA turn the familiar mantra of ‘connect then authenticate’ on its head. Instead, Zero Trust demands a security approach where users must ‘authenticate, then connect’ and reminds security teams to ‘never trust, always verify’. In short, context – including identity – is everything.

ZTNA isolates systems from potential trespassers and hides applications from the internet. This makes applications more resilient to many forms of network-based attack including scans, vulnerability exploits, DoS and DDoS attacks.

Before letting anyone into a network, they should first be identified.  Risk should be assessed at that point, based on context, but also continually throughout the session. It is no longer enough for a user to simply fire up a VPN and connect. Identity, along with other contexts such as time and day must be considered, as well as other data points such as device, location, and even geo-velocity.

First steps to Zero Trust

For many organisations adopting a Zero Trust model, using ZTNA, is the first stage on the road to the next great paradigm: Secure Access Service Edge (SASE). Censornet’s guide will help you understand Zero Trust, discover how it can benefit your organisation, and assist you with taking those crucial first steps towards the future of your own cloud security.

Download your free copy now!