Investing in a long-term security strategy: The 3 keys to achieving SASE

Changing access needs, cloud migration, and SASE

There has been massive disruption in the way we work.

 

 

 

The workforce has grown increasingly distributed, with apps and data dispersed across locations. Users now work anywhere and everywhere, and through it all expect fast, seamless, secure access. How can networking and security ensure consistent high-performance, high-security access? And how can they continue to meet these needs in the face of continued disruption and evolution? Organisations seeking the answers to these questions have increasingly looked to the cloud; the migration to cloud-based security and networking solutions has significantly accelerated. But, there hasn’t always been a clear pathway toward to the cloud. Until now. As organisations work to migrate to the cloud — and work moves away from the data centre towards the edges of the network — exposure to threats continues to rise. To protect against these growing risks — while optimising performance at every connection — networking and security can no longer work in silos. Instead, they must work

together in tandem to connect and protect users at the edge, securely and efficiently. This is where SASE enters the picture. Recently introduced by Gartner, SASE — or Secure Access Secure Edge — is a forward-thinking framework in which networking and security functions converge into a single integrated service that works at the cloud edge to deliver protection and performance in one simplified approach.

“SASE enables companies to operate during times of disruption and provides highly secure, high-performance access to any application, regardless of user location.”

Gartner 2020 Secure Access Service Edge Forecast, Joe Skorupa and Nat Smith

 

 

 

A solid framework for SASE

At the moment, Gartner notes, no vendor offers a complete, comprehensive SASE product. However, they believe there are already SD-WAN and cloud-based security providers well-positioned to realise a full SASE portfolio over the next few years. It’s this commitment to the SASE vision, they say, that your organisation should be looking for in your current security solution — a solid foundation for the future to come.

Tomorrow’s SASE platform will not only need to deliver a number of core consolidated services — including secure web gateway (SWG), cloud access security broker (CASB), Zero Trust network access (ZTNA), firewall-as-a-service (FWaaS), & SD-WAN capabilities — it will also require a checklist of other elements critical to long-term SASE success. These include:

• Services integrated from one vendor

• A flexible consumption model

• Microservices-based architecture

• Effective security and threat prevention

• Global presence and peering relationships

• Support for all devices and agencies

 

 

 

"Gartner believes that, by 2023, 20% of enterprises will have adopted SWG, CASB, ZTNA, and branch FWaaS capabilities from the same vendor — brought together, these core service functions are a major step in the direction of SASE."

Gartner Hype Cycle for Network Security, 2020

SASE can help you streamline networking & security in the cloud, delivering:

 

 

 

The fundamentals of cloud security migration

Simplicity

The first key to SASE success lies in your ability to simplify how you connect and secure traffic.

 

 

 

By consolidating services into a single platform that extends across users, devices, clouds, campuses, and branches, you can streamline virtually every aspect of your networking and security processes — including deployment, configuration, integration, policy management, investigation, response, and reporting.

Consolidation also ensures you’re ready for the future: You may only have an SD-WAN or zero

trust solution today, but it’s likely you’ll need to extend to other services in time, and a consolidated

platform will make that transition — and your evolution to full SASE — that much easier.

Security

Next, you need the means to secure this new normal — to streamline policy enforcement, increase threat protection, and extend security services from the data center to any cloud.

 

 

 

To do so, you need the flexibility to deploy the security that’s needed by location and by user — and the ability to easily scale and centrally manage that protection across your network or SD-WAN.

Here again, convergence is key — by combining multiple security functions into a single, cloud-native service, you gain greater capability with less complexity. You also need a solution that allows you to integrate multiple security services together, so you can manage them all from one location — and the flexibility to scale security to meet your business needs.

Let’s say you start with DNS-layer security — a first line of defence against threats before they can reach your network or endpoints. From there, you might expand to add a secure web gateway for deeper inspection or a cloud-delivered firewall to secure web and non-web traffic. Then, you

might layer on a cloud access security broker to ensure protected access to cloud-based apps. With this level of flexible integration, each component takes you one step closer to SASE — and to more robust and more powerful protection.

Scalability

As cloud adoption accelerates, your internet traffic quickly multiplies.

 

 

 

You need the ability to scale to meet that traffic, maintaining maximum performance and high-throughput security every step of the way. How do you get there? There are a number of critical components

that lead to a scalable security solution: Microservices-based architecture gives you the flexibility to optimise performance anywhere. Direct peering with ISPs, CDNs, and SaaS platforms provides the

fastest route to any request. And a high-performance, high volume network allows for superior speed, reliability, and latency.

In particular, for a SASE solution, you should be looking for flexible architecture that easily integrates with other services. This architecture should allow you to:

• Build on what you already have so you can get the most from existing on-premises and cloud investments.

• Scale up or down with flexible consumption models.

• Simplify policy enforcement across environments as you transition from on-prem to the cloud.

• Expand and extend capabilities with open APIs and a broad ecosystem, letting you choose the solutions that work best for your business.

In this way, you can meet the high demands of SASE — and have the adaptability to respond to any other needs, changes, or disruptions that may come your way.

Source: https://learn-umbrella.cisco.com/ebooks/investing-in-a-long-term-security-strategy

Make your move to the cloud

Much like digital transformation, combining networking and security in the cloud is a multi-step journey that will be different for every organisation. Working together, we can help you do your journey, your way, as you integrate tools, move to the cloud, and move towards SASE.

Contact a Conekt representative to learn what we can do for your business info@conekt.com.au