The path to the future of Network Security has been laid down in good detail by Gartner when they introduced Secure Access Service Edge (the real SASE) late last year. At a high level, SASE moves the focus of cyber security from data centers to user identity based security delivered in the cloud. Gartner sees the shift happening over the next few years as enterprises move to the cloud and understand the difficulty in ensuring consistent, visible and manageable security policies to end-users who are as mobile as their devices are diverse. There are a number of solutions in the cyber security space today starting from SDWAN, Secure SDWAN, FWaaS, CASB, ZTNA, etc. SASE does a great job of converging all of these into a single architectural framework that sets the blueprint for vendors everywhere to adhere to. All of this is great, but what is the State of Affairs today?
Realising that cloud is where the future lies, many companies are moving or have already moved, their engineering applications, finance, sales and other systems to a cloud infrastructure. For companies that have not yet adopted the cloud-first approach, they have to tackle at least 3 main challenges
Barriers to entry
- It is important to understand that while technologies evolve rapidly, the people who have to use and implement these technologies are not at pace with the changes. The IT personnel have been used to physical data centers that reside on-prem, over the years.
- The investment that has been made on building out data centres on-premise need to show some returns. It is not an easy decision to phase out the existing infrastructure and move to a public IaaS, especially given the downturn that the economy has taken. CISOs, CIOs and CFOs have their task cut out in deciding the timing of the move to the public cloud.
- Maintaining visibility and consistency in the security posture. No one wants to make the headlines for a breach in the data warehouse.
Companies that have made the decision are in one of three phases:
- Entering a Cloud-first approach
- In the middle of a transition
- Completed the transition to multi-cloud
Entering a Cloud-first approach
These companies are best placed to adopt a SASE architecture as they are still planning and exploring their security options. They can discard the existing and aged network-based security model which hinged on physical devices and a perimeter only approach to security. Embracing the reality of securing a mobile and diverse workforce by distributing the security to the end-user is prudent. There are few truly SASE compliant vendors in the world today and selecting one that is on the path to becoming a SASE vendor is important. Many lay claim to the title of SASE and most of them are SASE slideware companies.
In the middle of a transition
Most enterprises across the globe are in this stage – transitioning to the public cloud and therefore, in a Hybrid cloud model of deployment. For these companies, the security is also hybrid in nature with a mix of hardware and software NGFW appliances, threat detection and prevention equipment and IaaS cloud-native security implementations. These may, in varying degrees, be Secure SDWAN, Zero Trust Network Access and/ or Cloud Access Security Broker solutions. The best bet for these enterprises is to stick to their current plan and adopt a wait and watch approach as vendors make a rush towards SASE. The SASE market will take a few years to stabilise and monitoring those developments while continuing with the current transition plans is the best way forward.
Completed the transition to a multi-cloud
If one of those few companies that have truly completed the transition to a multi-cloud deployment of the data centre and networks, then it is time to begin the next phase of security planning. In the latest cycle of centralisation and de-centralisation, SASE centralises all architectural components such as WAN Optimization, Network Security, Networking as a Service, Cloud SWG, etc. and decentralises the security by ensuring a local PoP providing network edge security. Identity-driven security is still in its nascent stage and inevitably, it will be the new norm in a few years. As enterprises move to provide their employees and users cutting-edge experiences, the need for assessing and combating the threats that the new technologies provide is super-important. Partnering with the right vendor with a history and long-term vision for securing every point of access in the network is the way to go for these enterprises.
All security vendors are jumping on to the SASE bandwagon and credit to Gartner for introducing a model that resonates with all. However, there is hardly any vendor out there today, who has a completely home-grown, integrated pieces of the puzzle that make up a cloud-native security offering that is SASE. Till the dust settles in a few years from now, one must pick what is right for one’s own business. It is not necessary that every company needs all the components that make up the SASE framework today. As with everything in life, it depends.