How SASE is shaking up cloud security

Featured article by Laura Mizrahi, Business Development Manager

There is a digital transformation taking place within organizations. Closed-perimeter security methods are becoming a thing of the past, except for extreme circumstances.

Private government facilities and confidential R&D centers can ensure the safest security by completely cutting off remote access.

But for today’s modern offices, their network needs to support remote workers, be agile, perform well, and have an easy management and operations console.

Switching to cloud computing and cloud services

Another factor to consider is the usage of cloud services and cloud computing. At least 90% of companies are working on the cloud in some fashion. Sometimes, as much as 60% of workloads are being run on a hosted cloud service, an increase from 45%. Some experts claim that by 2021, 94% of workloads will take place in cloud data centers.

There are three main types of cloud services offered by cloud vendors:

Infrastructure as a Service (IaaS) – Provides a range of computing resources in virtual environments such as data storage, virtualization, servers, and networking.

Platform as a Service (Paas) – Allows companies to develop and test applications in a closed environment, and under specific test conditions.

Software as a Service (SaaS) – These are applications which organizations and users can access through their web browser or smartphone. Examples include Google’s apps like Gmail, Google Drive, and many online services such as SalesForce and Microsoft Office 365.

Protecting the cloud with cloud security

Organizations need cloud security (sometimes known as cloud computing security) to protect their data, infrastructure, and systems. To do so, they need to use a wide range of tools to manage user policies and access controls across technologies from different vendors.

One of the biggest concerns when talking about cloud security is controlling access. The traditional closed-perimeter security methods aren’t relevant as cloud networks are connected on a near-unparalleled level.

The high number of endpoints and remote access points means there are a significant number of weak points at any one time. They are a gateway open to many types of attacks and infiltration attempts: credential theft, account hijacking, malicious code injections, data theft, and more.

This is why cloud security requires a holistic approach. The security measures and protocols in place need to be layered, enable encryption, and use more than 1-factor authentication.

There is a new cloud security framework that is shaking up the cloud security landscape, Secure Access Service Edge. It’s a term defined by Gartner to describe a new type of security architecture that allows organizations to secure their cloud applications and data from a cloud-based, single console.

What is SASE

This new network architecture allows organizations to combine their WAN with important cloud security features to secure cloud access, web gateways, firewalls, and security brokers.

The main objective of SASE is to put the cloud at the network’s center, which is important as organizations increasingly shift to using cloud-native SaaS solutions which offer fully functioning applications such as CRM, ERP and email.

Many organizations have also found that their DevOps and cloud are now inseparable. A centralized cloud network allows DevOps to better automate, test and deploy continuously. While a SASE cloud-focused solution allows DevOps security to integrate security into their workflow and ensure that even though they’re working almost entirely on the cloud via cloud-computing, there are no weak endpoints which can be exploited on the network.

With businesses and apps increasingly under attack, security is more important than ever before. function

This strategic shift allows the network perimeter to extend to remote users wherever they are located, and protect many endpoints, such as smartphones.

Let’s look at an example; Many departments, such as sales teams, are often mobile, traveling to conferences and sales meetings.

While traveling, they will need to access their organization’s apps in the cloud, which poses a security risk because they are located outside the perimeter of normal security network capabilities. Public Wi-Fi poses a considerable security risk along with the danger of theft and malicious code or apps already installed in the user’s device.

SASE’s multi-layered approach allows users to use protocols such as cloud VPN and Zero Trust simultaneously to guard against compromised credentials or malware.

Today’s modern businesses require a security solution that’s cloud-centric and allow secure access from remote locations.

Benefits of SASE

SASE is a bit of a hot buzzword in network security, but that doesn’t mean it doesn’t provide tangible benefits without compromising security or performance.

Reduce your costs: Sourcing security solutions from multiple vendors for various point solutions increases your overall security costs. It’s more cost-effective to leverage one solution instead. Consolidating your vendors and technology stacks also reduces the complexity.

Zero Trust Network Access (ZTNA): Instead of authorizing access based on IP or location, ZTNA ensures that each time a connection is requested, the device and user are never trusted, and must be approved every time.

Built-in holistic security features: Critical security features such as firewalls, IPS, anti-malware and URL filtering are built into the cloud-native security infrastructure

Easy to scale: Similar to how cloud servers drastically changed how organizations vertically and horizontally scale their servers, cloud-native SASE solutions are simple to scale