SASE. It sounds good, doesn’t it? Fresh, nice, and very futuristic. Who wouldn’t want to be part of the SASE world? But what is SASE? 33% of IT leaders cannot confidently describe SASE, so let’s change that.
The term SASE was first coined in 2019 by Gartner’s leading security analysts Neil MacDonald, Lawrence Orans and Joe Skorupa. It refers to Secure Access Service Edge and signifies a shift from conventional data center networking and security service stacks into cloud-enabled architectures that move user and endpoint identity to the edge.
Making sense of SASE
As one of NetMotion’s EMEA security engineers, I wanted to share my thoughts about SASE, and the adoption of this framework as more organisations pivot to cloud-based applications and services that cater to their hyper-mobile workforce.
I remember when I first heard the term SASE. It was a journey of discovery that exposed me to new technologies, drivers, challenges, strategies and more. We engineers are always looking for new services, technologies and capabilities that drive business to enhance security and the user experience.
“But SASE can’t be categorized as a capability, a feature or a checkbox that can be turned on in security infrastructure devices. It’s a framework composed of multiple capabilities to embrace the current digital business transformation.”
– Jose Navarro, Security Engineer
Some of those capabilities include SD-WAN, SWG, CASB, NGFW and ZTNA. A lot of acronyms, for sure. As a security engineer it can sometimes be a daunting task to discuss how new technologies and capabilities may fit into an existing security and network posture, and ultimately how these can adapt to mid- and long-term business goals.
There are a lot of variables to consider, too, such as the number of consoles required to manage the security posture, issues with configuration complexity, skillsets, scalability, speed, and visibility. Taking this view is especially important when one of the goals is to eliminate work that could be considered unnecessary.
A cloud-based world
SASE was born to address the numerous problems caused by relying on network security architectures being at the center of connectivity in a data center. Legacy applications cannot efficiently support newer networking ideologies and use cases, such as the presence of increasingly dynamic cloud environments, hosting platforms such as AWS/Azure/GCP, productivity platforms such as Office 365, powerhouse CRM applications like Salesforce and other SaaS type offerings. The impact of remote working also cannot be ignored, as it drives a growing number of enterprises to adopt distributed data.
When it comes to SASE security, the exact same concepts exist as before. So, on a high level, it’s still all about confidentiality, integrity and availability of data, the ‘CIA’ triad. All information security vulnerabilities, exploits, and attacks pertain to one or more of the three components of this triad. In practice, this means protecting devices, users, applications, workloads, and data itself from issues.
The million-dollar question
And here comes the $1 million question we all need to ask – if we move to a more mobile architecture, embracing a cloud strategy and digitalisation of services – how do we protect business now that the threats are also more distributed and dynamic? And how do we secure our employees when they can be located anywhere, on any network?
The answer starts 25 years ago.
“Security has always been based on trust. It’s the fundamental principle that helps customers reduce risk.”
– Jose Navarro, Security Engineer
Firewalls came about because of the need for trust. First it was trust in IP addresses, resulting in a firewall to segment the network. Next came a need to trust files, leading to the use of software-based antivirus tools. Then trust in URLs, applications, packet content, workload, users, etc. Over the years, the need for trust grew, and has continued to grow. Many customers are now using various solutions from different vendors to establish trust, and many times even this effort is not helping.
Traditional network and network security architectures were designed for an era when the enterprise data center was the physical center of access requirements for users and devices. Now, neither the users nor the applications are located centrally, meaning that this security infrastructure is unable to see, identify or block any remote threats and cannot effectively decrease the attack surface.
In this new, remote working world, bad actors have turned their attention to compromising end-user devices via phishing and social engineering through SMS, calls, WhatsApp, LinkedIn and Facebook. But also through software and protocol vulnerabilities, supply chain attacks and misconfiguration.
Overcoming challenges
The NetMotion platform, now a part of Absolute, is based on Zero Trust, meaning that by default it doesn’t trust any network, device or user without verification.
The platform constantly scans the user, ensuring identity through different authentication methods (NTLM, Radius, RSA, AAD, MFA, etc.), and confirms that the user is requesting access to legitimate data – either cloud-based or on-prem resources – and through an approved application within a specific time, from a secure device using specific network technology.
In fact, there are hundreds of different, dynamic conditions that can be customised by IT administrators. The minute a change occurs, admins can immediately block and enforce security measures, route, isolate or trigger remediation actions.
Let’s use a hypothetical breach as an example of how Zero Trust works. If malware, spyware, a worm, a trojan, rootkit or APT makes it to a remote device, the Zero Trust platform will isolate it. In the dark, it won’t be able to execute or move laterally through the network.
Because NetMotion lives on the end device and can be managed as a SaaS service or on-prem, we can block traffic even before it comes off the device. This removes the attack surface, making the solution much more efficient from a performance standpoint as well as enabling complete visibility into what’s going on and making it easier to respond to incidents.
– Jose Navarro, Security Engineer, NetMotion
In addition to these security advances, the ability to set QoS parameters improves voice and video, helping users who may be struggling with packet loss due to remote network conditions. We employ error correction protocols and handle up to 30% packet loss that improve user experience.
With so many building blocks, there is no single vendor who can claim to be an expert in all things SASE. For many security professionals the world of ‘SASE’ may seem challenging, but since it’s here to stay my advice would be to embrace it with open arms.
