Trendwatching 2: SASE, the #nextgen Cyber
We continue on our trend watching journey. This time, based on a few recent market conversations, we explore the topic of SASE. SASE stands for Secure Access Service Edge and represents a new school of thought in Cyber Security. As you may have come to expect from us, integrations will be crucial to make it live up to its full potential!Scroll to next section
Arguably less flashy and without as much of an impact on our personal lives, when compared to the Metaverse - however, there is a shift happening in cyber security as well.
It’s been a long time coming, but with the pandemic, new and digital ways of working have accelerated and are here to stay. The Great Resignation, many Linked-In polls about the future of work, and companies changing their policies and corporate leases are just a few of the physical symptoms of the digital revolution that is taking place under our eyes.
Much like rethinking office space, jobs, commutes and other physical aspects of the future of work, the digital enablers and gatekeepers are undergoing a revolution as well. The uptick in cybercrime over the pandemic shows that there were and are many holes in our ‘old’ tools for working remotely, available to exploit.
That this is a problem is an understatement, and therefore cyber security providers are rushing to the rescue. This revolution is necessary!
Secure Access Service Edge, or SASE, is the new guiding principle for deploying security capabilities for this new digital reality. Originally coined by Gartner, it is now on the cusp of being adopted by the cyber industry more broadly. It involves moving security to the 'edge', where data is being used and accessed, and ensuring that the various security solutions in place can 'talk' to each other, to creating efficiencies and optimise the security tools you have invested in.
Whereas 10 years ago the traditional approach to cyber revolved around protecting the ‘castle’, or company perimeter, and compartmentalising around the ‘crown jewels’ that resided inside, SASE takes the user and/or endpoint as the starting point. It recognises the mobility of users (accessing data on the go, from anywhere) and the fact that your critical data can often sit in a public cloud. So rather than viewing the problem to be solved from an enterprise network lens, it moves the focus of cyber to the edge of the network. It also takes into consideration that the said 'edge' is much more volatile and flexible than in the good old local network days.
With cyber security moving to the edge of networks, the core concept moves to authentication and authorisation of digital identities. This has always formed part of any cyber security and IT controls approach, however it’s at the very heart of SASE (By the way, digital identities don’t necessarily have to refer to an individual. The edge/ endpoints on a network can refer to personal identities, device related identities, groups of users (role based) and/or particular services).
However, equally important to SASE is that other cyber security controls required for a 'defence in depth' approach (i.e. controls for detection and response, not just prevention) can also be deployed efficiently to where they are needed.
Since coining the term, Gartner has received criticism regarding whether the technology to deploy SASE is actually new, or more like a bundle of existing technologies, as well as whether or not organisations would want to buy all security products and cloud services from one vendor.
Some of the suggested benefits associated with SASE seem to suggest potential vendor convergence, such as increased efficiency, reduced complexity and ease of use. However, others see it as an opportunity to allow greater data exchange between existing technologies, to allow businesses the flexibility to choose the best of breed and adjacent technology that suits their use case.
Either way, in practice, SASE is encouraging security vendors to move to support open APIs (Palo Alto is one example of a security vendor who is leading the charge). This greatly increases the options for separate technologies to work together.
How do integrations play a role in SASE?
We all know that cyber security is a complex problem requiring investment in controls across people, processes and technology - as such, unfortunately, no one technological tool is a "silver bullet". However, the more your cyber security tools can share information (including contextual and preferably dynamically) between them, the better position you are in defend yourselves from / react to the constant cyber threats we all face.
Whilst some existing tools may 'talk' with each other via their API's, in our experience data transformations (including aggregations) are often required to achieve optimal results. If nothing else, the SASE suite (even if provided by a single vendor) needs to be fed other data from many other sources within the organisation, in order to do a good job.
You have probably guessed it by now, but this is where we come in :-).
We have certainly seen data integrations play a big role in improving cyber detection processes. However, we love to be challenged on our thinking and hereby call all SASE experts to correct us if you think we are wrong.
Should you be willing to have a further discussion to challenge our service offering in a different way - by requesting a demo to see what we are all about :) we would love that too!
Or just reach out to have coffee with us. Coffee is always on us, don't be shy.
Image by Pixabay