Over the last 18 months, the world of work as we knew it has been completely turned on its head.
Where the office was once the central hub of productivity for many companies, today’s business landscape is scattered with hybrid and remote working models where employees are empowered to work where they want, and at least to some extent, when they, want and how they want.
For many, this transition has been a revelation. You don’t have to look far to find numerous studies on the possible productivity, performance, staff retention and profitability benefits that can come from encouraging flexible working, this Stanford University study being one such example.
Yet the paradigm shift hasn’t all be plain sailing. For security professionals, it has been far from it.
While many organisations were forced to adapt almost overnight to continue operating effectively in the face of national lockdowns, a truly successful transition to a sustainable hybrid working model is not as simple as flicking a switch.
Behind the scenes, various decisions need to be made to overcome a series of infrastructure-related obstacles, security being one of the largest of these.
The question is, what’s changed?
For those organisations whose IT infrastructure was previously on-premises, the focal point of protection was securing the network perimeter. This was an easily defined, easily secured boundary between the private and locally managed side of a network (a company’s intranet) and the public-facing side of a network (the internet).
In a cloud-based environment, however, the network perimeter no longer exists. And while many organisations have transitioned from on-prem models to a cloud-based infrastructure, they have retained the same security policies that simply are not adequate in a remote, perimeter-less arena.
Indeed, using security practices designed for physical office setups in a cloud setting creates a series of vulnerabilities. Relaying network traffic between firewalls is one such example, both hampering the flow of traffic and resulting in excessive, unwanted exposure.
Virtual private networks (VPNs) were quickly sought-after as an easy solution, yet these are ‘square-peg-round-hole’ by nature. Lacking in scalability and creating traffic bottlenecks that adversely impact productivity and compromising security, VPNs are simply unable to deliver the support needed to succeed in a hybrid working world.
Transform security and productivity
Thankfully, there are solutions that are both available and suitable in simultaneously supporting security and productivity needs on a remote basis.
Enter Secure Access Service Edge (SASE).
Originally coined by Gartner, SASE is a concept centred around delivering both networking and security simply, as a single cloud-based service to the source of a connection, bypassing an enterprise data centre.
Unlike VPNs and other legacy solutions, SASE has been built with a cloud-first mindset, whereby security becomes an extension of the user.
SASE is reliant on a distributed group of cloud gateways known as local points of presence (POPs). Within each POP, all security functions and policies – be it web and email security or firewall and access control – are implemented.
This is achievable as SASE is not a single solution. Rather, it comprises the integration of pre-existing network security components such as CASB, Cloud SWG, ZTNA/VPN, WAAPaaS, FWaaS, DNS and RBI with software-defined wide area networking (SD-WAN) capabilities.
The result? SASE facilitates seamless, secure SaaS adoption that prioritises both protection and productivity, creating a series of meaningful benefits.
In the case of data – often the jewel in many organisations’ crowns – SASE’s integration of networking and security capabilities allows organisations to guard against sophisticated threats while reducing the potential for unplanned data loss.
Productivity is also bolstered, with employees able to access critical data and applications in real time, wherever they might be. Where VPNs can create bottlenecks, SASE ensures seamless and speedy operation.
SASE – a new a business enabler?
With SASE showing promise on a variety of different fronts, security today has the potential to become a critical business enabler.
Where organisations may have previously considered security-related protocols or investments as a cost offering little in the way of a tangible returns, SASE demonstrates unprecedented capabilities that allow organisations to truly capitalise on the advancements in cloud and SaaS technology, without having to consider changes to user behaviours.
Be it improved protection, enhanced productivity or a heightened user experience, enterprises leveraging SASE have been empowered.
Cloud-first models are vital to the success of SASE, with platforms required to be sophisticated, dynamic, and scalable enough to ensure the successful delivery of secure access to resources on a remote basis.
Partnering with the right cloud vendor will ensure you can complete this checklist and enjoy the benefits of SASE with ease. However, equally, it is unlikely that all the varied components comprising SASE can be sourced from a single vendor.
Remember: SASE is not a single solution, but a concept comprising the integration of pre-existing network security components with SD-WAN capabilities. While some vendors do offer all-in-one services, companies should proceed with caution to avoid vendor lock in and compromises in quality.
Despite these hurdles, however, SASE can be key in many companies unlocking their true potential for years to come. And right now, the signs are promising.
CyberEdge’s latest Cyberthreat Report shows that 74% of IT security decision makers are already on the path to adopting technology capable of supporting SASE architecture.
When coining the term, Gartner had forecast that it would take a decade for SASE to be widely implemented. Yet, owing to the shift to hybrid and remote working models as a result of the pandemic, it is expected that mainstream adoption has reduced to less than five years.
Indeed, those companies that do adopt SASE within this timeframe will be well placed to enjoy its sweeping benefits for years to come, consolidating and advancing their cloud-based models ahead of the field.
Those that don’t, however, could be at risk of failing to capitalise on a number of competitive advantages while grappling with limited security and stifled productivity.