SASE: Understanding the new kid on the block
Article updated 27th June 2022
Secure Access Service Edge, better known as SASE (pronounced sassy – yes that is right) was one of the new security terms on the block in 2019. But it’s actually been around for some time, just without its official moniker. It is expected that by 2024, at least 40% of enterprises will have strategies in place to adopt SASE, according to Gartner.
In this post, we take a look at why its popularity is increasing, what the term means, and how vendors and organisations are utilising it to enable digital transformation.
So, what is SASE?
The phrase was first coined by Gartner in mid-2019, described as an architectural transformation of networking and security, providing a holistic, agile and adaptable service to IT.
The benefits of SASE include the service being identity-driven, cloud-native, and the ability to be globally distributed and securely connect all edges of an organisation. It combines network security functions such as; Secure Web Gateway, Cloud Access Security Brokers, FWaaS and Zero Trust Network Access with WAN capabilities, supporting the dynamic access needs of businesses.
Traditionally traffic would be rerouted by companies to a place such as a firewall, where it would be inspected for attacks. However, this activity creates inefficiencies and is cumbersome for most businesses. SASE is a new paradigm that brings security to where the traffic already exists, not forcing it outside of the business.
Just another marketing term in the making?
Whilst analysts have described SASE as the new go-to security model and anticipate many organisations will move to adopt SASE in the next few years, they have advised businesses to be wary and question vendors. As it gains more popularity, SASE no doubt will become a well-touted marketing term (think Zero Trust in the most recent years). For some vendors, they may be offering a SASE platform, consisting of a large number of features linked together via VM service chaining, especially if they have made acquisitions or partnerships. This can result in inconsistent services, poor manageability, and high latency.
Despite this, multiple well-established industry figures have faith in the SASE platform and its ability to secure organisations in this era of modern infrastructure. The approach allows companies to provide secure access no matter where their users, apps or devices are located.
The benefits of SASE
- Ultimately it reduces costs for businesses, by amalgamating vendors and technologies that organisations are using to secure their perimeter.
- Increased network performance, due to the use of global SD-WAN and built in optimisation.
- Greater flexibility, utilising the cloud-based infrastructure allows organisations to implement security services such as web filtering, data loss prevention, firewall policies, threat prevention, sandboxing and more to their users with ease.
- Improved security and performance, by inspecting data where it is moving and viewing policies based on identity rather than IP addresses.
- Reduced complexity for your IT/security team, as the number of security products required to manage and maintain is simplified by moving to a cloud-based network security service model.
Although this all sounds great, one key aspect to remember is that SASE is not a product you can purchase and requires businesses to undertake a holistic view and digital transformation of their cybersecurity and IT. Looking at how information is transferred from one place to another and how it is received.
InfoTrust has partnered with one of the cloud security industry leaders, Netskope, who are paving the way in this area. Netskope built their platform natively in the cloud, utilising microservices software architecture to deliver seamless security services. This gives organisations architecture that is able to quickly adapt; building new products natively and delivering them without disrupting business productivity or impacting end-users. Additionally, Netskope’s data-centric approach gives security teams greater visibility and the capability to implement context-aware controls, as well as protection against cloud-enabled threats.
If you’d like to find out more about how InfoTrust and Netskope can mature your security infrastructure, reach out to us at info@infotrust.com.au or +61 2 9221 5555.
see our
Related resources
Mimecast recently released its State of Email Security Report for 2021. The fifth edition of its annual report used interviews with over twelve hundred of information technology and cybersecurity professionals across the globe to gather vital cybersecurity insights. The report offers an insight into the latest email threats along with advice on how to build cyber resilience and mitigate the risks of email-borne attacks.
Cyber attacks and data breaches have been commonplace in the news headlines for some time now. Although a warning from the media is certainly helpful, there is so much more that can be done when it comes to threat intelligence sharing. Threat intelligence sharing is an important part of the global cybersecurity community effort to tackle cybercrime and should form a part of every organisation’s cybersecurity strategy. Sharing cyber threat intelligence enables organisations to make informed decisions about their cybersecurity, building more effective and robust cyber defences.
One of my favourite annual reports to read is the Verizon Data Breach Investigations Report. It’s packed full of insights about the threat landscape and security leaders, in my opinion, should read this report to get a pulse on what’s happening in cyber-scape.
After all, as cyber leaders, we are here to stop breaches – so the insights gained from real cyber incidents and breaches is gold in learning how to tighten up our defences.
All businesses, large and small, are under increasing pressure to demonstrate that they are managing the risk of cyberattacks. This means having the right processes and controls in place to identify risks and vulnerabilities, protect information, as well as detect, respond, and recover in the event of cybersecurity incidents. As such, many businesses are turning to certification authorities and security frameworks to demonstrate privacy and security best practice and achieve compliance with regulatory bodies. System and Organisation Controls (SOC 2) is one such compliance framework that can help organisations to create a structured approach to cybersecurity.
Frost & Sullivan has recently released its 2021 Frost Radar: Email Security report, where its findings provide a benchmarking framework to help businesses protect their email from cyber threats.
As we operate in an increasingly digital world, every business collect, store, and share more and more data. And, amongst that data is personal information. With the OAIC marking this year’s Privacy Awareness Week (PAW) from Monday 3 May to Sunday 9 May 2021, it’s time for us all to review how we protect our customers’ personal information.
We're Here To Help