A centralized approach in the cloud has as many limitations as an on-premises data center. But you can also connect a SASE network, security and the cloud. A comment from Stefan Schachinger, Product Manager Network Security - IoT/OT/ICS at Barracuda.
The much-cited prophecy that life punishes those who come late seems to find its truth in IT network security as well. At the beginning of the pandemic, many companies were forced to switch from office work to home office - often with incomplete security regarding the IT infrastructure. A feast for hackers! Now remote work is not really something new; What was new at the time, however, was the speed that the trend toward mobile working, which had already started, had inevitably picked up. Many IT departments were quite overwhelmed when it came to IT security, since a satisfactory level of security had to be guaranteed in a hurry.
Decentralized IT infrastructures
Of course, digitized, decentralized IT infrastructures have not only been on the agenda since Corona: The realities of the market and the distributed company organization and production processes dictate specific technical specifications for secure access to applications, services and data from anywhere. Because more and more resources are located outside of physical data centers or company servers.
With the home office, the attack surface for companies has increased rapidly. From the point of view of corporate IT, an employee's home network is no more secure than public WLAN access and is therefore just as risky. Traditional security solutions cannot protect a device when it is outside the corporate network. The significantly increased cloud acceptance as a result of the digital transformation and the resulting increased need for online and digital services has led to further complications.
All of this has shown that traditional IT security solutions for remote access are quite ineffective as employees are no longer connected to the on-premises security architectures they used to rely on.
Trust is good - cloud-managed control is better
The concept of working from anywhere inevitably requires companies to adopt a new security strategy that also takes into account effective protection against data protection violations, such as those caused by ransomware attacks. Merely moving centralized security infrastructure to the cloud is not enough—the cloud itself must be part of this new approach. Because security controls are needed everywhere, which can be managed and monitored via the cloud. For example, if sales employees use SaaS applications such as Office 365 while on the move and work with sensitive data in the cloud, it is extremely important that companies can offer a solution that ensures secure access to such services and applications.
The public cloud, which is becoming increasingly accepted in companies, is playing an increasingly important role as a central hub. The entry point into this IT architecture, the so-called edge, thus becomes the decisive place for performing tasks such as the availability and security of communication.
Fringe areas with increasing importance
The criterion for granting access is no longer membership of a segment of the IT infrastructure, but the identity of the user. The necessary tools are available in a single console at the point of access request. This cloud-based architecture approach is known as Secure Access Service Edge (SASE). SASE provides security functions wherever they are needed: office workplaces or home offices, co-working areas or branch offices, even in public places like cafés. Centralized security solutions are difficult to protect remote workers, and they cannot easily move to the cloud to do so. While a centralized approach in the cloud must route all traffic through the cloud, SASE secures devices and networks everywhere, providing the same level of security across devices and locations.
Companies often have a loose security approach that uses multiple solutions from different vendors. However, this leads to a disorganized infrastructure with different components, each responsible for different functions. SASE, on the other hand, as an integrated solution, consolidates processes and thus reduces complexity and costs.
Maximum protection with SD-WAN, FWaaS, ZTNA, SWG, XDR and CASB
The real challenge is not where to locate a security solution, but how it works. It is not enough to detach the security stack from the data center and move it to the cloud. It is much more effective to securely and efficiently connect locations, IoT devices, people and the cloud. That's what SASE is all about at its core.
To ensure an efficient level of security with SASE, the following services should be integrated
- SD-WAN (Software Defined Wide Area Network) to connect multiple offices cost-efficiently and failsafe.
- Firewall-as-a-Service functions to the SD-WAN network, which further increase the security of the company network.
- Zero Trust Network Access (ZTNA) is another key component that should be included in the SASE solution. ZTNA adds an extra layer of security by allowing users to access data or applications only after authentication, and only then can they access it over an encrypted connection, regardless of location.
- A Secure Web Gateway (SWG) prevents unauthorized traffic from entering the corporate network. This prevents malicious users from getting in and protects against viruses and malware that could spread through the network.
- Extended Detection and Response (XDR) provides threat detection that goes beyond simply waiting for incidents. An XDR provides 24/7 threat detection and response, so problems are fixed as soon as they are identified.
- A Cloud Access Security Broker (CASB) that grants users secure access to cloud services based on their permissions.
A SASE concept that combines multiple services in its architecture by connecting users, locations and devices enables a comprehensive, holistic cloud-based security solution. In contrast to centralized on-premises solutions, this one can take on all the challenges of increasing remote and hybrid work and guarantee a high level of security.
More at Barracuda.com
Via Barracuda Networks Striving to make the world a safer place, Barracuda believes that every business should have access to cloud-enabled, enterprise-wide security solutions that are easy to purchase, implement and use. Barracuda protects email, networks, data and applications with innovative solutions that grow and adapt as the customer journey progresses. More than 150.000 companies worldwide trust Barracuda to help them focus on growing their business. For more information, visit www.barracuda.com.