The pandemic is forcing companies to change their IT workflow and to resort to techniques that they have not yet dealt with much. It is important to understand terms such as SSE, SASE or CASB and to use the techniques correctly.
The past 18 months has prompted many companies to adopt public cloud services as lockdowns have lured them into work-from-anywhere cultures. As a result, they have been forced to accelerate the deployment of cloud technologies to enable short-term distributed work while maintaining productivity and business agility. In retrospect, the shift to the cloud may even have facilitated the emergence of many companies and new business ideas.
Security Challenges of the Cloud
However, as the cloud brings with it major security challenges, leaders need to make adjustments to their digital strategy. The answer lies in flexible, cloud-based network security technologies. The right solutions give security teams visibility and control over data that resides off-premises and can now be accessed anywhere.
These span a range of technology approaches, including Cloud Access Security Broker (CASB), Secure Web Gateway (SWG), and Zero Trust Network Access (ZTNA). In addition, there is another security paradigm introduced by the current Gartner report “2021 Hype Cycle for Network Security”: the Security Service Edge (SSE). To help navigate the different technologies, it's helpful to go through each acronym one by one:
What is a CASB?
A cloud access security broker is IT security policy enforcement software that provides data and threat protection in the cloud and on any device, regardless of location. There are three requirements for a CASB: The first is a management function that provides an overview of all high-risk events and the ability to clean them up. Next comes IT security to prevent high-risk events such as data leakage and intrusion of threats. Finally, zero-day protection addresses – known and unknown risks of data loss and malware threats.
What is SASE?
"Secure Access Service Edge" or "SASE" (pronounced "sassy") is a concept that allows companies to extend IT security to all their corporate assets, regardless of location.
With SASE, security teams can configure policies to secure SaaS applications, control access to web addresses, identify shadow IT, and protect on-premises applications from a single point of control. In practice, this can include a company's headquarters and branch offices, as well as home and mobile users.
A SASE architecture includes Cloud Access Security Broker (CASB), Secure Web Gateway (SWG), and Zero Trust Network Access (ZTNA). By deploying multiple network security technologies under one solution, security teams can provide the same network and security services regardless of user location while reducing complexity in their network environment.
What is SSE - and how does it fit with SASE and CASB?
"Security Service Edge" (SSE) is an integrated, cloud-centric offering that enables secure access to websites, SaaS and private applications. It also typically combines access control, threat protection, data security, security monitoring, and control of permitted user activities.
The previously mentioned, recent Gartner Hype Cycle for Network Security 2021 ranks it as “high” on the Gartner value scale, but is also seen as an architecture that may have implications for widespread adoption by security teams in the near future. According to the Gartner analysis, “SSE enables organizations to support anytime, anywhere workforce with a cloud-centric approach to security policy enforcement. SSE offers immediate opportunities to reduce complexity, cost and vendor count.” At the most basic level, SSE brings together the capabilities typically found in Cloud Access Security Broker (CASB), Secure Web Gateway (SWG) and Zero Trust Network Access (ZTNA ) can be found; each with critical functional requirements.
Reduced infrastructure complexity
Security teams that take an SSE approach typically focus on reducing the complexity of their infrastructure and improving the user experience. It does this by consolidating multiple disparate security capabilities into a cloud-centric, converged capability from a single vendor. Often this is based on the core requirements of CASB, SWG and ZTNA.
It is important to note that SD-WAN services can be taken on separately by infrastructure teams. For example, when users control their device themselves, or they own it, the traffic does not traverse their own infrastructure, or trusting users by default is insufficient.
Important SASE architecture
These processes complete the SASE architecture. These can be implemented in parallel or as separate initiatives depending on factors such as business priorities, human resources, budget availability, and update cycles.
These are major developments right now in an industry that is rapidly changing to meet the needs of its client organizations and help them meet the challenges ahead. The IT security landscape is constantly evolving. Organizations focused on developing strategies that provide agile protection for increasingly complex networks are well positioned to meet the many challenges they will inevitably face.
More at Bitglass.com
About Bitglass Bitglass is a global provider of a NextGen CASB solution based in Silicon Valley. The company's cloud security solutions offer agentless zero-day, data and threat protection everywhere, for every application and every device. Bitglass is funded by senior investors and was founded in 2013 by a group of industry veterans who have introduced and implemented numerous innovations in the past.