The ‘13 Trust Principles’ of SASE enable organizations to improve their cybersecurity postures , but going it alone means taking on all the risk. Why DIY, when you leverage Tehama’s standard of service to expertly mitigate the security gaps created by distributed, cloud-enabled work environments.
In the wake of the ongoing global health crisis and the rise of remote work, businesses have learned that the key to productivity and business continuity lies in the ability to provide workers with a secure connection to their offices, their cloud-based applications and the internet. At the same time, the rapidly evolving threat landscape has highlighted the need for enforceable policies that keep end users from accessing non-work related applications and websites, to protect businesses from bad actors perpetrating malware, ransomware, malicious files, and more.
Secure Access Service Edge, or SASE, addresses both of the aforementioned needs by centralizing the access and delivery of data and applications to the endpoint, regardless of whether it is located on-premises or in the cloud.
Simply stated, SASE is an enterprise security architectural model for networking that’s designed to support the fast application access needs of today’s workforce, serving as an alternative to VPNs.
With SASE, businesses are able to effectively secure the widening perimeter by gaining control over who is accessing their data and applications, when and from where, and whether they are doing so in a secure manner that is in accordance with the policies established by the business.
Market analyst predictions validate demand and need for SASE
Since emerging several years ago, there has been an explosion of interest in SASE, and adoption is expected to grow significantly within the next few years.
Researchers from Gartner, for example, predict that by 2025 at least 60% of enterprises will have strategies and timelines in place for SASE adoption, encompassing user, branch and edge access, up from 10% in 2020. Further, according to a recent study by Grandview Research, the global SASE market is expected to register at a compound annual growth rate (CAGR) of 36.4% from 2021 to 2028 to reach approximately USD $11.3 billion by 2028.
In this article, we will look at SASE’s capabilities, use cases and applications, and key benefits of the technology that can help businesses drive better business outcomes. Our goal in this endeavor is to provide you with information that will help your organization make more informed decisions when considering SASE as a means for protecting your desktop and application infrastructure.
The SASE Framework
SASE brings together comprehensive SD-WAN and network security functions available through:
- Cloud Access Security Broker (CASB). As defined by Gartner, these on-premises or cloud-based security policy enforcement points, are placed between cloud service consumers and cloud service providers to combine and interject enterprise security policies as the cloud-based resources are accessed. CASBs consolidate multiple types of security policy enforcement. Example security policies include authentication, single sign-on (SSO), authorization, credential mapping, device profiling, encryption, tokenization, logging, alerting, malware detection/prevention and so on.
- Zero Trust Network Access (ZTNA). Gartner defines ZTNA as a product or service that creates an identity- and context-based, logical access boundary around an application or set of applications. The applications are hidden from discovery, and access is restricted via a trust broker to a set of named entities. The broker verifies the identity, context and policy adherence of the specified participants before allowing access and prohibits lateral movement elsewhere in the network. This removes application assets from public visibility and significantly reduces the surface area for attack.
- Firewall-as-a-Service (FWaaS). Also known as a cloud firewall, FWaaS provides cloud-based network traffic inspection capabilities to businesses, and includes critical access controls like advanced threat prevention, URL filtering, and more. Similar to other SaaS offerings, outsourcing FWaaS offers an affordable, scalable, efficient solution that businesses can leverage to enhance network security.
Additionally SASE provides organizations with:
- The ability to inspect the network for the transmission of sensitive-data such as personally identifiable information (PII) and malware.
- Network sandboxing functionally, which provides an added layer of defense against previously unknown attack vectors by creating an isolated testing environment where security teams can observe, analyze, detect, and block suspicious artifacts from traversing the network.
- DNS protection which creates an added layer of security between the network and the employee by blacklisting dangerous sites and filtering out unwanted content.
- Web application and API protection (WAAP), defined by Gartner as the evolution of the web application firewall (WAF) market, expanding WAF capabilities to four core features: WAF, DDoS protection, bot management and API protection.
- Support for managed and unmanaged devices, which enables organizations to ensure that any device being used by the worker can securely connect to the network. This is especially important for bring-your-own device (BYOD) scenarios.
- Network obfuscation and dispersion helps protect the business and its users by hiding the name and location of the network; prevents bad actors from discovering the WAN by hiding its communications signature; protects the traceability of communications by changing internet connections, not just turning them off and on; and, engaging with moving-target defense techniques such as dynamically shifting the communications path as often as possible.
- Fast and scalable encryption/decryption of content to better secure network communications.
- Remote browser isolation, which creates an “air gap” between the endpoint device and the organization’s networks and systems, effectively restricting a hacker’s ability to anchor within the network, move laterally, breach other systems and exfiltrate data from the organization.
- API-based access to SaaS for easier detection and remediation after attacks and data leakage.
Combined, these components embody the ‘13 Trust Principles’ of SASE, which enable organizations to improve their cybersecurity posters, maintain identity and access control, and achieve compliance with healthcare, financial services and other government-mandated security and privacy regulations. And the more ‘Trust Principles’ a solution has, the faster an organization can achieve the full benefits of the SASE framework.
Challenges do exist with SASE adoption, but businesses can overcome them
Despite the fact that all of the underlying enablers to SASE, including SD-WAN, zero-trust, web application security and cloud-based firewalls, there are still some roadblocks for businesses looking to achieve SASE convergence within their own networks and enterprises.
In a recent interview, Tehama’s Jaymes Davis and Evgeniy Kharam, Co-Founder and Host of the Security Architecture Blog and VP, Cybersecurity Solution Architecture at Herjavec Group, discussed some of the most common challenges for organizations face when embarking on their journey toward SASE. Perhaps the most significant one is knowing where to start, according to Kharam.
Two steps he recommended organizations take to overcome these challenges include:
Create a list of all of the applications in use, who is using them and why, access can be given only if and when it is needed through zero trust, user-based policies.
Create policies and define access eligibility based on user identity, not location.
To learn more, read The Road to SASE: Know Your Gaps & Interdependencies.
Common SASE use cases and applications
As organizations continue to adapt their enterprise networking and security infrastructure to meet the needs of their largely remote and mobile workforces, they are to:
Reduce the complexity of managing network and security architecture.
The traditional hub-and-spoke appliance-based architectures that many enterprises rely on are complex to manage, create network latency, and drive up the cost of the WAN deployment. By replacing them with a SASE architecture, businesses can achieve secure connectivity at the endpoint, while at the same time speeding access to desktops and applications from any location.
Drive productivity and optimize the end user experience.
Through the delivery of digital workspaces, businesses can improve end user productivity and promote an optimal end user experience across all applications and desktops, regardless of the endpoint device.
Improve application performance.
SASE architectures support intelligent traffic prioritization, WAN optimization, and strengthen security with ZTNA and malware protection for all traffic to the endpoint.
Key benefits of SASE for enterprises
The speed at which business moves will only continue to accelerate. At the same time, securing IT infrastructure is becoming increasingly complex as the threat landscape matures and evolves. To drive better business outcomes, today’s enterprises need access to technology solutions and services that optimize and secure the end user experience, while at the same time reducing the complexity associated with managing desktop, application and network infrastructure.
With SASE, organizations can achieve:
- Greater agility from the ability to administer and provision secure endpoints via a single-pane-of-glass view that also offers granular policy control and visibility into endpoints.
- Consistently fast and secure anytime, anywhere access to cloud-enabled desktops and applications.
- The ability to enforce the same security policies for all users, regardless of location.
While some organizations may opt to build their own SASE framework, selecting best-of-breed solutions from key partners to achieve the ‘13 Trust Principles’, this DIY approach doesn’t necessarily guarantee that the organization will achieve its desired business outcomes or standard of service.
There are many instances in which relying on an expert service provider can improve outcomes. One example is the home warranty, which comes with a built-in standard of care that you can expect to receive from the provider. Through this type of service, repairs and home maintenance are simplified, which can save you time and money, while also reducing your risk as a homeowner. All you have to do is make one phone call to the service provider, and a qualified technician or repair service is dispatched to address malfunctioning appliances, leaky or broken roofs, damaged walls, flooring, windows or doors, and much more.
The same holds true for SASE, in the long run, a solution that is cobbled together could cost an organization more in time and resources to manage and troubleshoot the various solutions in play. This can result in unnecessary downtime and productivity losses should an outage occur due to misconfiguration. Why take the risk when Tehama Rooms offers a standard of service that can quickly and easily close current gaps in your SASE functionality?
With eight of the 13 of the ‘SASE Trust Principles’ built-in and the ability to accelerate to all 13, Tehama Rooms promotes better business outcomes, increases business value and provides a standard of service, or care, that reduces risk, drives productivity and enables an organization to release trapped value, so that it can keep pace with innovation and speed the adoption of SASE.
To learn more about how Tehama’s SASE Framework Acceleration, visit: https://tehama.io/solutions/sase/.