To successfully operate a business which promotes and supports a remote workforce, having cloud technology is a necessity. Depending on the cloud application, whether it be Salesforce, Google Workplace, Microsoft 365, or Infrastructure-as-a-Service (IaaS) like Amazon Web Services, modern enterprises will have many of these connected to enable staff to connect, collaborate and share data. More often or not though, this information is sensitive and requires protection, says Sundaram Lakshmanan, CTO of SASE Products at cloud security company Lookout.
To guarantee data security in a remote working environment, relying on legacy or traditional methods is not conducive, especially as this usually means there are many solutions implemented creating a myriad of noise and stress that security teams need to manage. Instead, a new security framework has been formed which consolidates many cloud-based network security tools together into a single platform – Security Service Edge (SSE). Not long ago, the notion of adopting cloud technology seemed alien to most, with many fearing the technology would relinquish all perimeter controls. Naturally, as time passed and technology advanced, knowledge regarding the cloud and its benefits grew and, due to digital transformation, there was a greater need for cloud technology.
However, as cloud adoption increased quickly challenges surfaced because traditional security methods were now obsolete and unable to meet the demands of new data protection requirements. Cloud security is needed for cloud architecture and security technologies that are used to reside on-premises, must converge in the cloud.
Understanding SASE (Secure Access Service Edge)
In 2019, Gartner revealed SASE (Secure Access Service Edge) which is a framework designed to combine networking-as-a-service (NaaS) and Security-as-a-Service (SaaS) into one platform. This was to help enterprises that were struggling to meet the security demands of a cloud-drive world. The Covid pandemic only amplified this problem. Businesses required support to provide a safe working environment for workers that were now working from home to maintain business continuity during lockdown.
With data and applications now residing in the cloud, and staff connecting outside of the traditional security perimeter, having visibility and control over data became a top priority for organisations. SASE looked to address this by combining the following: Secure Web Gateway (SWG), Cloud Access Security Broker (CASB) and Zero Trust Network Access (ZTNA), so that access to the Internet, cloud services and private applications are secure. Additionally, there is seamless connectivity to these destinations via local direct-to-Internet breakouts with software-defined wide area network (SD-WAN (Software Defined Wide Area Network)) which will help reduce any complexities across the enterprise network architecture. Promoting intelligent Zero Trust access was a key motivation behind the formation of SASE so that data would be protected anywhere it was being accessed while not hindering overall business productivity.
Enterprises have begun to realise current security defences are inadequate to support safe remote working and are seeking to consolidate security solutions from fewer vendors while ensuring they are cloud-delivered. This has seen a convergence of security services but locating networking and security services from a single vendor remains difficult. Naturally, enterprises will seek the best-in-class security that is available on the market. To keep up with this demand for security capabilities – which will only increase – Gartner established the SSE framework in 2021.
What is SSE?
The core purpose of SSE is to provide data security and risk reduction through one platform. Within this, there will be the following security functions: access control, threat protection, data security, security monitoring and acceptable use control functionality. Many security teams have limited resources, whether they are understaffed or underfunded (sometimes both), but they are certainly under immense pressure to deliver security and manage the entire network both traditional and remote. The SSE framework can facilitate this and will have the capabilities to effectively protect data and the remote workforce. Moreover, with laws such as GDPR (General Data Protection Regulation) and CCPA (California Consumer Privacy Act) paving the way for better data privacy and security, the demand for SSE with integrated data protection will continue to grow.
Data security with SSE
As explained, data is now residing externally outside the traditional perimeter and so businesses must acknowledge additional security layers are needed. When evaluating and choosing the desired SSE platform, consider whether it has endpoint security as well as advanced users and data protection capabilities. Data no longer resides within the traditional perimeter, so having security in layers to follow and protect it is essential. When choosing an SSE platform, ensure it incorporates the best-in-class endpoint security, advanced users, and strong data protection. Here is a checklist of capabilities to have:
•Harness User Entity and Behaviour Analytics (UEBA) – Knowing the behaviour of an attacker, whether they are an external hacker leveraging stolen credentials or an insider that is now a threat to the organisation.
•Data Loss and Prevention (DLP) – A critical component as this provides visibility to both the security team and the organisation as to where data is located. Certain access privileges, restrictions and watermarks can be added as well.
•Enterprise Digital Rights Management (EDRM) – Having automated encryption is an additional layer required to proactively protect sensitive data and to prevent unauthorised access or exploitation. Malicious threat actors cannot profit from this information if they do not have the ability to decrypt it.
The business world has evolved with digital transformation, innovative technologies and hybrid working, the driving force behind these changes. Because of this, security must evolve to keep pace and ensure data security is always visible. Therefore, implement the necessary tools and frameworks, such as SSE and SASE, to assist your security teams and gain security peace of mind for your organisation.
