How secure access services edge security will transform networks
During a media event at Netskope’s SASE Week, Steve Riley, the discussion moderator and field chief technology officer for Netskope, asked, “What’s the driving force for SASE? Why now? What’s changed?” The short take is that we are in the midst of a digital transformation, with a stronger reliance on mobile and cloud computing than ever before, according to various attendees, and we need to implement secure access services edge (SASE) now to properly address data security and networking issues that are quickly approaching.
Jason Clark, chief strategy officer at Netskope, said that business has been moving to a cloud-based framework and that cloud adoption has been accelerated by the pandemic. “Data is now sitting on a CPU that you don’t own or control because it’s on the cloud, and it’s being transmitted on a network — or the internet — that you don’t own, and the users are off the network. The security teams are being stretched by this,” he said. Clark stresses that moving to SASE means “a repositioning of security to consolidate to one new security inspection point. It’s a smart reset.”
When Ed Amoroso, founder, and CEO of cybersecurity consultancy TAG Cyber, was asked why he was advocating for a move to SASE, he used an easy-to-visualize model. “Hub and spoke networks consolidated and brought everything to the datacenter. Now data is scattered among apps, cloud, and different work clouds so the hub and spoke doesn’t make any sense anymore,” he said. “By conceptualizing what you need in your mind, you start putting together SASE. We’re at a time when people need different networks that can be controlled from the cloud. Anyone listening can self-generate that SASE is required just by thinking about how we use networks today.”
Meeting network engineers’ needs
After, Riley poised two thought-provoking questions — “If everything is on the cloud, is there a network to manage?” and “If there is no datacenter, are there now many centers of data?” — George Gerchow, chief security officer at Sumo Logic, led a discussion on the importance of focusing on data security and encryption. Gerchow stressed repeatedly the need for collaboration with control, saying, “You have to have availability, but that availability has to have seamless security. Availability matters because people have to use their services, but if you don’t have security to go with it, good luck, because it can be over in an instant.”
Clark suggested that there are two avenues in building a SASE framework: “If it’s security-led, then it’s about the data. Sometimes it’s network-led, and for networking, [then] it’s about access.”
Supporting the idea of a network-led framework, Amoroso said, “Many things that have nothing to do with security are an important part of the architecture.” He pointed out that he has a stack of laptops that he still uses for each company with whom he consults because that’s the only way to access his corporate clients’ perimeter. The reality is that network engineers are probably busier than they’ve ever been, and SASE can bring about needed improvements to network access.
Zero trust is adaptive trust
Introducing the topic of zero trust elicited some laughter from panelists. They all proceeded to comment on the buzzword aspect of the phrase, despite much misunderstanding about what it really is. Clark summarized by saying, “It’s a framework that needs to be embedded in how we operate. It’s not binary. Trust is not on or off. Zero trust has a zero to five scale in my mind.”
Riley added, “Zero is the starting point, but ultimately you’ll have to extend some level of trust in order for some level of interactivity to occur.” He followed that up by suggesting that the term “adaptive trust” would be more accurate, which was met with panel agreement.
Clark described a zero-trust relationship as allowing its users to “give the least amount of access as possible, as much as possible, so that bad things can’t happen.” Gerchow added that zero trust is a fabric of many things, and that it entails working closely with vendors and partners to stop anything that isn’t supposed to happen.
The great SASE migration
Overall, the panel seemed to largely focus on a key question, “How do we convince the C-Suite?” Panelists agreed that SASE is the future of data security and secure access, but disagreed on how long it will take for a cloud adoption tipping point moment.
Clark brought up the importance of the shared responsibility model, where you can control what user has access to, as well as what data is included. He said that a company should have its own standard for considering third-party risk before granting any outside agency access to its cloud-based framework.
It was Amoroso who summarized the task of transitioning to SASE best. “It’s like if you have a new house, and you move your messy garage one piece at a time into the new garage, but you want to keep it organized as you go,” he explained. “The data that needs to move to the cloud is scattered. There are companies dealing with lost data. I think it’ll all eventually get to the cloud, but moving it is complicated.”
by Corinna Makris , 06.11.21