Cybersecurity on the road to cloudification

The rise of cloud computing has made information system security management more complex, to the point of seeing its components outsourced in turn. SASE, Gartner thought, would draw out the outlines of a new approach.

If in recent years corporate IT has been decentralized, in the sense that it leaves the walls of the DSI, it will not move to a single provider. Quite the opposite. “Some of our customers have dozens of SaaS/IaaS cloud providers. It’s a fact, IT is really split,” confirmed Etienne Lafore, senior manager at Wavestone. Recently, in the health crisis, users left the company premises and found themselves at ease following the explosion of teleworking. And connecting a user from home to the organization’s internal network to guarantee and secure access to outsourced services no longer makes sense. “It is therefore not just a question of redefining security, but of rethinking it in a new network approach”, explains Etienne Lafore. The advent of SD-WAN, the replacement of WAN and MPLS technologies, has provided the beginning of an answer. All that’s left is to add the security elements.

Manage your security from a central point

In December 2019, Andrew Lerner of Gartner, published in this definition “Say Hello to SASE”, in which he defined the functional brick of a new architecture characterized by the convergence of network and security services that fully used as a Service from the cloud. In principle, using Secure Access Service Edge is like connecting your workstations to a “giant VPN” with a large number of features such as URL inspection, remote brother isolation (RBI), sandboxing, DNS protection, zero trust network access (ZTNA), intrusion detection and prevention (IDS and IPS), DLP (Data Loss Prevention) functions, Shadow IT detection and analysis, resource filtering (whitelist, graylist, etc.) and the firewall to connect to internal resources.

SASE does not include the security of what is meant to stay with the company such as workflows, workstations, patch management or even the verification of compliance with my workstations and my sources or identity management (IAM). “The convergence of all these components makes it possible to have a unified and coherent approach to its security,” added Eric Vedel, director of cybersecurity architectures for Southern Europe at Cisco. In addition to an integration together with security policies for all companies, IT teams are freed from the barriers to maintaining these systems, which are often difficult to manage. “

One market, three categories of players

Andrew Lerner expects the arrival of a certain number of announcements by the year 2020. Three years later, actors who say SASE are divided into three categories: historical network actors such as Cato Networks, Versa or Cisco by of their networking skills on the SD WAN. The co-founder of Checkpoint, founder of Imperva, Shlomo Kramer created Cato Networks in 2016 and is now a pure SASE player. “We already have more than 1,100 customers in 150 countries and we are convinced of the future of this technological approach. Setting up a store can be done in a day. Just plug in a box and download the configuration and you’re ready and running in five minutes, compared to months to set up MPLS. Everything is immediately available and very simple, “Shlomo Kramer explains.

Then will come solutions from the world of cloud proxy, therefore based on Internet browsing security solutions such as Zscaler, Proofpoint, Akamaï, Cloudfare or Netscope.

Finally came the pure security players, such as Palo Alto, Fortinet, Checkpoint, Forcepoint or Broadcom, that are evolving to offer these security functions today. The last two categories do not natively include an SD-WAN solution as such and have to go through partnerships. “There is also market integration with technological mergers that have taken place in, for example, Palo Alto that bought CloudGenix and VMware, VeloCloud, two SD-WAN solutions”, pointed out Etienne Lafore.

Democratization is already underway

The SASE market is worth $ 4.5 billion in 2021 and is expected to reach $ 11 billion in 2024 according to Gartner. This will include the strategic plans of 60% of the world’s companies by 2025. Some projects are under consideration and others are well underway. This is the case, in France, of BCA Expertise, as its telecom and mobility network service manager, Jean-François Marie, who opted for the Cisco solution, told us: “In the past, we mainly talked about about Zero Trust for cloud exchanges.SASE’s architecture helps us implement the transformation of our WAN architecture towards hybridization of Internet flows by taking into account the broader perspective of cloud security. In addition to authorization mechanisms and strong authentication to apply access controls, SASE’s architecture will secure flow exchanges through a secure cloud access gateway or web access gateway. ” Although it is too early to stock up, Jean-François Marie has already planned the start of its second phase: “Once all the bricks have been laid, we will use the functions of Umbrella’s access gateway for our application exchanges in between our on-premise data center and the cloud platforms that host our business services. “

Leave a Comment