SASE (Security Access Service Edge) combines WAN and network security. From now on, a new concept is important, the SSE for Security Service Edge, where the network no longer enters into security control.
The impact of a meteorite on Earth millions of years ago changed the surface of our planet forever, leading to the extinction of dinosaurs. It is possible to draw a parallel between the way natural events can cause major changes and the evolution of the digital world. As the modernization of the IT sector began, the pandemic acted as a vast engine of change. In previously unexpected ways, businesses around the world have been forced to change their IT landscapes to adapt, at unprecedented speed. As we begin to retreat from the situation, it is interesting to wonder about the traditional infrastructures that will sooner or later be left behind during the post-COVID era.
In recognition of the global turmoil organizations face, Gartner helps set the course for reorganizing IT infrastructure with its new security pillar, the Security Service Edge (SSE) of the SASE framework. This new model, with its unification of security settings as “function as a service”, represents the natural evolution of the SASE framework. By removing “A” (for “Access”), there appears to be a reduction in the importance of the security stack on the perimeter of the network, which previously controlled access permissions on the corporate network and thus ensuring IT security within tight boundaries. Today, the network itself is no longer seen as part of the security control body, but simply as a way of bringing data streams to a new security model.
The traditional network is losing its importance
The SSE reflects the events faced by companies over the past two years. Employees leave the secure network and access their applications from many new work environments (in many cases due to communication restrictions imposed). Over the past decade, applications have found their way into cloud environments, further diminishing the importance of the data center. However, prompted by the pandemic, even those previously reluctant turned to the cloud. But if there are no applications or employees in the corporate network, what is the meaning of a security stack on the network side? The answer to the reorientation of security infrastructure is the Security Service Edge.
In modern work environments, securing the direct path of users to their applications plays a decisive role-without the intermediate step of a network perimeter. And it’s precisely around this core idea that the Security Service Edge strategy revolves, that Zero Trust is the foundation of implementation. If a user needs access to an application or service, that access must be role -based and constantly monitored. Wherever apps are stored, security must work inline between the user and the app. A cloud function provides this controlling authority and provides the agility and flexibility needed for a wide variety of application scenarios.
In a Security Service Edge deployment, users are no longer tied to a network to access applications, but have universal access based on their identity, no matter where they came from to log in. The concept of least privilege demonstrates its strengths in all ESS modules and therefore also forms the basis of CASB or DLP. Attention has always been focused on policy-based access rights, for access to authorized web applications or services, or at the level of individual documents.
General access for future scenarios
To keep pace with these changes, IT departments must continually select the right tool for each task. When it comes to IT security, the departments in question should move away from network devices that serve as the gatekeeper of security tasks towards a new SSE-based approach that directly passes security between the user and the app or service. At the same time, IT departments are paving the way for businesses to take the next steps in digitalization. Zero Trust is an ideal architecture not only for user access permissions, but also for devices or workloads.
In applications outsourced to Edge or IIoT and operational technology (OT), the next digital applications that need to be secured are in the starting blocks. The cloud is not the only “tool” to ensure access, the Internet will play an important role, and even the latest wireless standard, 5G. 5G already enables completely new application scenarios beyond the traditional network, where data transmission and access authorizations must also be secure. The traditional network has completely and definitely changed. As businesses realize the full potential of the cloud to secure users, applications, and devices, SSE provides a forward-looking framework that can guide them on this secure journey.
By Nathan Howe, vice president who manages emerging technologies at Zscaler
Zero Trust: secure communication between workloads in the cloud
Cybersecurity: 10 predictions for 2022
Multi-layered security as the optimal line of defense.
SASE: a technology that naturally fits into the creation of the networks of the future.
The road to SASE promises to be long …