NC Nov-Dec 2021
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
FEATURE: SASE<br />
SECURING A DISTRIBUTED WORKFORCE<br />
WITH SASE<br />
DANIEL BLACKWELL AT PULSANT EXPLAINS WHY SECURE<br />
ACCESS SERVICE EDGE (SASE) IS THE IDEAL SOLUTION FOR<br />
USER-CENTRIC SECURITY<br />
Despite the widescale shift towards<br />
dispersed working, many businesses still<br />
haven't addressed the long-term security<br />
risks associated with an expanded attack<br />
surface. The problem is employees are now<br />
working from uncontrolled environments.<br />
Personal devices and home networks don't<br />
have the same security protocols and controls<br />
as corporate devices and networks, making<br />
them more prone to cyber attacks. In a remote<br />
environment there is usually little control over<br />
what can be reached over the internet, with<br />
access often shared with other devices, posing<br />
further risks. Many home networks also aren't<br />
password-protected, use easily guessed or<br />
default passwords, or may be configured<br />
without encryption, providing a far easier<br />
avenue for an attacker to gain access to a<br />
corporate network.<br />
REMOVING THE IT HEADACHE<br />
For IT teams this presents a huge headache.<br />
Applying security policies to each remote worker<br />
can be a complex and expensive venture. For<br />
example, applying the same policies and<br />
controls could require deploying a firewall at<br />
each employee's home which is not only<br />
expensive, but creates huge management<br />
overheads. Alternatively, each employee could<br />
be provided with a remote VPN connection<br />
back to a central office location, but as<br />
organisations increasingly move to decentralised<br />
services with SaaS and public cloud, it doesn't<br />
make sense to route traffic back through an<br />
office location.<br />
THE ROLE OF SASE<br />
Secure Access Service Edge (SASE) is the<br />
ideal solution for user-centric security, where<br />
policies can be applied directly to employees,<br />
wherever they are working, using a<br />
centralised management policy. However,<br />
much of what SASE is, or isn't, is yet to be<br />
truly defined or standardised.<br />
Gartner defines SASE as an extension of SD-<br />
WAN to include other network security controls<br />
and services that can be centrally managed<br />
through the same SD-WAN management<br />
plane. Many vendors have jumped on the<br />
SASE bandwagon and are using it to describe<br />
cloud-based security solutions that are not<br />
managed by a single management dashboard<br />
and actually involve multiple separate<br />
products. Others are claiming to provide SASE<br />
even without an SD-WAN offering, while some<br />
offer elements of SASE but not the full product<br />
range. Currently there are very few vendors in<br />
who offer SASE as per Gartner's full definition,<br />
but this doesn't mean that SASE isn't something<br />
that organisations should consider.<br />
ZERO-TRUST POLICIES<br />
At its core SASE is about the application and<br />
the user. With SD-WAN, it's about having<br />
control over the application and applying<br />
routing policies to make sure that the right<br />
applications get the best possible path. This<br />
delivers a better end user experience and<br />
enables organisations to change or bring on<br />
new applications efficiently and quickly.<br />
SASE refers to applying the same principles of<br />
efficiency and agility to security controls. The<br />
application and the user are still considered,<br />
but more specifically the right user getting to<br />
the right applications and only those<br />
applications. This can even be broken down<br />
further to the right device, at the right time of<br />
day, from the right network, and access<br />
restricted to applications and web services<br />
based on the security posture of the user,<br />
device, and destination.<br />
The physical location of the SASE 'engine'<br />
should be considered. The term cloud implies<br />
that something is located everywhere, when in<br />
the UK this typically means it's hosted in one<br />
location. By having regional points-ofpresence,<br />
the enforcement of security policies<br />
is distributed closer to each user wherever they<br />
are working. Using this approach,<br />
organisations can stop employees from<br />
accessing known bad web services, regardless<br />
of location, removing the risk of downloading<br />
malicious files or applications. If malware does<br />
get through and a device is breached, access<br />
can be revoked, preventing attackers from<br />
gaining access to applications or services.<br />
SECURING THE EDGE<br />
SASE forms a comprehensive package that<br />
combines a variety of solutions, and as<br />
organisations move towards distributed and<br />
decentralised applications, SASE and SD-WAN<br />
provide agile and flexible central controls.<br />
Remote working policies are now permanent<br />
and widespread, and in the near future, SASE<br />
and SD-WAN will enable both IT and security<br />
teams to bring security protocols closer to users.<br />
The outcome will be a highly-resilient network<br />
that truly supports its users and protects them<br />
from emerging and increasingly sophisticated<br />
cyber threats - wherever they are. <strong>NC</strong><br />
10 NETWORKcomputing NOVEMBER/DECEMBER <strong>2021</strong> @<strong>NC</strong>MagAndAwards<br />
WWW.NETWORKCOMPUTING.CO.UK