Securing Your Cloud Transformation With SASE
In this article
Today, users are increasingly mobile, applications have moved to the cloud and traffic is almost always encrypted. Here's how these changes render traditional network security architectures irrelevant:
- Organizations today have two bad choices to pick from—either they send users to the data center firewall (adding latency) or mobile users access SaaS applications directly via the Internet to get a fast experience, bypassing data center based security architectures altogether and leaving them under-protected.
- In order to access private applications, users access the enterprise network via VPN, offering up that very VPN tunnel as an attack vector for lateral spread of the infection. Not to mention that when VPNs aren't being attack vectors, they're adding latency to application performance (tromboning of network traffic via the data center).
- An increasing amount of traffic today is encrypted. Appliance-based firewalls need additional processing power to inspect SSL traffic. As the amount of SSL traffic goes up, the appliance-based firewalls hit their performance caps adding to latency and poor user experience, which drives up support tickets.
And of course, as the volume of traffic increases and new threats emerge, periodic resizing and updates to appliance-based hardware is complex, time consuming and downright mundane. As a result of this market need, there has been a transformation in security.
Interestingly, a similar transformation is in play in network architectures as well. Enterprises are beginning to use Internet-based circuits as the enterprise WAN, enabled by software-defined WANs (SD-WAN), to access cloud-based applications.
The convergence of these network and security transformations, plus some more, has given rise to a sassy new segment: Gartner's Secure Access Service Edge (SASE)—pronounced "sassy."
SASE architectures
There are three aspects that define a SASE architecture.
Distributed, cloud-delivered architecture
With users, applications and data becoming distributed everywhere via the cloud, there is no reason for networking and security systems to be placed in a centralized data center. SASE architectures must provide shortest path connectivity between the user and the application, minimizing latency and thus maximizing user experience.
For instance, Zscaler, the security platform built for the cloud, has developed a strategic relationship with Microsoft by peering it's data centers with Office 365 data centers. This, plus the ability to locally breakout and local DNS resolution, allows Zscaler to offer shortest path connectivity to Office 365 while still securing direct access for rest of the web traffic.
It's no wonder that Zscaler is the only security solution recommended by Microsoft for Office 365. Being cloud-native delivers additional benefits like elasticity, automated updates based on newly discovered threats and significantly reduced operational overhead.
Identity- and context-aware zero trust access
Users need to be given different levels of access based on identity and real time context. For this, native app segmentation should connect authenticated users to authorized apps without bringing the user on the full corporate network.
Administering this needs to be simple—ideally automated. Here's an example of why and how MAN Energy solutions implemented zero trust network access for their enterprise.
Full inline SSL inspection at scale
Data classification and malware analysis done by a scalable, proxy-based architecture ensures that all threats are blocked for all users, without any performance degradations. By having unlimited capacity to inspect all your encrypted traffic, even as your demands grow, guarantees that your security requirements are future proof.
Implementing SASE
As you begin to explore your SASE solution of choice, you will realize that SASE requires a fundamental architectural change in how networking and security services are offered. To hear more on how to get the most out of SASE, check out the webinar with Gartner's Distinguished VP Analyst, Neil MacDonald: The Future of Network Security is SASE.
WWT is a Zscaler partner that uses a proven and innovative approach to help our customers discover, evaluate, architect and implement a secure cloud transformation with SASE. We take a holistic approach to security rather than focusing on point solutions and adding another tool. This helps us align business goals and objectives to technical solutions, providing more effective outcomes and solutions that further the development of an enterprise architecture.
Learn more about how we can integrate and deploy Zscaler solutions to help you reduce vulnerabilities, which can set the stage for future innovation. Request a workshop to start the conversation today.