思博伦环形标志
网络安全

Post-COVID “Normal” Brings New Biz Security Challenges

作者:

Businesses must embrace a new reality with agility that can transform operations, with security a top priority. SASE (secure access service edge) can help. In this sequel blog, we share the market drivers, business benefits SASE delivers, and related use cases.

Employees around the world have decided they’d like to work from home, thank you very much.

Despite return-to-office “welcome back” parties, an attempt at mandates and some good old-fashioned cajoling, it will be hard to reverse the remote work tide.

And so, without hardened plans, large enterprises and governments are finding IT basics thrown into upheaval:

  • High-cost VPN infrastructures don’t sufficiently scale or provide enough flexibility for efficient work-from-home support.

  • Workers are using personal devices outside of protected networks and accessing Virtual Desktop Infrastructure (VDI) solutions.

  • Enterprise teams face an uphill battle to exercise corporate governance and control across unprotected devices while providing responsive remote technical support.

Resisting is futile. Especially as additional demands snowball. Migration to cloud, surging SaaS adoption, edge computing and IoT are all levying new security and performance requirements—and headaches.

Businesses must embrace a new reality with agility that can transform operations—and security must be a priority focus. SASE (secure access service edge) stands ready to help.

We recently addressed testing challenges and strategies for successful SASE deployments. Here, we’ll talk more about market drivers, the operational and business benefits SASE delivers, and use cases it supports.

Introducing core principles for a new world

Network perimeters are blurring, and policies are evolving quickly and constantly. We’ve seen how this complicates governance, especially as more stringent DLP and regional data privacy laws loom. To enable the needs of modern distributed and dynamic networks, we need innovation on the WAN side as well as to deliver a seamless user experience regardless of location.

If we will drill down into the SASE components and customer expectations, we can define main principles and technologies as cloud-native, intelligent and vendor agnostic. SASE deployments must be distributed, elastically scalable and resilient, leveraging policy-driven dynamic access with ongoing data protection. Crucially, it must be able to utilize a combination of security and network functions, such as zero trust network access (ZTNA), cloud access security broker (CASB) and next-generation firewalls (NGFW).

Evolving security architectures on the fly

A door has been opened to new risks that threaten mission-critical enterprise security.

Systems, applications, and tools not approved or controlled by IT departments have become a major security and compliance issue. A typical enterprise runs more than 200 applications but only a fraction is managed or visible by IT.

These shadow IT practices expand attack surfaces and open countless security gaps. They also increase operational complexity, slow IT responsiveness and drive up operating costs.

Staying ahead of the security curve with SASE

Enterprises need flexible security tools to adapt to a post-COVID threat reality—specifically, tools that work wherever employees work, SaaS applications are deployed, and support hybrid IT. That’s why SASE is getting increased attention. This new framework is right at home in hybrid environments. Its functions are hosted in the cloud, providing IT security teams with single-pane-of-glass visibility, flexible management, and control of all that happens on the network.

SASE’s approach to enterprise security management solves business problems. It provides a blueprint-like journey with the flexibility to support specific enterprise needs.

SASE provides a customized balance between security, speed of operations and access to critical business services, taking into account:

  • SaaS application and IaaS/PaaS platforms

  • Access mechanisms for users and devices

  • Data loss protection and data sovereignty

  • End-to-end SLAs, including enterprise and third-party products

  • Context-based decision-making with smart root cause analysis

The SASE business case

To combat shadow IT challenges and controlled access to cloud resources and applications, SASE provides simplified, central management of cloud security tools and policies, enabling:

  • Consistent network security with fewer network layers to manage

  • Centralized policy management

  • Lower costs with higher scalability

  • Single view of the entire network

  • Optimized network for cloud business models

  • Controlled growth of remote working and distributed applications

  • Delivery of expected security and performance

  • Flexibility and agility to accelerate time-to-market of new capabilities

Staying on top of SASE complexity

SASE is not a one-time event or implementation. It is a continuous journey that restores balance between hundreds of SaaS applications and IaaS/PaaS platforms, users and devices access mechanisms, data loss protection and data sovereignty, and end to end SLAs between proprietary and third-party systems. SASE powers context-based decision making with smart root cause analysis.

SASE introduces new tools and security policies, such as zero trust gateways and cloud access service brokers. As part of ensuring end-to-end service quality, SASE must be part of an overall network security assessment strategy. Each component of a service, including security, needs to be validated and tested individually and as part of the overall service.

This requires a customized framework that defines a baseline from which a specific architecture can be pivoted to serve business needs—not the other way around. This framework fosters understanding of the SASE implementation journey and can serve as a bridge between security and business teams as translation from technical to business language for better alignment between multiple parties.

SASE framework fits specific business needs and requirements and should take into consideration specific SASE technologies (zero trust gateways, firewalls, CASB, etc.), and all connected systems. The impact on neighboring systems, business operations and services must also be considered. As a result of the rapid and continuous introduction of new service features and updates, testing has also become continuous, providing continuity from development to robust change management and continuous live network monitoring.

We can help you along your SASE journey

Spirent’s SASE-driven work with customers targets new outcomes and capabilities, making it possible to:

  • Generate data to quantify risks, justify risk management programs and track their performance.

  • Test security solutions, collecting data on cyber security risks and determine efficient solutions to strike a balance between security and business needs.

  • Continuously assess the security systems evolution in a fast-changing environment, ensure performance and management of hybrid solutions, data protection and resolution of shadow IT challenges.

  • Validate and comply with end customer KPIs/SLAs, system functionality and stability, with better product representation and validation of relevant use cases.

Learn more about SASE testing challenges and strategies右箭头图标

喜欢我们的内容吗?

在这里订阅我们的博客

博客订阅

Oleksandr Dmytriiev

安全和网络解决方案高级产品经理

Oleksandr Dmytriiev现任思博伦的SASE/SD-WAN解决方案高级产品经理。他当前的职责是管理融合了安全、网络基础设施和云领域多种技术和产品的下一代解决方案。在加入思博伦之前,Oleksandr曾在多家电信软件厂商和大型企业就职,负责管理诸多软件产品线的产品管理团队,业务领域涉及SD-WAN、OSS、BS云和机器学习平台等。如欲联络Oleksandr,请关注他的LinkedIn:https://www.linkedin.com/in/odmytriiev/