A Q&A with one of our Cybersecurity Professionals
SASE has been a word tossed around in the cybersecurity world since Gartner coined it in 2019, but what does it actually mean for your organization’s security? Sit down with Aileen, one of our engineers from the field, as she breaks down frequent questions and matter-of-fact solutions.
The Basics – What is SASE?
Q: In your own words, what is SASE?
A: SASE stands for Secure Access Service Edge, but another way I like to think of it is Secured Accessible Service Everywhere. You need to provide business access to your organization (via tools, applications, Cloud apps, etc.), and you need it to be accessible regardless of user location. We all know risking security requirements is not an option. So, I look at SASE as individual checkpoints that are constantly evaluating the risk, timing, user, user location, user device, and authorization while still providing the reliability of applications, protection, and data as a service to users who rely on that information.
Q: Why is SASE such a big trend right now?
A: SASE has been a coined phrase for a while. There has been a slow migration with the growing adoption of Cloud SaaS apps, such as Office 365 or Google G suite. This was accelerated, or also complicated, by the global surge to remote work fueled by a variety of influences, beyond simply health concerns. Businesses are now reducing brick and mortar, and employees can be anywhere while still being functionally present. Traditional boundary network devices were not designed to support the combination of remote users, local users, and cloud SaaS requirements on a large scale. This new paradigm of users becoming decentralized while at home causes performance issues when attempting to route all user traffic back through the home office. Covid has demonstrated to businesses that some jobs can be done remotely, which saves costs on office space and on-premise technology. This will not be a process we see reverted. Cloud resources can scale with growing businesses at a cost that is more affordable than if the business themselves had to scale on–premise.
Q: There are numerous solutions imbedded in the overall SASE solution – what is the importance of ensuring you have all pieces implemented?
A: You have to remember that SASE is like a guide and many vendors implement it differently. The importance is found within completeness of the selected installed vendor solutions and ensuring it meets the use case requirements that you outlined. Rushing to implement quickly introduces opportunity for risk, as most time–sensitive projects may forgo traditional execution processes. Yet, allowing your business to execute a plan of action, build, design, configuration, and installation provides the checks and balances necessary to execute the full SASE solution where less will be overlooked.
Q: How has the movement of a remote workforce impacted the need for SASE?
A: A remote workforce originally consisted of employees who had corporate assets and may have used a VPN (Virtual Private Networks) to access corporate resources when not in the office. Now, remote workers could be on a variety of devices that may not be corporately managed. If businesses adapt SASE and ZTNA (Zero Trust Network Access), they are likely to permit a larger amount of personal device access by employees, which in turn, amplifies the need for effective SASE control and protection. If more employees work remotely, then threat actors will begin to target employees directly since they are more vulnerable at home versus sitting in company headquarters.
Q: How has the movement of IoT (Internet of Things) devices impacted the need for SASE?
A: I heard a valid statement in a recent online seminar I attended: no matter the type of IoT device, it still has a running OS (operating system), even if the OS is not directly exposed to tweak or modify. As often as new devices are created, there are many more that are left behind and their OS is no longer protected by that vendor. Whether or not support is provided, the product functionality remains, as does the risk. These devices provide opportunity for those who wish to take advantage of the weaker security controls inherently available from IoT vendors.
Getting Started – Implementing SASE
Q: When an organization comes to you with a need to implement SASE, what is the first step you take?
A: I look at the first step as threefold: where the customer is today, where they want to be in the future, and what requirements they are identifying that need to be met. These drive a holistic view of assessment to address the full delivery of the solution desired by that customer.
Q: What is one piece of advice you would give someone before starting the process of adopting SASE?
A: The key here is having a project sponsor – you may have identified a need for a product to address areas that are not met today, but without key sponsorship from your organization or business, you do not have internal support or budget to execute the vision.
Q: What is the most important thing to keep in mind before starting this process?
A: Become familiar with what you know about your current environment and be willing to identify what you do not know about your environment. If there are unknowns, a partner like Braxton-Grant can assist in exploring those unknowns so a successful deployment is not sidelined by the lack of risk avoidance discussions. Talk about the elephant in the room before it derails your project initiatives.
Q: What is the advantage of partnering with an engineer (such as yourself) while implementing this solution?
A: I believe the benefit of a partner organization like Braxton-Grant rewards customers with a plethora of information gained from years of lessons learned, not only from ourselves but our work with other customers. We help steer customers clear of solutions that may not meet a need or point them to vendor products that are a better fit to exceed their original expectations. Reading documentation is not a substitute for real-world implementation scenarios that could occur, but having a partner experienced in those challenges goes a long way towards a smoother execution of deployment.
On your way? Keep this in mind when looking for key remaining elements…
Q: What should you look out for in the process of implementing SASE?
A: Resist getting sidelined by flashy add-ons; make sure the product you selected meets your requirements and refrain from being in a rush to turn on extra features without understanding the impact. Simple does not always mean less security, but it does mean less chance to activate a setting or feature that may have understated impacts to your business. Additionally, best–of–breed does not always mean simple to install, and not all best–of breed–offerings integrate well with other vendor products. The overlooked items are one of the things I like to consider a specialty area for myself and my fellow engineers. People underestimate multi-vendor complexity and easily miss opportunities for integration or functionality gaps that are not transparently presented. We whole heartedly continue to train as engineers in multi-vendor products so we can have various methods to solve a unique problem.
Ok, you have implemented SASE. What comes next?
Q: After implementing, what is the next step?
A: After implementing SASE, evaluate your environment. Is it executing the way you expected? Is it doing everything the vendors indicated it would? Do you find yourself looking for simpler ways to troubleshoot? In a way, calling it buyers’ remorse may be appropriate, but the product you bought, installed, and configured may not be working as it was sold to do, and you still need to find the appropriate product to do the job successfully! On the other hand, you may be pleased with your current deployment and want to get upcoming knowledge on the latest emerging. There may be a new requirement on the horizon that you did not have before, so you need to start scoping out what solution will be a good fit and budget accordingly knowing the product you need.
Implementing SASE correctly secures your workforce, no matter where they are. Choosing to partner with Braxton-Grant means we can become an extension of your team, work toward your goals, and be a trusted resource with deep experience that you can leverage.