Thursday, August 11, 2022
Data Centre & Network News
  • Data Centres
  • Networking
  • Features
    • UPS & Power Distribution – January
    • Cooling – February
    • Security – March
    • Enclosures, Cabinets & Racks – April
    • Colocation – May
    • Cable Management & Labelling – June
    • Cloud Computing & Storage – July
    • Energy Management – August
    • Testing & Test Equipment – September
    • Wireless Networking – October
    • DCIM – November
    • Intelligent Buildings – December
  • Infrastructure
  • Data
  • Media Kit
  • Events
  • Contact
No Result
View All Result
  • Data Centres
  • Networking
  • Features
    • UPS & Power Distribution – January
    • Cooling – February
    • Security – March
    • Enclosures, Cabinets & Racks – April
    • Colocation – May
    • Cable Management & Labelling – June
    • Cloud Computing & Storage – July
    • Energy Management – August
    • Testing & Test Equipment – September
    • Wireless Networking – October
    • DCIM – November
    • Intelligent Buildings – December
  • Infrastructure
  • Data
  • Media Kit
  • Events
  • Contact
No Result
View All Result
Data Centre & Network News
No Result
View All Result

Why Secure Access Service Edge is key for a distributed workforce

Beatrice by Beatrice
February 28, 2022
in Edge, Networking
6 0
0
Share on FacebookShare on Twitter

Written by Daniel Blackwell, Product Manager – Network and Security at Pulsant, on using edge to transform networks.

The huge shift to remote working and the increased sophistication of SaaS applications used by employees on vastly extended networks present significant security challenges.

Supercharged by the pandemic, these major trends have left many businesses struggling to address the long-term security risks generated by such an expanded attack surface.

The problem is that thousands of employees are now working from uncontrolled environments, frequently using their own devices, and almost certainly relying on domestic networks. Personal devices and home broadband lack the same security protocols and controls that apply to corporate devices and networks, making them more vulnerable to cyber-attacks.

Internet access is often shared with other devices, while home networks either have weak passwords, or none at all, and are generally configured without encryption. All these vulnerabilities provide multiple angles of attack on a corporate network which are potentially easier to carry out than many other methods employed by criminals or activist hackers.

The picture for IT chiefs is further complicated by the use of multiple cloud vendors and the steadily growing adoption of hybrid infrastructures for sound business reasons. This further compounds the vulnerabilities of an expanded surface, with multiple ingress points to access distributed business information and systems, which all need to be controlled and monitored.

Removing the IT headache

For IT teams these developments are problematic. Applying security policies to each employee working remotely can be complex and costly. For example, applying the same policies and controls could require deploying a firewall at each employee’s home which is expensive and generates huge management overheads. The alternative of providing each employee with a remote VPN connection back to a central office location goes against the flow of what businesses need today for increased agility and cost-effectiveness. As organisations increasingly move to decentralised services employing SaaS applications and public cloud, there is little sense in routing traffic back through an office location.

The role of SASE

Secure Access Service Edge (SASE) is increasingly emerging as a solution to most of these difficulties, enabling organisations to apply security policies to employees wherever they are working, using a centralised management policy. Adoption of SASE remains cautious, however, largely because there is no settled definition of what it is, nor has it been standardised, causing significant confusion about the benefits that it can bring.

Depending on who you want to believe, SASE comprises all or most of the following technologies: secure web gateways (SWGs); web-filtering; cloud access security brokers (CASBs); firewall-as-a-service (FWaaS) and Zero Trust Network Access (ZTNA). Many organisations will already have some of these applications in place but not in a unified, cloud-based solution that provides genuine control, visibility and management, removing the drudgery and cost of overseeing and administering them separately.

Gartner defines SASE as an extension of SD-WAN to include other network security controls and services that can be centrally managed through the same SD-WAN management plane. This covers the essential elements of network and application optimisation, access control and the vital requirement for the IT team to have full visibility. With these capabilities, troubleshooting becomes much quicker and more effective.

Unfortunately, many vendors have boarded the SASE bandwagon in what are often little more than rebranding exercises. They slap the SASE label on cloud-based security solutions that are not managed by a single dashboard and still involve multiple separate products. Others claim to provide SASE even without an SD-WAN offering, while yet more offer elements of SASE but not the full product range.

In the current market, there are very few vendors who provide SASE matching Gartner’s full definition. This does not mean, however, that SASE is something that organisations should disregard; instead it should be seen as more of a framework to build a solution that helps solve the security complexities introduced by modern working.

Zero trust and the edge

SASE is fundamentally about the application and the user. With SD-WAN, the primary purpose is to have control over the application and apply routing policies to ensure the right applications obtain the best possible path. This optimises performance for the end-user and enables organisations to upgrade or implement new applications efficiently and quickly.

True SASE means applying the same principles of efficiency and agility to security controls. The application and the user are still considered, but more specifically it is about ensuring the right user has access to the right applications, but only those applications. This implementation of the zero-trust approach can even be broken down further to the right device, at the right time of day, from the right network, and access restricted to applications and web services based on the security posture of the user, device, and destination.

The physical location of the SASE ‘engine’ should also be considered. The term cloud implies that something is located everywhere, while in the UK this typically means it is hosted in one location. By having regional points-of-presence, the enforcement of security policies is distributed closer to each user wherever they are working.

Using this approach, organisations can stop employees from accessing known bad web services, regardless of location, removing the risk of downloading malicious files or applications. If malware does get through and a device is breached, access can be revoked, preventing attackers from gaining access to applications or services.  

Securing the edge

Genuine SASE forms a comprehensive package that combines a variety of solutions, and as organisations move towards distributed and decentralised applications, SASE and SD-WAN provide agile and flexible central controls.

These are vital attributes. Remote working policies are now permanent and widespread, and before too long, SASE and SD-WAN will enable IT and security teams alike to bring security protocols closer to users. The outcome will be a highly-resilient network that optimises the edge and truly supports its users and protects them from emerging and increasingly sophisticated cyber threats — whether they are at home, on the road, in a branch office or headquarters.

Tags: applicationsBroadbandEdgeedge computingITNetworkingPulsantSaaSSecurity
Share2Tweet2Share

Related Posts

Reading can expect £1bn economic boost from CityFibre rollout

Reading can expect £1bn economic boost from CityFibre rollout

August 8, 2022
37
Altnets wins the Hustle Awards’ Top Performing Team of the year

Altnets wins the Hustle Awards’ Top Performing Team of the year

August 4, 2022
44
Macquarie Telecom Group joins the VMware Sovereign Cloud initiative

Macquarie Telecom Group joins the VMware Sovereign Cloud initiative

August 3, 2022
44
Stream and T-Systems partner to advance hybrid cloud architecture

Stream and T-Systems partner to advance hybrid cloud architecture

August 3, 2022
46
Telecom veterans to drive PowerHouse Data Centers’ growth

Telecom veterans to drive PowerHouse Data Centers’ growth

July 27, 2022
80
Adare SEC renews cloud partnership with Six Degrees

Adare SEC renews cloud partnership with Six Degrees

July 26, 2022
42
liquid cooling
cooling

Rising temperatures highlight need for liquid cooling systems

August 10, 2022
47
Airedale appoints Adrian Trevelyan as data centre lead
cooling

Airedale appoints Adrian Trevelyan as data centre lead

August 9, 2022
40

Head office & Accounts:
Suite 14, 6-8 Revenge Road, Lordswood
Kent ME5 8UD
T: +44 (0)1634 673163
F: +44 (0)1634 673173

cooling

Rising temperatures highlight need for liquid cooling systems

August 10, 2022
47
cooling

Airedale appoints Adrian Trevelyan as data centre lead

August 9, 2022
40
  • Privacy Policy

© 2018 All Things Media Ltd.

No Result
View All Result
  • Data Centres
  • Networking
  • Features
    • UPS & Power Distribution – January
    • Cooling – February
    • Security – March
    • Enclosures, Cabinets & Racks – April
    • Colocation – May
    • Cable Management & Labelling – June
    • Cloud Computing & Storage – July
    • Energy Management – August
    • Testing & Test Equipment – September
    • Wireless Networking – October
    • DCIM – November
    • Intelligent Buildings – December
  • Infrastructure
  • Data
  • Media Kit
  • Events
  • Contact

© 2018 All Things Media Ltd.

Welcome Back!

Login to your account below

Forgotten Password?

Retrieve your password

Please enter your username or email address to reset your password.

Log In
Cleantalk Pixel
This website uses cookies. By continuing to use this website you are giving consent to cookies being used. Visit our Privacy and Cookie Policy.