Deploying Secure Access Service Edge (SASE) in hybrid cloud environments poses challenges. Read which ones and how to master them. […]
Companies looking to adopt and implement secure access service edge technologies and practices in a hybrid cloud environment face some challenges. This includes, for example, driving the organizational change required for this paradigm shift, regulating responsibilities appropriately and ensuring that the right providers and products are used. This is the only way to actually achieve the desired results.
Hybrid cloud environments inevitably require a new approach to cybersecurity, including new tools and practices – and that’s where SASE comes in. Many IT and security experts will argue that Secure Access Service Edge is nothing new and is essentially a consolidation of existing tools, technologies and practices. There is some truth to this perspective, but in many ways the consolidation and integration of different skills and methods is a form of innovation.
Since 2019, SASE has been considered the future of cloud computing by market specialists such as Gartner. The management consultancy assumes that 40 percent of all companies have set up a strategy for the introduction of Secure Access Service Edge by 2024.
SASE is widely regarded as a consolidation of various security tools and methods such as Cloud Access Security Brokers (CASBs), firewalls-as-a-service and Zero Trust, each of which in turn has its own nuances and complexities. So why the push for SASE? In part, to consolidate the rapidly growing list of tools and methods used to secure cloud-native environments, but also to take advantage of the SASE approach and the associated security model. These include, for example, an improved level of security, the ability to implement zero trust concepts, increased and reduced complexity.
The rapidly growing trend towards remote and hybrid work has put many companies in front of the question of how secure access to corporate resources is possible without compromising the level of security. One way to achieve this is to move SASE from a location-based security model to a user-centric and contextual approach (e.g. zero trust). This can include contextual information such as geographic location, authentication method, and device health. Instead of routing user traffic through the company’s own security stack, users are given the flexibility to access applications and services, regardless of whether they are running on-premises or in the cloud. Security is partly shifted to users’ devices to detect malicious behavior or compromise.
With the transition to a hybrid cloud environment with a distributed workforce, there must be a convergence from a security and network point of view. The fact that with the introduction of SASE, companies are moving away from WAN-like network models and using the Internet as the primary way of communication makes things even more complicated. This requires a different approach to security, as it is a network that is no longer in your possession. This is why zero trust methods – and subsequently SASE – are important.
Below we have compiled the three most important challenges that companies have to face when implementing SASE in a hybrid cloud environment for you:
1. Collaboration of network and security teams
Similar to DevOps/DevSecOps, where the goal is to break down the silos between the teams, SASE justifies a review of roles and responsibilities and – more importantly – the level of collaboration between network and security teams. This is especially true in hybrid cloud environments, where different employees may be managing the on-premises infrastructure and security, and others may be focusing on the cloud. Such a procedure is not ideal. This also applies to cloud-native environments, where developers are increasingly taking on more responsibility for the tech stack through infrastructure-as-code implementations.
2. Navigate through the tool landscape
Another difficult aspect of SASE is navigating through the tool landscape and the associated ecosystem. Since Secure Access Service Edge is essentially a consolidation of tools and methods, it creates a complex and confusing provider ecosystem in which companies have to find their way around. On the one hand, this is due to the exuberant marketing messages of the providers, on the other hand, to the variety of tools and functions available.
Even if a company has decided on certain tools and wants to implement them, it will have to deal with its existing technology package. This includes an analysis that searches for duplicate functions. These can be eliminated when switching to the more modern, cloud-based SASE tool paradigm. If proper tool consolidation does not take place, this can lead to tool proliferation, disjointed functions and an incoherent enterprise architecture.
Surveys also show that security teams are struggling with the side effects of solution proliferation – such as overwork, burnout and frustration. This can lead to critical security risks being overlooked. Hybrid cloud environments exacerbate this challenge, as the existing security tools are often not suitable for securing cloud environments. As a result, companies are looking for additional tools to secure their cloud environments. These must then integrate with the existing security tools and practices.
3. Creating trust in SASE
Trust is a problem for many specialists when it comes to adopting the SASE approach for hybrid cloud environments. Due to the highly consolidated functionality of SASE tools, companies are naturally expected to place great trust in secure Access service edge providers to cover their network and security needs. Companies must perform their due diligence to ensure that they work with partners who are reputable, have broad market acceptance, have defined service level agreements and can act as trusted partners.
This article is based on an article from our US sister publication CSO Online.
*Chris Hughes writes for our US sister publication CSO Online.