Nathan Howe, Vice President of Emerging Technology at Zscaler
Similar to how the meteorite impact on Earth millions of years ago ensured that the Earth’s surface was no longer the same and led to the extinction of the dinosaurs, fundamental changes in the IT world can currently be observed. These IT processes also have to do with adaptations to changing environmental conditions, just as they were imposed on the animal and plant world at that time. Even if these modernizations in IT had already been initiated by the relocation of applications to the cloud, the pandemic can be equated with the impetus from the outside. In a previously unknown way, companies were forced to adapt their IT landscapes around the globe to the new conditions, at unprecedented transformation speeds. But which of the traditional infrastructures will be left behind in this process sooner or later?
As proof of the upheavals, Gartner is helping to set the course for the reorganization of the IT infrastructure with its new security paradigm of the Security Service Edge (SSE). The new quadrant, with its standardisation of security parameters as a service function, represents the natural evolution of the SASE framework. By eliminating the “A” for access, the decreasing importance of the security stack at the network perimeter, which previously regulated the access authorizations to the corporate network and thus ensured IT security within the sealed borders, becomes transparent. Today, the network itself is no longer considered part of the security control authority, but is merely classified as a means of transporting data streams towards a new security model.
The traditional network is losing importance
SSE thus reflects the circumstances that have gained relevance in the companies over the past two years. Employees have left the secure network in favor of new working environments (and due to arranged contact restrictions) and accessed their applications from anywhere. The applications have already found a new home in cloud environments for a decade, gradually reducing the importance of the data center. Driven by the pandemic, however, the procrastinators have also made their way to the cloud. But if there are neither applications nor employees within the corporate network, what sense does a security stack at the network edge still make? The answer to the reorientation of the security infrastructure is provided by the Security Service Edge.
In modern working environments, the protection of the direct path from the user to his application plays the decisive role – without the intermediate step of a network perimeter. And it is precisely around this core idea that a security Service Edge approach revolves, with Zero Trust being the cornerstone of its implementation. If a user needs access to an application or a service, then this access must be defined in a role-defined manner and continuously monitored. Regardless of where the applications are stored, security must be implemented inline on the path between user and application. This supervisory authority best assumes a cloud function that offers the necessary agility and flexibility for a wide variety of application scenarios.
This makes a working model a reality that is no longer tied to a network for access to applications, but offers universal access based on the user identity, regardless of the user’s location. The least privileged access shows its strengths in all modules of the SSE and accordingly also forms the basis for CASB or DLP. The focus is always on policy-based access rights, whether for access to permitted applications, web services or at the level of individual documents.
Universal access for future scenarios
In order to keep up with the changes, IT departments today have the task of selecting the right tool for a task. Transferred to IT security, this means that you have to understand the step away from network appliances as gatekeepers for security tasks and follow a new approach with SSE that switches security directly between the user and the application or service. At the same time, the IT departments are paving the way for companies to take the next steps towards digitization. Because Zero Trust not only shows its strengths for user access authorizations, but can also be used for devices or workloads.
With applications that are outsourced to the edge or IIoT and Operational Technology (OT), the next digital applications that also want to be secured are in the starting blocks. Then it is no longer just the cloud that is the connective tissue for access, but the Internet or, in the next step, even the wireless connection via the next generation wireless standard. Because 5G already enables completely new application scenarios beyond the classic network, whose data transmission and access authorizations should also be secured. And this is where cloud-based security can also come into play. This not only paves the way for today’s security requirements of employees for their applications, but also brings the full potential of the cloud into the future. The classic network is completely thrown off its hinges by edge computing.