Secure Access Service Edge (SASE) is becoming increasingly adopted in both commercial and federal organizations. In a complex technology ecosystem, a SASE strategy aims to streamline disparate systems into a common, unified framework.
What is SASE?
According to Gartner, SASE delivers “multiple converged network and security ‘as a service’ capabilities, such as software-defined wide-area network (SD-WAN), secure web gateway (SWG), cloud access security broker (CASB), firewall, and Zero Trust network access (ZTNA). SASE supports branch office, remote worker and on-premises general internet security use cases. SASE is primarily delivered as a service and enables dynamic Zero Trust access based on the identity of the device or entity, combined with real-time context and security and compliance policies.”
This graphic was published by Gartner, Inc. as part of a larger research document and should be evaluated in the context of the entire document. The Gartner document is available upon request from Virtru.
What are the benefits of SASE?
SASE aims to streamline a complex and disparate set of systems and network management tools with a more unified model, bringing Zero Trust cloud security and network functions — including identity — into a common framework.
Technology teams benefit from a tech stack optimized for interoperability: SASE aims to unify security efforts across multi-cloud environments, teleworking setups, and data-sharing networks. Enterprise leaders benefit from a more sustainable and unified approach that consolidates vendors and ensures new software and systems provide the necessary integrations and support.
Components of a Strong SASE Strategy
Whether SASE is in your current strategic plan or on your long-term roadmap, there are several components that are essential to a sustainable and effective SASE strategy:
1. Move Beyond ZTNA to ZTDA — Zero Trust Data Access.
According to the Gartner 2021 Strategic Roadmap for SASE Convergence, “The legacy perimeter must transform into a set of cloud-based, converged capabilities created when and where an enterprise needs them — that is, a dynamically created, policy-based secure access service edge.”
A Zero-Trust approach to security assumes that your network has already been breached, and it requires every user or system to authenticate its identity. While the Gartner recommendation of implementing Zero Trust Network Access (ZTNA) is a step in the right direction, a stronger approach is Zero Trust Data Access — implementing Zero Trust at the data level.
A data-centric approach is a more sustainable and flexible strategy because it protects the data itself, wherever it travels — both inside and outside your organization. When the data itself is safe, it can travel through cloud environments and even compromised locations while still remaining secure. Building policies that focus on the data itself will equip your organization to glean the greatest value from its SASE framework. History and our current security climate remind us that we must move our decisioning to the only true common denominator: the data. Only then can we convincingly say we have moved beyond a perimeter-based approach.
Risk to an organization changes, and usually increases, as data moves. That movement creates risk because there is no assurance that the protection and access intent is accurately applied and equally enforced where that data travels. A SASE implementation, built on a true ZTDA pillar, solves this problem because the data itself describes the burden of proof required to gain access ensuring the system it finds itself in isn’t the weakest link.
2. Get organized, categorized, and contextualized.
Context is everything. SASE is tightly integrated with identity management, ensuring that enforcement decisions can be immediately applied across the breadth of an organization’s tech stack. It’s vital that endpoints (whether human or machine) prove that they are who they say they are,
Legacy, role-based access control is simply not flexible enough to meet the needs of modern organizations. Data access needs change, and basing access on roles alone is likely to give individuals access to more data than they realistically need, often resulting in access that extends well beyond the intended period and purpose. By using attribute-based access control (ABAC), organizations can get far more granular and accurate in ensuring that the right people have the right access to the right data, at the right time.
For ABAC to be effective, your organization needs to complete an assessment of what kinds of sensitive information you manage and share. This process can take time, especially for a large enterprise, so in the meantime, this shouldn’t prevent you from adopting ABAC protections from this point forward, for new data being created or shared. This will help you deploy essential data protection, such as encryption, to safeguard those most sensitive assets.
3. Embrace (and prepare for) change.
Change is inevitable. Partner and coalition relationships evolve. Information may need to be shared externally for a short time, and some groups may need more access than others. Ensure your ABAC-tagged data remains fully under your control at all times, whether it’s in motion or at rest, and whether it’s shared internally or externally. A strong SASE strategy, plus selecting vendors that deeply integrate those principles, including ZTDA, will give your teams flexibility and control without introducing hurdles or roadblocks.
SASE and Zero Trust: Complementary Strategies
You don’t need to choose between Zero Trust and SASE; you can (and should) have both. Zero Trust is a strategy that strengthens data protection, and SASE is the greater security framework that should be approached with a Zero Trust mindset. Zero Trust should guide your data security decisions, and a data-centric approach to Zero Trust is the most granular and effective way to ensure your data remains protected, regardless of what network it lives on, and even after it’s been shared with an external third party.
Underpin Your SASE Strategy with Virtru’s Data Protection
Virtru’s flexible data protection supports a key component of a SASE framework: A Security Services Edge informed by Sensitive Data Awareness. By assessing the scope of sensitive data your organization manages — and ensuring it’s properly secured — your organization can confidently manage its vital assets in an increasingly challenging threat landscape.
No matter where you are in your journey toward a SASE framework, Virtru can help you put tools and processes in place that will help you maximize the value of your investments by protecting your most important asset — your data — everywhere it travels. Contact Virtru today to start the conversation.
Gartner, 2021 Strategic Roadmap for SASE Convergence, Neil MacDonald, Nat Smith, Lawrence Orans, Joe Skorupa, 25th March 2021
GARTNER is a registered trademark and service mark of Gartner, Inc. and/or its affiliates in the U.S. and internationally and is used herein with permission. All rights reserved