How to Enable Secure Access Service Edge (SASE)
Author: Paul Graham
Release Date: 13/01/2023
What came before SASE?
Consider, for a moment, the work day before any form of internet.
An office would have typing pools, filing cabinets (locked or not locked), a cash office, reception, and visitor book. All of these things were designed to control access within the four walls of the building. The company’s assets had to be protected, so you would add bars to the windows, install shutters, and lock the doors.
Then the internet comes along…
Latest Blog Post:
So take that four walls mentality and reconsider the possibilities. How else can they come and steal things, if not through the windows and doors? Now, we have firewalls protecting the perimeter, and McAfee style net protection products checking all incoming and outgoing activity. From the locked filing cabinets / cash office point of view you have RBAC models, plus the visitor book is the equivalent of logging everything for weird activity.
However, all of this is still within your four walls. If I wanted to steal data, I actually have to hack the perimeter, or I have to sneak into the building and log onto a local machine.
SASE has removed these four walls
I work from home. Somerford Associates don’t own or protect my broadband connection. I have a Somerford device, but I can log into cloud apps from any device. I can use my Somerford account on any application to sign up. I have no firewall. We have to protect threats being uploaded to google drive if someone is phished, hence we now have to protect phishing.
When we think about SASE, we have to consider all the new attack vectors, considering there is no longer a four walls policy when it comes to security.
How do we mitigate all of these?
No single solution does it but with Somerford’s product range it can be dealt with. SASE actually ties all of the products together in a unified language.
Somerford has a full product suite that aligns with the core principles of SASE:
- SD-WAN Service (SD-WAN)
- Secure Web Gateway (SWG)
- Firewall as a Service (FWaaS)
- Cloud Access Security Broker (CASB)
- Zero Trust Network Access (ZTNA)
SD-WAN Service (SD-WAN) – A software-defined wide area network is a wide area network that uses software-defined network technology. Reconsider once more, those four walls. I am now at home, so how do you extend these four walls to me? Netskope Borderless WAN deals with this as it controls access to internal resources without the need for a traditional VPN
Secure Web Gateway (SWG) – Netskope Next Generation SWG controls the websites I can visit even when I’m at home and not on the corporate network. as it is a cloud solution. It is also next generation, which means you can control the activities of users on a particular site in advance.
Firewall as a Service (FWaaS) – If we revisit the four walls mentality again, all data would have to come in through one of the walls; through reams of cabinets in a data centre checking the traffic. Now that I’m working from home, my data isn’t doing that. So we put the firewall in the cloud and now my traffic passes through that instead. No need for internal infrastructure. Netskope can approach this task with Cloud Firewall.
Cloud Access Security Broker (CASB) – Netskope’s CASB solution controls the applications I can use on the web, and even the activities I perform on them, even if installed locally on my machine. Coupling this with integration for tools like Google allows for visibility and further protection of cloud services, making it a must have.
Zero Trust Network Access (ZTNA) – A final nod to the four walls analogy here, as we imagine me logging into Somerford VMs from home. How do you know it is me? How do you control what I can do? I am now in the four walls. Combining Netskope’s NPA (Netskope Private Access) with Hashicorp’s secrets management, and Delinea’s user experience, we can deal with all eventualities in this space.
All allow for least privileged approaches to accessing internal resources (and even public if configured right).
