Digitalization, work from anywhere and cloud-based computing have accelerated cloud-delivered SASE offerings to enable anywhere, anytime access from any device. Security and risk management leaders should build a migration plan from legacy perimeter and hardware-based offerings to a SASE model.

Key Findings

  • To protect anywhere, anytime access to digital capabilities, security must become software-defined and cloud-delivered, forcing changes in security architecture and vendor selection.
  • Perimeter-based approaches to securing anywhere, anytime access has resulted in a patchwork of vendors, policies, and consoles creating complexity for security administrators and users.
  • Enterprises that consider existing skill sets, vendors, and products and timing of hardware refresh cycles as migration factors will reduce their secure access service edge (SASE) adoption time frame by half.
  • Branch office transformation projects (including software-defined WAN [SD-WAN], MPLS offload, internet-only branch and associated cost savings) are increasingly part of the SASE project scope.
  • SASE is a pragmatic and compelling model that can be partially or fully implemented today.

Recommendations

Security and risk management leaders responsible for infrastructure security should develop a roadmap for the adoption of SASE capabilities and offerings:
Short term:
  • Deploy zero trust network access (ZTNA) to augment or replace legacy VPN for remote users, especially for high-risk use cases.
  • Inventory equipment and contracts to implement a multiyear phase out of on-premises perimeter and branch hardware in favor of cloud-based delivery of SASE capabilities.
  • Consolidate vendors and cut complexity and costs as contracts renew for secure web gateways (SWGs), cloud access security brokers (CASBs) and VPN. Leverage a converged market that emerges combining these security edge services.
  • Actively engage with initiatives for branch office transformation and MPLS offload in order to integrate cloud-based security edge services into the scope of project planning.
Longer term:
  • Consolidate SASE offerings to a single vendor or two explicitly partnered vendors.
  • Implement ZTNA for all users regardless of location, including when in the office or branch.
  • Choose SASE offerings that allow control of where inspection takes place, how traffic is routed, what is logged, and where logs are stored to meet privacy and compliance requirements.
  • Create a dedicated team of security and networking experts with a shared responsibility for secure access engineering spanning on-premises, remote workers, branch offices and edge locations.

View Report

By Philip Hung Cao

Philip Hung Cao (aka #tekfarmer), MSCS, ZTX-I, CCISO, CISM, CCSP, CCSK, CASP, GICSP, PCNSE is a Strategist, Advisor, Contributor, Educator and Motivator. He has 20 years' experience in IT/Cybersecurity industry in various sectors & positions.

Leave a Reply