By: Bahaa Hudairi, Regional Director, META, Lookout
Across the MEA region, almost overnight, it happened — a mass migration to the cloud so that companies’ workforces could keep on collaborating, and businesses could keep on operating. Worldwide, cloud spending in 2020 continued to grow. “We’ve seen two years of digital transformation in two months”, said Microsoft CEO Satya Nadella at some point during this digital wagon trail, indicating that hyperscale providers were doing just fine amid one of the fastest and deepest economic declines in living memory.
Since then, cloud and the workforce collaboration it enables have seeped more and more into everyday business operations. But while many board members and senior executives welcomed the flexibility and scalability of the cloud, CISOs were not among them. CISOs had watched their domains morph from tidy digital dorms into sprawling estates with patchy visibility and out-of-control shadow IT. The cloud was not so much a fluffy, inviting new home to CISOs; they saw it as a dense, unknowable fog of complexity and risk.
The traditional practices used by cybersecurity professionals simply were not designed with the massive scale of cloud infrastructure in mind. Some applications run on premises and some in the cloud; some data is stored on premises and some in the cloud. Vulnerabilities were rife and data breaches and ransomware incidents were inevitable. The headlines alone were proof.
Tying data down
So, in the age of hybrid work, the cloud migration may be over, but data continues to go on tour, flitting in and out of the digital estate to destinations and layovers unknown. Organisations must establish a security framework for traveling data — one that accounts for remote work and a perimeter-less corporate network. The ideal model for modern hybrid environments is secure access services edge (SASE), which unites security and wide-area network capabilities into a single platform.
SASE centres on ensuring uniform enforcement of security policies across each app or service, which previously would have had their own (if any). SASE automates management and enforcement across disparate branch locations and remote users, ensuring consistency across the organisation, from on-premises core applications to employees’ personal devices to key workloads in the cloud. This approach enhances visibility and returns a semblance of control to the SOC.
Because SASE’s tentacles reach into every nook and cranny of the technology stack, it is able to deliver rich context for each attempt to access data. Adaptive access policies use this context along with continuous monitoring of the user and the device risk to protect any app, any cloud, any user and any device from internal and external cyber threats.
SASE arms security professionals with a holistic view of data points like location, device risk level, application reputation scores, and data classification, as well as comprehensive information about session behaviour that can be compared with past behaviour to detect anomalies.
SASE brings together a broad range of technologies. Cloud access security broker (CASB) and zero trust network access (ZTNA) solutions provide secure access and enable visibility across cloud and on-premises applications as well as infrastructure as service (IaaS). Secure web gateways (SWG) add the ability to monitor and control shadow IT across the organisation as it accesses the Internet. Further contextual signals gathered from laptops and mobile devices (inside and outside the control of corporate IT) allows robust endpoint protection. Taken together, these tools provide uniformity in policy enforcement across infrastructure and data.
Data is everything. As its quality and quantity increase, so does a security team’s ability to ensure only trusted users and devices are accessing sensitive information. SASE suffers from a misconception that it is only useful to large organisations. But as long as the data is there, any organisation that implements hybrid work can use SASE to retain control of their environment. However, it is true that as the scale and operational model of a business varies, so will the deployment approach for SASE.
Many approaches to cybersecurity take a divide-and-conquer route that breaks down the discipline into specialties, such as data loss prevention (DLP) or SWG. Each of these teams will collate its own data and none will have the whole-picture vision required to protect hybrid or multi-cloud architectures. Even cloud-based security products are still purchased piecemeal, leaving organizations with silos galore — people silos, information silos, and product silos. SASE requires that the SOC become a single, unified taskforce of analysts and threat hunters, each of whom looks at the whole network when they go on the hunt for threats.
SASE takes some time to deploy, so strategies need to be well thought out and allow the CISO to win buy-in. Targeting high-value areas is a good place to start, as there will be more opportunity to demonstrate value. An inhouse app may need access to the outside world. ZTNA can ensure this access is granular and granted for the time it is needed with credentials that expire along with the business need for access. Just-in-time access limits exposure of the corporate network. Meanwhile, cloud apps that hold sensitive data can be placed behind a CASB.
Of course, SASE itself is not necessarily a single product. And advanced technologies such as ZTNA, CASB, and SWG will not necessarily play well together when procured separately, even if they come from the same vendor. Use of a unified platform can help for those who see the value in SASE but do not have the time or skills to integrate several core technologies. Good unifying platforms will stand out through their monitoring and policy-enforcement capabilities, covering visibility of user behaviour, endpoint risk posture, and data sensitivity. If it can do all that, then it will be ideally placed to enforce consistent policies across on-premises and cloud apps, and on-premises and Internet data access.
Hybrid workplaces have all but obliterated the digital perimeter and regional SOCs must adapt. The modern security posture must be built around a perimeter-less domain. And security architectures must embrace the presence of the cloud and a range of other factors, such as distributed applications and remote personal devices. SASE is up to the task.