Digital transformation, cloud adoption, and the expanding hybrid workforce have fundamentally changed the dynamics of the security and connectivity landscape. Businesses like yours rely on applications, and more employees than ever are using the internet and different types of devices (managed and unmanaged) to access business apps.
With this shift, cybersecurity professionals have been working to maintain and scale security while ensuring business continuity and a great employee experience. At the same time, with more apps moving to the cloud, more workloads are distributed across public clouds and SaaS. The app landscape is transforming and becoming more complex.
In this blog post, the first of a three-part series on the secure access service edge (SASE) journey and security strategy, I’ll look at why you need to rethink your security strategy with a new and holistic approach that suits our modern enterprise era and complex application landscape.
What Is SASE Used For?
1) A Rapidly Expanding Attack Surface
Traditional enterprise architectures and siloed approaches relied primarily on datacenter security, point products, and redundant firewalls in their corporate or branch networks, as shown in the graphic below. These approaches don’t work for today’s dynamic app connectivity, compliance, and security requirements.
With the shift to public clouds, multi-cloud, and SaaS, more sensitive data and business critical apps are residing in the cloud than in datacenters or private clouds. This makes the complex environments more challenging to secure and manage, especially considering the dearth of expertise that’s needed to handle the complexities IT teams face today.
The growth of hybrid work and the expanded uses of different types of devices and endpoints increases attack surfaces for organizations. Corporate managed devices are often the most secure way to provide remote access because IT has the most control. At the same time, employees want and need to use BYOD devices, which can increase the risk of security events.
All these complexities and the expanded attack surface create opportunities for attackers. As a result, organizations need to rethink their approach to security and make it as seamless as possible for employees to access apps securely from anywhere, at anytime, and from any device.
2) New Hybrid Work Models
As your organization modernizes and adapts to the new hybrid-work model, you need better understanding, visibility, and control of your users, data, and apps before you secure them. Every organization’s journey to the cloud will be different, depending on their business apps, security and networking technologies, connectivity requirements, and the gaps they need to fill.
Here are some key challenges with point products and traditional approaches to security and networking:
- Inadequate, inconsistent security policies: Multiple logins and overlapping security policies can lead to insecure practices and increase security risk
- Increased IT cost and complexity: Managing multiple vendors is costly, inefficient, and complex
- Degraded user experience as collateral damage: Poor end-user experience, poor adoption, and shadow IT
3) Expanding Business App Portfolios
In a typical distributed enterprise network, there are usually different types of business apps that vary in how they’re hosted, delivered, and consumed by users. Here’s an overview of different apps you might see in a typical extended enterprise environment and some of the challenges:
SaaS Applications
Software-as-a-service (SaaS) continues to gain traction across all corners of the business world and for good reasons. With SaaS, organizations move away from traditional software installation, maintenance, and management approaches in favor of delivering cloud-based apps via the internet.
Internet / Web Applications
We all use web apps personally and professionally. Many organizations use traditional security products to monitor these traffic flows, which can increase latency and lead to a poor user experience. Some use secure web gateway services from the cloud, and some allow direct internet access. All these scenarios lack a unified approach to security and can increase an organization’s risk of attack.
Internal / Private Applications
Your IT team manages internal apps, which can be homegrown or proprietary and hosted on premises or in the public cloud. Many organizations still rely on conventional VPN technologies to provide access to these applications, which can create security risks for your organization.
Legacy Applications
Proprietary legacy apps aren’t necessarily built for the cloud and usually need to stay in your local datacenter. There are still lots of legacy apps out there that power important business processes. Even if a legacy application appears to be easily “transportable” to the cloud, it could be designed under a security environment that no longer exists, requiring additional efforts and security measures to keep it functional.
Hosted Applications on Cloud-Native Platforms
Cloud platforms can be categorized into platform as a service (PaaS), containers as a service (CaaS), and self-hosted platforms on infrastructure as a service (IaaS). With services delivered from the cloud, hardware limitations are removed, and apps can be delivered with more flexibility. Resources can easily scale up and down as needed so businesses can accommodate traffic changes or easily add or remove cloud services.
Virtual Applications
Virtual apps enable users to access and use an application from a computer other than the one on which the app is installed. Using app virtualization software, IT admins can set up remote apps on a server and deliver them to an end user’s computer. Without app virtualization, the IT admin would have to physically install or uninstall apps from the user’s device. For the user, the experience of the virtualized app is the same as using the installed application on a physical machine.
How SASE Can Help with Hybrid Work
As the app landscape becomes more complex and as you transition to the cloud, choosing the right security framework and technologies can help your IT teams to move forward with confidence and ensure your employees can work from anywhere, securely and seamlessly, regardless of device.
The first step in getting started with SASE architecture is to understand the critical apps you’ll need to support your business. That will also help provide a baseline for your security strategy to stop breaches, reduce complexity, and enable agility, scalability, and growth across your distributed hybrid workforce.
Additionally, with this new hybrid work model, you’ll need to evaluate your existing infrastructure to identify gaps and the best approaches to protect your technology investments, reduce complexity, and eliminate silos.
Learn how a SASE model can help.
Stay Tuned for More SASE Insights
In my next two blog posts, I’ll cover SASE in detail and look at how Citrix’s single-vendor approach to SASE security can help you to unify, secure, and simplify work experience, across every work channel and location in your distributed environment.
