Why SASE is vital for the cybersecurity industry [Q&A]

One of the frameworks that has received greater attention since the acceleration of digital transformation is Secure Access Services Edge (SASE).

But what does its adoption mean for the security industry and how can enterprises best take advantage of SASE? We spoke to Mary Blackowiak, senior product marketing manager at AT&T Cybersecurity, to discover more.

BN: Why can't businesses afford to ignore SASE?

MB: One major reason is that the data center is no longer the concentration point of the network for many organizations that are adopting cloud services as a more agile way to do business. Many businesses have more applications hosted in the cloud than on-site, more employees working from remote locations than ever before, and data is being accessed from a wide range of company and personally owned devices. All of these factors combined make it difficult for network and security administrators to know what applications and data are being accessed (and by whom), as well as their usage. And what you cannot see, you cannot manage or protect.  

BN: How does it assist network and security administrators in gaining a clearer view of the overall view of their security posture?

MB: One of the guiding principles of SASE is that vendors and technology be consolidated to reduce the complexities that arise from managing point solutions. This is especially true when network and security technologies are integrated to share data in order to provide contextual intelligence and automation or when they can be controlled through one central management console.

These digital transformation trends and diversification within vendor portfolios started well before Gartner had coined the phrase SASE, but businesses have been very receptive to the recommendations for how they should approach networking and security in the future, because it just makes sense.

BN: It seems that large scale remote working is here to stay, what's the role of SASE in securing it?

MB: The old approach to security was that everyone on the network was trusted while traffic originating from outside of the network should be scrutinized. This philosophy does not work in today’s environment of employees and partners working from just about anywhere and conducting business off network. But besides being antiquated, providing open access to anyone on network is just reckless because it does not take into account the possibility of insider threats. Organizations must instead make decisions about access based on user identity, as opposed to where they are physically located.

With users and applications being more distributed than ever before, technologies that offer worldwide points of presence and peering relationships should be an important consideration. Having a point of presence that is geographically near a user facilitates a shorter logical path between them and the resource they are accessing, allowing them to focus on accomplishing their job duties or tending to customers, as opposed to waiting for applications and web pages to load.

BN: How does SASE help to manage hybrid IT environments?

MB: Although digital transformation has been underway for quite some time, it was really accelerated in 2020 by a sudden remote workforce -- and this naturally brings about the emphasis on convergence. But we also need to acknowledge that many businesses, especially those that are larger and/or well established, will be running a hybrid environment for the foreseeable future. SASE can help support these organizations through each step of their transformation by offering solutions in various form factors that interoperate with each other and are managed through one pane-of-glass.

What is truly exciting in our industry is that organizations are starting to realize that security can actually be a business enabler, not just a technical problem -- especially when it comes to the hybrid environment. And working with a trusted advisor to bring all the elements of SASE together on this transformational journey is critical to helping protect it.

BN: Gartner was saying SASE was the future of network security back in 2019, are we reaching the point of mass adoption?

MB: SASE is still a relatively new concept, and like many others, it will be rolled out in phases, over time. Even Gartner acknowledges in its publications that SASE is early in its hype cycle, with mass adoption likely to occur over the next several years.

It is important that businesses look beyond the sales pitch to understand a vendor’s full suite of offers, where the points of presence are hosted, and how they interoperate. I think of it as being similar to compliance with industry regulations or frameworks. There isn't one security solution, that if deployed, will check every box to demonstrate compliance. It is typically a stack of security products, policies, and procedures and there are many ways of accomplishing the end goal. SASE is no different and therefore these principles will become increasingly important to organizations as guiding principles when it comes to security best practices.

Image credit: fotogestoeber/Shutterstock