For many years, information security has been built on the concept of perimeter-based network security that assumes all internal entities within a network boundary are trusted and external entities are not trusted. It is this model that has formed the basis from which many companies have allowed access to their networks for decades.
However, the tide on this arguably outdated trust-based notion of access is turning. While the network perimeter is known to be the boundary between an organisation’s secured internal network and the internet (or other external, untrusted parties), these boundaries are now shifting.
Indeed, the coronavirus pandemic has had a profound impact on the world of work, particularly from an IT standpoint.
In April 2020, 46.6 per cent of people in employment did some work from home, 86 per cent of these having done as a direct result of the coronavirus pandemic. And as we have continued to make our way through 2020 and into 2021, it’s becoming increasingly clear that this “new normal” is, at least in part, here to stay.
According to an August 2020 report from the BBC, fifty of the biggest UK employers said they have no plans to return all staff to the office full-time in the foreseeable future. Further, a survey has revealed that 19% of workers would like to work from home five days a week in 2022.
As a result, people are working from home, they’re mobile working, they’re in the office and that means data is everywhere. The use of SaaS applications has rocketed, with Office 365, Box, and Salesforce now in the mainstream.
What does this all mean? It means that there is no longer a single defined, defensible line of separation between a company’s internal assets and the outside world. Today, thanks to the accelerated digital transformation of the working world that has occurred in the past 18 months, the network perimeter is fading away.
Adopting a cloud-first mindset
Indeed, the benefits that can be derived from adaptable, hybrid ways of working and the associated cloud-based infrastructure upon which they’re allowed to succeed are sizeable.
Employees benefit from a greater work-life balance, with less time spent commuting and greater flexibility in their day-to-day schedules. As a result, people have readily become more upbeat about the prospect of work. Forbes, for example, states that teleworkers are approximately 35-40 per cent more productive than their office counterparts, delivering a measured output increase of at least 4.4 per cent.
Similar metrics can be cited in relation to performance, engagement, retention and profitability – statistics which will force many companies to think twice about a return to a pre-pandemic centralised, office-based setup.
In order for a remote or hybrid model to succeed in the long run, however, certain preparations and considerations need to be made.
It’s not as simple as flicking a switch. In the case of security, productivity and other natural business priorities, companies need to consider adapting their infrastructure so that it supports a cloud-first mindset.
CASB and SASE
Back in March 2020, at the onset of national lockdowns induced by the coronavirus pandemic, companies globally were forced to digitise their operations almost overnight to continue operating effectively.
Here, many attempted to maintain a centralised approach to work by leveraging solutions such as virtual private networks (VPNs), connecting employees in disparate locations to their central network. However, many of these companies will have since realised that VPNs are fraught with flaws and issues.
They are very much a case of square peg, round hole. Central networks were not designed to sustain remote operations, and VPNs readily suffer from bottlenecked traffic that can seriously hamper productivity, as well as exposing a series of potential vulnerabilities that have the potential to compromise security.
Indeed, the answer to such challenges to many might be novel, yet it is a simple one: In order to sustain remote and hybrid working models most effectively, a solution with a cloud-first, zero-trust mindset needs to be deployed.
Enter cloud access security brokers (CASBs) and secure access service edge (SASE) – two solutions garnering greater attention in the cloud arena within the COVID context.
As we have already discussed, a rise in remote employees and increased reliance on SaaS applications has widened security gaps and made it more difficult to protect users at the edge. CASB and SASE, however, are two ways in which these insecure gateways can be shut off.
First, let’s take a look at CASB.
CASB refers to a cloud-hosted software that acts as a security policy enforcement intermediary between an end user and a cloud service provider. Essentially, they allow an organisation to extend the reach of their security policies from existing on-premises infrastructure to the cloud, as well as implementing new guidelines.
In this sense, they have been vital in helping many enterprises adopt zero-trust models – a concept centred around the belief that any entity trying to access a system must be verified. By implementing a CASB, companies benefit from holistic, real-time, transparent visibility over unmanaged devices connecting to their cloud services.
SASE (a term coined by Gartner), meanwhile, builds upon CASB to not only uphold security, but equally prioritise productivity and seamless cloud-based operations.
While the latter has been designed with the specific purpose of solving the challenges of protecting an organisation’s cloud applications, the former works to deliver both networking and security in a single solution to provide both seamless protection and prioritise productivity.
CASB forms part of what is an extensive, fully integrated SASE stack that goes beyond just security, also incorporating optimised network routing offered by SD-WAN, next-generation firewalls and more.
Which is right for you?
In this sense, the main difference between the two is the level of security integration available. CASB is more of an add-on that will bolster a pre-existing security stack, ideally suited to organisations that may have already invested significant time and efforts into developing a security solution.
SASE, meanwhile, provides a fully integrated WAN networking security solution capable of connecting disparate mobile end users, home working environments and offices to the cloud, corporate applications and the internet in a holistically secure manner.
Which is right for you will ultimately depend upon your business’s goals, situation, ambitions and requirements. CASB is limited by its need to integrate with other security solutions, and SASE equally has its own downfalls in the sense that it can’t be plugged and played like CASB.
What is for certain, however, is that such solutions are integral to ensuring company security and best practices in the new remote and/or hybrid working normal.
In an increasingly perimeter-less world, which shows no sign of slowing down or of many companies returning to a purely office-based operational medium, SASE and CASB can prepare organisations which are pursuing newly redefined digital transformation journeys in a secure, productive manner.
The opinions expressed in this post belongs to the individual contributors and do not necessarily reflect the views of Information Security Buzz.