sb-au logo
Story image

Crawl, walk and run with SASE adoption

23 Mar 2021

Article by Bitglass regional sales director for ANZ Wayne Neich.
 

Customers and prospects constantly ask questions about secure access service edge (SASE) and how such a platform can address their modern security use cases. In particular, organisations wish to know how they should go about deploying a complete SASE platform.

They would do well to research the technology and seek the most comprehensive solution, one in which there is no shortage of functionality they can use to secure interactions between any devices, apps, web destinations, on-premises resources, and infrastructure.

So for many organisations, the question is, “Where do we start and how do we move towards deploying the whole platform?”

For organisations that would prefer to pace themselves and take a slower, more systematic approach to SASE adoption, a strategy of ‘crawl, walk, run’ is recommended. Start by addressing simple use cases through table-stakes technologies that will deliver quick and easy wins. From there, move on to address increasingly complex use cases through more advanced technologies.

Crawl

Organisations should begin with basic, out-of-band CASB protections for data at rest, since these are simpler to deploy because they are not inline or real-time. This is accomplished through API integrations with applications like Office 365, Box, G Suite, Salesforce, and others.

In this way, businesses can scan for sensitive data patterns already existing in their cloud resources, find out if they are shared publicly, and identify documents at rest infected with malware.

At the same time, they should consider implementing discovery functionality for identifying unmanaged applications in use, as well as cloud security posture management (CSPM) for locating and remediating misconfigurations in IaaS platforms.

The benefit of this approach is that it delivers visibility over sensitive data in the cloud as well as unknown SaaS application usage, helping to form a more robust cloud security program and helping to shape policy with executive management.

Walk

With the initial out-of-band protections in place, companies can begin to roll out more advanced inline technologies. Specifically, they can utilise a selected CASB with specialised proxy deployment modes.

By proxying traffic, an organisation can solve more complex (and arguably more important) use cases. For example, scanning files at upload and download for real-time data and threat protection as users access cloud resources.

This can be accomplished agentlessly with the right technology — one that includes a reverse proxy. This is incredibly important for securing unmanaged devices (contractor endpoints, BYOD and more).

Run

With both out-of-band and inline CASB functionality in place for securing data at access and at rest in the cloud, organisations can proceed to deploy the other components of a comprehensive SASE platform.

First, they should seek, implement and roll out an on-device smart edge secure web gateway (SWG), which can provide superior performance, scalability and security for the web and shadow IT.

Look for a device that comes complete with upload DLP controls for non-corporate SaaS applications. Then it will be possible to deploy zero trust network access (ZTNA), which includes real-time data and threat protection for true zero-trust security for on-premises resources.

By moving through such a process, organisations can deploy a fully-featured SASE platform and secure any interaction.

Story image
Video: 10 Minute IT Jams - Who is Okta?
Okta is an identity and access management company, specialising in secure user authentication. It's an enterprise-grade identity management service, built for the cloud, but compatible with many on-premises applications.More
Story image
Microsoft Exchange breach a wake-up call to ditch the server
"There are owners who still have in-house exchange servers because they are suspicious of the cloud or have concerns about their data sovereignty or don't want to contemplate the capital expenditure. But the warning is clear. Get rid of them."More
Story image
2020 sees a global shift in financial malware threats
The financial threat landscape experienced a game-changing pandemic year, according to a new report from Kaspersky.More
Story image
Zscaler and CrowdStrike release integrations for end-to-end security
This collaboration between the two cloud-native security companies provides joint customers with adaptive, risk-based access control to private applications.More
Story image
Why a more secure organisation is a collective responsibility
With vast volumes of data moving to the cloud, many IT professionals are frequently challenged to protect their enterprise environment, and there is a greater focus being placed on advancing cybersecurity strategies.More
Story image
Video: 10 Minute IT Jams - Radware VP on the challenges of cloud security
In this interview, Techday speaks to Radware vice president of technologies Yaniv Hoffman, who discusses the primary challenges facing IT organisations in terms of their cloud security apparatus.More