Discover how Zero Trust Network Access delivers fast, reliable web application access
Traditional security approaches are flawed, costly, and overwhelming for security teams. Menlo Security is different. It’s the simplest, most definitive way to secure work—making online threats irrelevant to your users and your business.
Our platform invisibly protects users wherever they go online. So threats are history and the alert storm is over.
Traditional network security wasn’t built to address today’s complex enterprise environments. SASE fixes that problem.
Menlo Labs provides insights, expertise, context and tools to aid customers on their journey to connect, communicate and collaborate securely without compromise. The collective is made up of elite security researchers that put a spotlight on the threats you know and don’t know about.
Menlo Labs provides insights, expertise, context and tools to aid customers on their journey to connect, communicate and collaborate securely without compromise.
Share this article
As remote and hybrid work models become the norm and mass migration of application workloads to the cloud accelerates, the need to evolve the underlying infrastructure is much discussed and the benefits of a Secure Access Service Edge (SASE) approach to a next-generation architecture are now widely documented. A much tighter convergence and integration of network connectivity and security functions secures work from anywhere at any time—as demanded by modern businesses while they transform to digital—and ensures that workers remain productive, and work is optimized.
Deciding to embrace SASE acknowledges that today’s work environment has forever shifted to a cloud-based model that gives employees access to the digital assets and applications they need to do their jobs. For many organizations, that’s overcoming a major cultural hurdle indeed. But even with the pandemic accelerating SASE adoption from 10 years to five years, transforming the legacy perimeter into cloud-based, converged capabilities doesn’t happen overnight. It requires work and planning, since enterprises have already invested heavily in the hardware and software that underpin their existing data center–oriented model. Most businesses simply can’t afford to abandon those investments.
The first step in any SASE journey should start with an assessment of your existing investments. Take an inventory of hardware and software to fully understand refresh cycles and develop a reasonable timeframe for phasing out on-premises perimeter and branch hardware. Enterprises must understand the parameters of their existing contracts, the time that remains on them, and how that maps to near-term capacity needs.
Also critical: Soliciting input from voices on both the operations and network sides of the organization. Enterprise network and operations teams often operate separately, which could further complicate a move to a new converged architecture, albeit one that relies on many of the same tools already in use, like secure web gateways (SWG), cloud access security brokers (CASB), firewall as a service (FWaaS), data loss prevention (DLP), SD-WAN, and Zero Trust Network Access (ZTNA). Any migration plan should include bringing together members of both teams—if not physically, then virtually—to assess potential benefits, sticking points, and impacts.
Enterprises should also take inventory of their human capital. People are key to any successful SASE strategy. Understanding the existing skill sets of employees—particularly those who deal with operational and security issues—will help organizations build on those strengths as well as identify and fill in any gaps.
Vendors bear close scrutiny as well. After years of building on a data center–oriented, perimeter-based model, most organizations now find themselves managing a mish-mash of software tools and vendors, and some will be more capable than others of making the shift to an anytime, anywhere approach. A note here—it’s crucial to find a vendor or vendors with platforms that can integrate all elements critical to a successful SASE strategy, and that can securely scale up as business horizons and workforces shift and expand.
In the rush to move to SASE, it may be tempting to plunge in headlong without much prep work. But simply taking the above-mentioned steps alone can pick up the pace for SASE adoption, cutting the time to implement by half.
Like any migration project from on-premises to the cloud, simply taking a “lift-and-shift” approach—assuming that the functional requirements for yesterday are the same as for tomorrow—is flawed. Taking the time to do a much deeper assessment at the beginning will save a lot of time and pain down the road.
In the enterprise, data makes the world go around. It’s the lifeblood of an organization, the currency of modern-day business. Getting a grip on data—understanding what the business has, where it’s located. and how it’s used—has proven confounding to many organizations. Migrating to SASE offers the perfect opportunity for the enterprise to assess its data landscape from both operational and security standpoints.
Knowing what data employees need in order to do their jobs and how to protect it will go a long way in securing newly defined ways of working. From there, the enterprise can turn its attention to developing a set of policies, processes, and procedures to implement as it migrates to a SASE architecture.
As with anything, solving for the big rocks first—securing the early project wins that drive the biggest business impact—is just good practice. In the case of moving to a SASE type of architecture, bringing together operational data and business impact data to align on a schedule of priorities is critical. For example, what cyberattack vectors are having the biggest impact on end users and how can you mitigate that risk first? Or how do you ensure that remote users are working safely now that they’re spending 75 percent of their working day in a browser and VPN capacity is limited?
Using the post-pandemic accelerated rate of adoption as a guide, like Gartner, we believe a migration plan should include the following milestones:
Security, stuck firmly in a box at the edge of the data center, hasn’t caught up with the move to the cloud. Putting a SASE framework in place will bring security up to speed to adequately protect the modern business. Focus on these key security stages:
None of these changes are an easy lift for companies, so adopting the SASE architecture with the proper security controls in place will take time and resources. For skittish organizations or those with limited resources, even a partial implementation will yield the many benefits of SASE and put companies in position to meet the requirements of modern-day business.
On the road to SASE, don’t forget to put a premium on the user experience. That’s what the journey is all about—protecting productivity by giving employees, administrators, and others access to the applications and tools they need to do their jobs, no matter where they are, without the friction that security can often cause. That’s good business.
Discover how you can define your journey to SASE and attend this exclusive learning series and be sure to download our SASE resource bundle here.
Mark Guntrip on May 25, 2021
SWG and SASE, Threat Research
SWG and SASE
To talk to a Menlo Security expert, complete the form, or call us at (650) 695-0695.