Find the right approach to browser security
Traditional security approaches are flawed, costly, and overwhelming for security teams. Menlo Security is different. It’s the simplest, most definitive way to secure work—making online threats irrelevant to your users and your business.
Our platform invisibly protects users wherever they go online. So threats are history and the alert storm is over.
Traditional network security wasn’t built to address today’s complex enterprise environments. SASE fixes that problem.
Menlo Labs provides insights, expertise, context and tools to aid customers on their journey to connect, communicate and collaborate securely without compromise. The collective is made up of elite security researchers that put a spotlight on the threats you know and don’t know about.
Menlo Labs provides insights, expertise, context and tools to aid customers on their journey to connect, communicate and collaborate securely without compromise.
Mark Guntrip | May 13, 2021
Share this article
Just about everything today happens in the cloud—except security. Employees do most of their work there, and their critical tools like SaaS applications and email are found there. Even much of an organization’s data is located there. Naturally, security needs to be there as well.
Unfortunately, though, it’s not. It wasn’t too long ago that all those elements, along with employees, resided together within the confines of a building. Data traveled securely between a data center and employees working onsite or in satellite offices. But one by one—beginning with data migration to cloud services like AWS, followed by apps such as Microsoft 365 and G Suite—these elements started moving to the cloud. That migration accelerated in 2020, as the COVID-19 pandemic struck, which quickly forced people out of the building, too.
Having people, data, and applications “everywhere” while security is confined to one spot has created a mismatch. Organizations have had to relay traffic between multiple checkpoints like firewalls, thereby interrupting traffic flow, increasing vulnerability to attack, and struggling to protect multiple network edges.
Defenders initially turned to VPNs but quickly found that they didn’t scale, and that the resulting bottlenecks hampered productivity and, ultimately, compromised security. Trying to shoehorn a security fix into a flat data center scheme simply doesn’t work. Instead, security teams are slowly adopting a new security-driven network architecture strategy that protects employee productivity in the cloud.
Enter Secure Access Service Edge (SASE).
SASE tightly integrates software-defined wide area networking (SD-WAN) capabilities with network security functions such as Secure Web Gateway (SWG), Cloud Access Security Broker (CASB), Firewall-as-a-Service (FWaaS), and Zero Trust Network Access (ZTNA). SASE also integrates with connectivity like 5G to create a framework that supports the dynamic secure access needs of modern organizations looking to secure modern work.
The emphasis is not on remote access, but rather on a device’s identity using real-time contextual information. SASE applies the security and compliance policies of an enterprise, as well as functions that allow organizations to continuously assess risk and trust during a session. Those identities aren’t always associated just with devices or people, but can be linked to applications, different groups of people, and even IoT systems or computing locations at the edge.
While the SASE concept has just started to create a buzz, none of the tools used in this emerging framework are new—in fact, they’re familiar to most security teams, which already use them liberally, albeit separately. They’re simply packaged together to dynamically create a policy-based secure access service edge that moves the security perimeter out from the confines of a box in the data center.
For companies continuing their digital transformation to become more nimble and differentiate themselves from competitors, SASE delivers a number of benefits. The convergence of networking and security will position modern organizations to:
SASE relies on a distributed group of cloud gateways called POPs, or local points of presence, that receive traffic from other locations running SD-WAN devices. Within these POPs, all security functions and policies—from web and email security, to firewall and access control—are implemented. By deploying security in a SASE framework, security is close to users and their data and applications, visibility and control is maintained regardless of location or device type, and security is invisible to end users, who continue to work normally.
Making good on the SASE premise that the cloud is smart enough, dynamic enough, and scalable enough to deliver secure access to resources, no matter where a user is located, requires some heavy lifting. A good starting point in the SASE journey is at the Secure Web Gateway, which provides a blanket of security no matter where a user is located, before adding features like CASB and DLP. That’s not a trivial change for a lot of companies because they’re moving from on-premises security, so they must put the time and resources aside and partner with the right vendor to ensure a smooth transition.
Gartner and others initially predicted that widespread adoption of SASE would take 10 years organically, but the changes in workforce and working habits compelled by the pandemic have accelerated adoption to a three- to five-year timeframe, but given the changes of the last year alone, many are looking to adopt it much quicker.
The COVID-19 pandemic has had immense impacts on organizations, primarily in the form of remote workforces that require anywhere, anytime access. This has resulted in rapid adoption of SaaS applications to cater to productivity needs but has in turn opened the door to threat actors that are taking advantage of the expanded attack surface. Security organizations are now looking to the SASE architecture as a response. According to the 2021 CyberEdge Cyberthreat Report, 74 percent of the 1,200 IT security decision makers surveyed are adopting technology that delivers on the promise of the SASE architecture.
While the pandemic initially cracked the door open to SASE, user demand for maximum flexibility and the need to support a hybrid work environment will drive most companies to embrace it going forward. Organizations that ignore these new realities and fail to build them into their decision-making process will likely pay a steep price by creating more friction around security for users and stifling productivity. Those that get on board with SASE in the next few years will be well positioned to secure and support a hybrid work environment and transform their organizations into nimble, dynamic, and competitive businesses.
Ready to take the first step in your SASE journey? Discover how security leaders are tapping into isolation-powered security solutions that deliver on the promise of SASE security.
Posted by Mark Guntrip on May 13, 2021
Tagged with CASB, SASE, SWG
To talk to a Menlo Security expert, please complete the form.