With people moving beyond the bounds of traditional offices to work just about anywhere, the way in which you defend them and your data is also changing. Security that used to be delivered via a patchwork of point products is following apps, data, and people into the cloud in a new approach that Gartner calls Secure Access Service Edge (SASE). Part I of this series looked at what SASE is and how it will redefine network and cloud security; Part II suggested ways you can begin moving towards a SASE future by using the cloud to secure the cloud. In today’s entry, let’s dig into some of the initial ways that SASE is being applied in the real world.
SASE is all about convergence in the cloud
With organizations more distributed than ever before, putting stacks of hardware at every location or using disparate products for remote workers creates holes for attackers, costs too much, and puts a strain on scarce IT resources. SASE solutions, such as Forcepoint Dynamic Edge Protection (DEP), provide an all-in-one way for you to deliver advanced web, network, and application security as a service from the cloud.
Here's a visual to illustrate the concept:
Unifying web, network, app security makes many problems easier to solve
DEP implements the SASE model, weaving together advanced security capabilities such as firewalling, intrusion prevention, web content inspection, malware scanning, URL filtering, application access, and more into a single, unified cloud service. This converged approach eliminates gaps and redundancies to stop attackers from breaking into your enterprise from the internet, web content or cloud apps—consistently, no matter where your people work.
Some of the first ways that enterprises and government agencies have told us they plan to use SASE and DEP include:
- Branch Security-as-a-Service – Opening new stores, remote sites or branch offices can now be done without having to send security hardware or technicians out to each location. With DEP, you can provide consistent firewall, intrusion prevention, web security and cloud app access control everywhere, managed form a single console in the cloud.
- Security for SD-WAN – Like many organizations, you’re probably already looking at software-defined wide-area networking (SD-WAN) technologies to replace old, slow MPLS networks. DEP provides the network and web security that is missing from most direct-to-internet SD-WAN solutions. These defenses are critical to keeping ransomware and internet intruders from sneaking into remote locations that could then be used a jumping-off point for spreading throughout the rest of your enterprise.
- Security for Guest Wi-Fi – Providing internet access via Wi-Fi to your visitors, partners, and customers has become standard practice. But it’s not enough to just isolate it from your internal network. DEP makes it easy to apply stringent security controls without any special hardware so that you can enforce your Acceptable Use Policies and inspect files for malware coming in to any internet application, not just web browsers.
- Offload SSL/TLS Inspection – A majority of internet traffic is now encrypted, up dramatically from just a few years ago. However, decryption is time-consuming and your existing firewalls may not have been sized with that high of a load in mind. With DEP, you can decrypt and inspect the rapidly growing volume of encrypted traffic without overloading your existing infrastructure. This not only extends the life of your existing firewalls—it also gives you granular control so that you can protect your business without exposing your enterprise to your users’ personal information.
And that’s just the start. In Part IV later this month, we’ll talk about some of the ways in which DEP, Forcepoint’s platform for SASE solutions, will be changing how cloud-based security is done.
- Whitepaper – Gartner’s original one on Security Access Service Edge (SASE)
- Webcast – Rethinking Edge Protection, gives a quick overview of how SASE came about
- Blog – Part I and Part II of our series on SASE. Since we’ll be talking about this topic more in the future, you can check out all our related posts from the SASE blog page.
- Dynamic Edge Protection – learn more about Forcepoint’s converged security platform