2023 Forcepoint Future Insights
There’s probably a universe out there where everyone’s using just one Zero Trust security solution. But not on this Earth, not yet at least. The trouble is that security is trapped in a vicious hamster wheel. A breach is discovered, a fix is developed, the cycle repeats itself. We need to radically change how we manage access and controls to achieve better outcomes.
We have no choice. The sheer cost of managing solutions compounded by quiet quitters and mass resignations are driving resource-strapped teams to seek new architectures. The perimeter has morphed into a new edge, which is everywhere we use and create business data. That’s why security leaders will continue to look to what Gartner calls Secure Access Service Edge, or SASE, the convergence of cloud-delivered networking and security. We will see organizations continue to consolidate vendors and demand platforms with pre-built integrations.
Data is the foundation of ‘digital native’ enterprises
Against this backdrop, data will hold even greater value and competitive advantage. The drive for big data analytics, supply chain efficiencies, worker mobility, and adoption of cloud services will push digital transformation to loftier heights. Digital-native organizations will view data as a precious commodity, like gold ingots and oil preserves of yesteryear.
But if left unknown, unanalyzed, and floating around multiple clouds, data centers, and devices, data can be a source of business risk and liability. Savvy cybercriminals and nation-states know that remote workers are constantly shifting between devices, locations, and apps. The expanding attack surface makes it nearly impossible for CXOs to prevent sophisticated actors from using automation, scale, and customization in their tactics to break into your hybrid IT infrastructure and steal your digital gold.
SASE must be data-first
Experts agree that a SASE framework SASE converging security and networking capabilities can more than even the odds for defenders. The demand for simplicity is driving adoption, with 8 out of 10 organizations expected to deploy a consolidated SSE platform, the security half of SASE. SSE integrates web access through SWG, cloud access through CASB, and access to private apps via ZTNA, all managed as one. Though vital and substantial, convergence and a single-vendor approach still aren’t enough. What’s needed at the center of SASE is data security.
That’s because your data can leave in so many ways, especially through uploads and downloads to websites, cloud apps, and corporate (private) apps and personal devices (USB, printers, Bluetooth, etc.). The promise of SASE and SSE is that everything works together to simplify how you implement Zero Trust for all of your users and business data. Integrating SSE with inline data loss prevention (DLP) with advanced threat protection and other Zero Trust capabilities gives teams far greater control over how employees access and use that data. By following the credo of ‘trust nothing, verify everything,’ no intellectual property or regulated data can be shared or downloaded against policy and all content is sanitized from threats automatically, even on unmanaged devices or BYOD.
One policy can rule them all
This perimeter-less, Zero Trust universe will only exist if security policy can follow users and their devices. You can’t just turn everyone loose because it’s too risky. Neither can you clamp the irons on personal devices as doing so would effectively grind productivity to zero. Or worse, pushing folks to seek risky workarounds. On the other hand, maintaining various policies for thousands of users and their devices, while accounting for the type of application or website being accessed, the location, network access, and BYOD requirements, is a nightmare.
The biggest challenge in data security is the effort and time required to set up and dial in the policy—and to maintain that policy across multiple environments and devices."
Adopting data-first SASE, even if it’s done gradually, allows you to streamline processes and reduce spending on several individual point products. You can distribute enforcement by putting controls closer to the user using a combination of on-device agents for managed devices and agentless, reverse proxies for unmanaged devices. The system is smart enough to make decisions wherever the user is located without having to route security traffic to a centralized data center, which increases wait time for the employee and infrastructure costs for IT security. You can authorize access and define enforcement policies just once. This level of control over data usage extends to BYOD for employees and also contractors and partners. By putting management in the cloud, the same set of security policies can continuously protect your people and stakeholders whether they work at home, in a branch office, or at a customer or partner site.
In the end, it’s about greater efficacy, ease of use, reduced cost and accelerated competitive advantages. If you focus too much on authentication and detection, you may be successful at knowing who a person is on the network and what they’re allowed to access. But you might not know what they’re accessing and why. Shifting to data-first SASE embraces a strategy of 100 percent prevention to secure data wherever it’s used. It’s the fastest way to simplify security and make the single-vendor Zero Trust solution a reality.