As attack surfaces evolve and change thanks to a new way of working, new security frameworks like SASE are rising to the challenge.
With the development of the past few years, as remote working is now part and parcel of many businesses, tracking everything you need to protect is a greater challenge than ever. With the average worker using multiple devices to log into the same accounts, there’s a greater impetus to track what’s on the network.
That means the attack surface for the average company is now more expansive than ever and requires the approach to education, technology and policies to be updated and expanded. Not to mention other concerns as highlighted by Fergal Meehan, head of Government relations at Paradyn.
“The tools and technology are out there, but it’s knowing how to position it, remediate concerns and figure it out in a cost-effective manner,” he said.
It’s why security frameworks like SASE (Secure Access Service Edge), which was originally coined by Gartner in 2019, are coming to the fore. In layman’s terms, SASE brings all security and connectivity tools and technology together into one single cloud-delivered solution.
Tools like DNS security, machine learning, data analytics and cloud-driven firewalls are all built into the same system, allowing you to connect users and deliver technology solutions that keep them secure.
Meehan sums up the benefits as allowing flexibility, reducing costs and enabling new digital business scenarios. In short, IT managers can adapt and tailor it around the everyday demands that a business and its departments have.
“We’re in an era where every business unit in an organisation survives on IT,” he added. “SASE works off the zero trust model and brings elements like full-content inspection, allowing you to integrate with your SASE solution.”
The critical component throughout all of this is visibility. As Meehan mentions, you can have all the technology solutions in the world, but if you don’t know what you’re protecting or see what’s covered, they’re not going to be effective.
Zero trust is where this process starts and creating an itinerary of devices connected to the network, your IT architecture, and similar assets is the first step to knowing what to protect.
With SASE, you can see everything with full identity awareness. Regardless of where a person is logging in, you have the relevant information needed for your business to stay safe, including what applications they’re using.
That visibility also brings an unintended benefit that is important to good security posture: reporting. Whether it’s daily, weekly, bi-weekly, monthly or in-between, having reports gives your company an extra level of awareness that can only benefit them in the long run.
This heightened awareness is beneficial, but it’s only good if you have the necessary measures to mitigate an attack, something companies can tend to forget about until a zero-day exploit happens.
“The technology is there to monitor so you’re aware of your inventory and where it’s at with updates, but it’s getting that reporting back down to the desk of the person responsible,” he said.
“Once you normalise that, it brings another checkpoint where you can decide to move from quarterly patch management to bi-weekly because these updates made you aware of what’s required.”
While protection is important, giving the business the necessary breathing space to operate in is also required.
For most IT managers, the challenge is finding the middle ground between protection and accessibility, and the good news is that more tasks like patch management are automated, taking away much of the regular heavy lifting.
Having all these security measures is pointless unless you have a suitable mitigation strategy, with back-ups being a key element of this strategy. Paradyn itself practice this through its service Vault365, which leverages the cloud to back up an organisation’s Office 365 infrastructure. As long as you’re aware that you need to protect the data in the cloud, you will have peace of mind.
Taking such measures isn’t just for convenience; it also meets compliance and data protection requirements. Showing your work goes a long way to reassuring auditors, stakeholders and customers that you’re handling data responsibly.
“At the end of the day, it’s to get to a point where all you need is an executive report saying these tasks are successfully completed, that you’re now in this state, and you can tick these boxes around compliance and data protection,” Meehan said.