Hybrid Work Means SASE: Rethinking Traditional Network and Security Architecture
Having a VPN Isn't Enough AnymoreThe events of the past year have redefined the world of work, with millions working and collaborating remotely instead of being tethered to a physical office.
Remote work isn't a new thing for everyone and eventually a large number of the people working from home will be able to return to offices, but not all will return. When things open up, it's likely that some organizations will not require people to go into the office the same way they used to. This situation will create a Hybrid Work model.
Hybrid Work is about having the choice and the ability to work from an office location or from anywhere else, and it's likely that a good number of companies will embrace that approach.
The Hybrid Work model doesn't just change the physical location of where employees work. It also has an impact on how organizations enable security across a distributed, borderless network architecture. With users both in and out of the office, using applications that are located in an enterprise data center as well as SaaS (Software-as-a-Service) applications in the cloud, the traditional network architecture is no longer sufficient.
Traditional Network Security Falls Short for Hybrid Work
In a traditional network security architecture, users in an enterprise sit behind a firewall and an IDP/IPS (Intrusion Detection/Intrusion Protection System) with perhaps some form of local access control. Remote workers connect into the enterprise with a VPN, which tunnels all the traffic so the user benefits from the protection of the enterprise network security deployment.
But what happens when users aren't on the VPN? How is traffic secured for SaaS? What about visibility for users who are not on the enterprise network?
Without visibility, there is a gap for both users and the organizations they work for, and that's a risk. Attackers are aggressively going after unsecured endpoints as they follow the path of least resistance.
Simply put, without visibility across the Hybrid Work landscape, how do you know if you haven't already been compromised?
It's a SASE Hybrid Work World
An emerging model for security in the Hybrid Work world is a concept known as the Secure Access Service Edge, more commonly referred to by its catchy acronym - SASE (pronounced "sassy").
SASE is all about networking and security coming together. The term SASE was coined by analyst firm Gartner in 2019 to describe a movement that was already starting to occur. Firewalls were adding secure web gateway features, including URL filtering, AV inspection and more. Cloud Access Security Broker (CASB) functionality was increasingly being converged into Secure Web Gateway technology. And it was all ultimately being delivered as a cloud service.
SASE goes beyond just bringing security tools together. It provides a convergence of both security and networking capabilities to enable people to work from anywhere with the performance that they need and the security that the modern threat landscape demands.
The Path to SASE
SASE is not a single product but a spectrum of capabilities that can be used by organizations to help improve networking and security for users, no matter where they are.
A SASE approach can include SD-WAN for networking connectivity, cloud-based security tools, "zero trust" access control technology and even VPN capabilities where needed.
Most people already spend the majority of their time online in a web browser that provides access to any number of different types of business and personal applications. These applications may reside in a public cloud, a private cloud or enterprise data centers. Some organizations may look to move away from traditional VPN technology in favor of a zero trust framework to provide secure access to internal apps. VPN capabilities will evolve, but they will continue to enable secure access to enterprise networks, apps and data for years to come and should be considered a component of SASE and the hybrid world of work.
While some technologies might be branded as being SASE, the path to SASE will be a journey for vendors and customers alike. Adopting SASE is truly about finding ways to simplify your networking and security stack by converging technologies and adopting more cloud-managed and cloud-delivered capabilities.
If your organization is already using the cloud to manage different networking or security capabilities, you're already somewhere on the path to SASE. Look at what you have, consider your users and applications and then begin to consolidate vendors and move more and more to the cloud.
The network and security architectures that are traditional today were once new and were deployed over time. The same will be true of the new world of Hybrid Work as SASE takes its place to enable an era of improved network performance and security.