Why Enterprises Prize SASE
Reading Time: 3 minutes

It’s called SASE, or Secure Access Service Edge – but perhaps only for now. When the next analyst firm puts a label on it, the acronym will have competition, but the letters describing the newest concept in security could spell anything: it’s the solution behind them that matters. SASE was named first by Gartner to describe a new type of SaaS product that combines both security functions (such as the ability to deploy 2FA, firewalls, or traffic monitoring) with networking tools (micro-segmentation, access rules, VPNs) so that companies can streamline their consumption of these two crucial ideas.

Easier deployment of security across disparate cloud and local networks, and easier setup and management of said networks are just the icing on the cake. The revolutionary benefits of SASE go deeper, and entail tangible advantages that are inspiring enterprises in extraordinary numbers to adopt the solution – or at least to initiate a transformation in SASE’s general direction. In just a handful of years, SASE will have transformed the security landscape to be nearly unrecognizable.

You’re Why Your Firm is Considering SASE

Users like yourself might not intend to do damage or expose the network, but now that we connect to countless apps spanning the cloud, and with many more devices, we each present a unique risk. The skyrocketing prevalence of insider breaches, and not those occurring from the outside, are one primary reason why SASE is a future-focused tool. Since 2018, data breaches caused by insiders have risen by a whopping 47%, and 68% of firms cite this as their chief security concern. Consider also that it’s common for companies to conceal breaches caused by an insider and to not report them, so their consequences and frequency are worse than reported. 

SASE is inherently user-centric, meaning that the security and networking functions typically included in a SASE setup help IT teams to follow and restrict users through their network journey. This is better than giving them approval for unlimited access at the door, as we used to do. It might sound like a lot of work, but the tools provided by a SASE solution allow it to happen in a very scalable way.

Security That Gets Close Up to Users

We all know that network resources have varying sensitivities: The local server containing a proprietary algorithm is more sensitive and therefore should be restricted to more people than, say, a cloud-based Salesforce app. Perhaps only a few trusted developers and the CEO need access to the former, while several departments use the latter every day. Selective access to certain parts of the network used to require hardware and software together, plus lots of manual work from the IT team. SASE makes it easy from a single spot in the cloud.

The two features that underpin user-focused security, also known as Zero Trust security, are micro-segmentation and access management based on Identity Providers (IDP). IT can enforce user logins via a centralized IDP like Okta or Google, and then based on the user or their device, automatically apply relevant security to them. This might include a specific encryption protocol, a custom access profile for resources, 2FA, and much more. When a new part-time worker abroad is onboarded, IT can enter their administration panel, quickly assign the employee an IDP, and drag and drop it into a profile built to consider all the various data sensitivities relevant to remote contractors, limiting access accordingly.

SASE: Giving Small IT Squads Big Power

The benefits of SASE are highlighted when thinking about how much effort IT teams go through to close gaps in the network. Unification of two ideas close to the heart of any IT manager – networking and security – can bring the resources they are tasked with protecting under one roof and their job much easier. The cost savings are also mouth-watering for enterprise IT managers, who are able to trim their towering stacks, and get leaner and meaner than ever before. 

 

Read More
Can Companies Afford IoT Inclusivity?
Reading Time: 4 minutes

The Internet of Things grows more massive with each passing year, as devices gain internet connectivity and impart new convenience on our lives – and in many cases new novelty. No matter if the “thing” in question is a manufacturing robot or a Brita that automatically reorders filters upon expiration, if it can receive instruction from and send data to the greater internet, then there’s an IT guy somewhere worrying about how it may expose his or her network.

This goes double for IT personnel in companies that make good use of IoT for work purposes, but bad use of IoT security by neglecting to factor in the network’s exposure. Addressing this idea is now part of IT’s list of responsibilities, and when creating a plan for how to walk the line between trusting IoT and being wary of it, multiple factors come into play. Thankfully, this part of the job is getting easier.

IoT’s Slow Security Onboarding

IoT is useful for countless industries, and its benefits far outweigh security risks in any circumstance. In healthcare, for example, IoT data is used to more deeply understand what conditions patients are in, and how practitioners should respond. Internet-connected devices that record patient outputs such as heartbeat, blood pressure, blood sugar levels and other biological metrics feed their data to centralized IT systems, telling hospital admins where frontline staff are most urgently needed, and how.

But IoTs vital role in cases like these is also its weakness. IoT boosts mobility in many business environments, so much so that security is something that it has always grappled with as an afterthought. For businesses, the advantages of IoT have meant securing these devices is a second step, and the world is slow to wake up to the careful security deliberation that IoT requires. Ransomware, for instance, used to be hardly considered a credible threat to networks.

Ransomware attacks on IoT devices were long thought of as low-value for hackers and therefore not a pertinent worry for IT, given that these devices had little to no information on them (mostly in the cloud). There are also so many types of IoT devices that the economics of hacking them doesn’t work in the hacker’s favor – it’s too expensive and not worthwhile. Besides, even those hacked would likely never pay the ransom, because IoT devices aren’t known for having screens that relay information (like a ransom note).

Increasing IoT Popularity Opens Paths for Attack

However low-value IoT devices used to be, they’re now ubiquitous and hold a lot of importance for critical business functions. Security implications have changed as well, as hackers have changed their strategy, and no longer seek to crack the devices for their data but to interrupt these functions and create urgency and the risk of lasting damage. Take for example the IoT controller that adjusts how much of certain ingredients are added to drugs, an IoT-connected pacemaker, or a hacked power grid controller that determines electricity consumption for a small town. The ability to power these down or alter with their settings is dangerous enough to justify a ransom.

Traditionally weak entry points on IoT devices need to be shored up if we want IoT benefits to continue to outweigh its risks. However, most of the time patching is on the manufacturer, and low prevalence of hacks thus far has prevented manufacturers from acting with urgency, so companies using IoT devices are often unprotected from within and without. The internal awareness isn’t there yet, with many IoT connections unencrypted when connecting to the network, offering hackers a way inside when the device relays to or receives info from the internet. 

In the split second it takes for the device to grab data, hackers can slide in undetected and set up shop in an undefended company’s network. Hijacked or rogue IoT devices were present in over 46% of companies this year, according to a report on “shadow IoT” devices found on their corporate networks, demonstrating just how prevalent this dangerous exploit is. 

IoT Security Solutions Must Provide Visibility

Fortunately, most of the issues stemming from IoT come from how invisible they are on the network, and how unrestricted their permissions tend to be. IoT devices are easily discoverable by hackers, even using public resources like Shodan, so they must be at least this visible to internal IT teams as well. The key to allowing IoT freedom to participate in the network but also to respect its boundaries resides in some of the components of a single solution – Secure Access Service Edge – which was introduced just last year and seems nearly purpose built for IoT.

SASE is a cloud-based networking and security product, unified in its functionality and present on the edge of an organization’s network. A foundation of SASE is software-defined networking ideas, which are more inclusive to a variety of devices connecting to the network because there is no hardware setup required, and cloud nativity to easily match the infrastructure of any ecosystem. When an IoT device connects to the network, it will be easily visible in the cloud admin panel, but more importantly this identification also empowers IT to set identity-based access policies, which limit the extent to which specific parts of the network are exposed to these endpoints.

Enforcement is also about security and not just about how much attack surface is laid bare to IoT devices. Pushing all networking through a centralized, software-defined system also enables IT to demand all network connections happen through encrypted tunnels exclusively, so any IoT device (or company laptop, or mobile phone) that isn’t encrypted cannot connect to the network in the first place. It also helps IT layer even more security on top of IoT devices, even solutions like SSO, so that password management across thousands of devices will finally be feasible (and safe).

Why SASE Brings IoT Home

The combination of visibility, network access restriction, and security enforcement for IoT devices gives SASE a winning use case, and it’s already making headway. Internets, whether world wide webs or “of Things”, are deep and murky. Companies pushing for maximum interoperability can be free to brave the IoT waters confidently with SASE to help them stay on course, and avoid the icebergs lurking out there for us all.

Read More