Endpoint security management has been a significant challenge for years, and the recent shift to remote work by many organizations in response to the coronavirus pandemic has only made the situation more complex. Today, IT and security professionals have even more to manage as users access sensitive data and conduct critical business activities from home.

The timing is good, then, for the emergence of secure access service edge: a new category of solutions designed to protect users — and their data — wherever each is located. Several security vendors have introduced solutions built around SASE (pronounced “sassy”), an architectural framework that places the edge wherever an organization’s devices and cloud services meet.

Learn about how CDW can help you bolster your endpoint security.

SASE reflects the way users work today, and it facilitates the visibility and control that are imperative if we want to both enable and protect users.

Mobility in the Cloud Calls for Security That Can Keep Up

In the past, organizations had much more control over their data. Remote locations established secure connections back to main offices and data centers, and perimeter defense kept a tight circle of safety.

Today, users are outside the network perimeter, and data is everywhere. Rather than accessing data and applications inside an organization’s IT infrastructure, users go outward to the cloud. This puts valuable assets, such as intellectual property, on the internet, where it is potentially unprotected.

As organizations rapidly change the way those applications are developed and deployed, they can take advantage of cloud-native architecture, which can exist on-premises or in a public or private cloud. A cloud-native architecture protects those assets and eases collaboration between IT operations and DevOps teams.
Through Software, Platform and Infrastructure as a Service solutions, users move all manner of applications and workloads to the cloud. Often, the decision to do so is made without the involvement of IT or security staff, which reduces the likelihood that best practices are followed. Moreover, because users work on multiple devices all over the world, they are beyond the reach of internal defenses, such as anti-virus scanning and endpoint protection. That means organizations must also shift their focus outward.

SASE makes that easier by packaging several core technologies, including network security functions and software-defined WANs, to deliver security that is as dynamic as users themselves. A Gartner analyst describes the functionality as “the ability to identify sensitive data or malware and the ability to decrypt content at line speed, with continuous monitoring of sessions for risk and trust levels.”

Outside-the-Perimeter Protection Focuses on Data and Users

For SASE to be effective, organizations must have a solid handle on their data: what’s important, where it lives and who has access. Then, IT teams can implement least-privilege principles to ensure that users have access only to the data they need — and, through SASE, to modulate that access in response to granular, contextual insight into users’ behavior. Analytics that reveal what users are doing on the network, in the cloud and with SaaS providers elevates both insight and control for organizations.

Moreover, contextual information allows IT teams to respond to anomalies in real time and adjust users’ access accordingly. Is a user in the office or at a coffee shop, for instance? Is it the middle of the night? Is the user connecting at an unusual time? These behaviors, combined with strong data governance structures and principles, enable organizations to keep data safe, even with a highly mobile, highly cloud-dependent workforce.

When information is everywhere, security must be everywhere too.