Blog Secure Access Service Edge The Right Steps to SASE: Place Core Inspection Points Between Users and Apps
Jun 03 2021

The Right Steps to SASE: Place Core Inspection Points Between Users and Apps

The following is an excerpt from Netskope’s recent book Designing a SASE Architecture for Dummies. This is the third in a series of seven posts detailing a set of incremental steps for implementing a well-functioning SASE architecture.

With a Next Generation Secure Web Gateway (NG-SWG) firmly in place and your visibility into all your traffic dramatically increased, one thing is certain: You may not like what you see next.

Are your people using Microsoft Office 365? Salesforce? Workday? Box? The answer is almost certainly, yes. But how big and how mature is that cloud environment beyond your security perimeter and outside of what you can easily see? Just how much of your organization’s data is running around out there, unchecked?

For the first time, your organization will be aware of just how at-risk it has been. You’ll see the flow of data, some of which may be particularly sensitive, among unsecured sites, services, and apps.

Now you have a truthful, and likely worrying, picture of where your organization stands with respect to its dependence on the cloud environment. So many apps and services, so few effective security controls. Until now.

As we explain throughout Designing a SASE Architecture for Dummies, NG-SWG establishes a single-pass, funnel-like, core inspection point for all your traffic in the cloud and in the data center. That core inspection point is better than your old perimeter — way, way better.

Remember, whether it’s the result of Shadow IT that’s been knowingly ignored or a more deliberate process of business digitalization, your old and outmoded security systems have been blind to the details. By replacing old SWG and similar appliances, you’ll finally have complete visibility into who’s using non-enterprise-grade applications/services, and what enterprise data is being sent “out there” beyond your control. NG-SWG and its new inspection points in the cloud let you see what’s going on inside all that traffic, as shown in the table below, managed software as a service (SaaS), Shadow IT apps, public cloud services, and custom apps in the public cloud.

Out with the OldIn with NG-SWGNetskope NG-SWG Integrates with . . .
Legacy SWG — only yes/no to web traffic.Deep inspection of all traffic: web, managed SaaS, shadow IT apps, public cloud services, and custom apps in the public cloud.Single sign-on solution (SSO)
Secure Sockets Layer (SSL) appliance.SSL/Transport Layer Security (TLS) decryption is performed in the cloud at cloud-scale with no appliances required.
Legacy cloud access security broker (CASB) monitors only managed apps that provided application programming interfaces (APIs).Monitors managed apps plus the unmanaged apps that don’t offer APIs; also sees what data is being used with apps, services, and websites.

If you’d like to read the complete Designing a SASE Architecture for Dummies book, you can download a complimentary copy here!

author image
About the author
Chad Berndtson is global head of content and communications at Netskope. He joined the team in 2020 following several years building successful content, communications, and social media teams at Palo Alto Networks, Tanium, and Fortinet. Earlier in his career, Chad was a technology journalist focused on networking, security, and other IT topics at the dawn of the cloud era.
Chad Berndtson is global head of content and communications at Netskope. He joined the team in 2020 following several years building successful content, communications, and social media teams at Palo Alto Networks, Tanium, and Fortinet. Earlier in his career, Chad was a technology journalist focused on networking, security, and other…