Gartner recently published the 2021 Strategic Roadmap for SASE Convergence, outlining key challenges that are driving shifts to Secure Access Services Edge (SASE) architecture. Not surprisingly, chief among these challenges are consistency, simplicity, transparency, and efficacy—all of which a properly implemented SASE architecture is positioned to solve.
But knowing what the challenges are, how do we then get to SASE? Has your journey already started? What are the right moves?
Businesses are now planning their future, following one of the most disruptive macroeconomic and global health crises in recent history. These future plans rely on IT leaders to help address four transformations that are underway—with applications, data, networks, and security—to deliver strong economic outcomes, better access, and lower risk.
As with most decisions or journeys, the big decisions are foundational ones: they determine the outcomes. As organizations shift to the cloud, think of the challenge like moving from a one-lane country road—limited to a single-function checkpoint—to a full, high-speed, multi-lane highway in which all lanes are accelerating with no controls in place. That’s what’s happening with app and data access in the cloud, too; users are accessing web, cloud, and private resources, from anywhere they can attempt access and from whichever device is handy, without expected performance or appropriate protection. These factors are why organizations must consider how to put better controls and a performant user experience in place, and apply the principles of the SASE architecture to their plans.
So how is SASE achieved? As Gartner outlines in the roadmap document, at least two things are clear, especially in the near term:
- Zero Trust, when applied to SASE architecture, starts with visibility—of all users, their identities, and all their traffic, including, web, SaaS applications, Shadow IT, public cloud services, custom applications in the public cloud, and data centers.
- Business context, applied to this traffic, relies on knowledge or awareness of the user, device, app, app instance, app risk rating, category, content, and actions to enforce conditional and contextual access rules and policies.
At Netskope, we view data context as a critical first step in selecting the right technology for a true SASE architecture. Data context is required to complete all four SASE transformation stages across network, security, apps, and data. The short game is networking transformation and moving siloed legacy on-premises defenses to the cloud. The long game is a fully consolidated single-pass SASE architecture enabled with data context for conditional and contextual zero-trust policy controls to protect users, apps, and data. When operational, that architecture converges the needs of networking teams and security teams into one solution, which we’re already seeing occur in the industry with the shift to direct-to-net or pivoting to address remote workers at scale.
For network teams, this means ensuring access and performance for users with context of user, device, location, and application. Netskope Private Access delivers ZTNA (Zero Trust Network Access), which is called out by Gartner as a starting point to give access to users to private applications, reducing network-level access by replacing legacy VPNs. Netskope complements ZTNA with direct-to-cloud access to the web and thousands of SaaS apps, shadow IT, and public cloud services via Next Gen Secure Web Gateway (NG SWG)—all done with a simple single client or direct tunnel, and a single admin console.
Netskope can extend identity services for SSO and MFA to non-federated apps, plus invoke step-up authentication based on data context. In addition, Netskope delivers cloud application risk ratings for tens of thousands of applications, allowing network teams to enable access based on the business context of which users, activity, devices, and locations should be allowed access to which resources based on data sensitivity.
For security teams, this means enforcing consistent conditional, contextual, and granular policies to detect and control sensitive data movement across all users (managed, remote, BYOD, third-party users) and all resources (web, SaaS apps including app instances, shadow IT, public cloud services, and custom apps in public cloud). Once again, the key is context: data context of the app, app instance/risk rating/category, data sensitivity, and activity. Data context allows zero trust principles to be applied from application access (allowing access based on app and user risk), to application activity (allowing activities based on app and data context) to reduce risk overall.
In Netskope’s platform, advanced data security services are further applied to detect sensitive data in real-time and enforce required policy actions. Such