Gartner recently published the 2021 Strategic Roadmap for SASE Convergence, outlining key challenges that are driving shifts to Secure Access Services Edge (SASE) architecture. Not surprisingly, chief among these challenges are consistency, simplicity, transparency, and efficacy—all of which a properly implemented SASE architecture is positioned to solve.
But knowing what the challenges are, how do we then get to SASE? Has your journey already started? What are the right moves?
Businesses are now planning their future, following one of the most disruptive macroeconomic and global health crises in recent history. These future plans rely on IT leaders to help address four transformations that are underway—with applications, data, networks, and security—to deliver strong economic outcomes, better access, and lower risk.
As with most decisions or journeys, the big decisions are foundational ones: they determine the outcomes. As organizations shift to the cloud, think of the challenge like moving from a one-lane country road—limited to a single-function checkpoint—to a full, high-speed, multi-lane highway in which all lanes are accelerating with no controls in place. That’s what’s happening with app and data access in the cloud, too; users are accessing web, cloud, and private resources, from anywhere they can attempt access and from whichever device is handy, without expected performance or appropriate protection. These factors are why organizations must consider how to put better controls and a performant user experience in place, and apply the principles of the SASE architecture to their plans.
So how is SASE achieved? As Gartner outlines in the roadmap document, at least two things are clear, especially in the near term:
- Zero Trust, when applied to SASE architecture, starts with visibility—of all users, their identities, and all their traffic, including, web, SaaS applications, Shadow IT, public cloud services, custom applications in the public cloud, and data centers.
- Business context, applied to this traffic, relies on knowledge or awareness of the user, device, app, app instance, app risk rating, category, content, and actions to enforce conditional and contextual access rules and policies.
At Netskope, we view data context as a critical first step in selecting the right technology for a true SASE architecture. Data context is required to complete all four SASE transformation stages across network, security, apps, and data. The short game is networking transformation and moving siloed legacy on-premises defenses to the cloud. The long game is a fully consolidated single-pass SASE architecture enabled with data context for conditional and contextual zero-trust policy controls to protect users, apps, and data. When operational, that architecture converges the needs of networking teams and security teams into one solution, which we’re already seeing occur in the industry with the shift to direct-to-net or pivoting to address remote workers at scale.
For network teams, this means ensuring access and performance for users with context of user, device, location, and application. Netskope Private Access delivers ZTNA (Zero Trust Network Access), which is called out by Gartner as a starting point to give access to users to private applications, reducing network-level access by replacing legacy VPNs. Netskope complements ZTNA with direct-to-cloud access to the web and thousands of SaaS apps, shadow IT, and public cloud services via Next Gen Secure Web Gateway (NG SWG)—all done with a simple single client or direct tunnel, and a single admin console.
Netskope can extend identity services for SSO and MFA to non-federated apps, plus invoke step-up authentication based on data context. In addition, Netskope delivers cloud application risk ratings for tens of thousands of applications, allowing network teams to enable access based on the business context of which users, activity, devices, and locations should be allowed access to which resources based on data sensitivity.
For security teams, this means enforcing consistent conditional, contextual, and granular policies to detect and control sensitive data movement across all users (managed, remote, BYOD, third-party users) and all resources (web, SaaS apps including app instances, shadow IT, public cloud services, and custom apps in public cloud). Once again, the key is context: data context of the app, app instance/risk rating/category, data sensitivity, and activity. Data context allows zero trust principles to be applied from application access (allowing access based on app and user risk), to application activity (allowing activities based on app and data context) to reduce risk overall.
In Netskope’s platform, advanced data security services are further applied to detect sensitive data in real-time and enforce required policy actions. Such as detecting desktop screen captures or whiteboard images, IDs, tax forms, source code, or resumes, plus advanced DLP capabilities to trigger policies to coach users that sensitive data may be exposed, allow them to proceed or cancel their activity, or justify their activity so business processes continue. (All delivered with a set of advanced AI/ML innovations recently patented by the U.S. Patent & Trademark Office.) This approach, which we call Zero Trust Data Protection, protects data across all web and cloud traffic lanes, starting with the moment of application, web, or private access. Zero Trust Data Protection is essential to continuous risk management within a SASE architecture. Applying Zero Trust only to access does not go far enough. You need to protect data with conditional and contextual policy controls —as data is an organization’s most important asset. Netskope’s approach, built on its NewEdge security private cloud, also means careful consideration is made to balance the right security capabilities with a superior user experience to ensure apps perform as they should & user productivity is in no way impacted.
There are other important roadmap steps that Gartner highlights, from consistent policy enforcement to SaaS Security Posture Management, all of which are addressed by the Netskope platform. I encourage you to read the full note and remember: as networking and security converge, as described by Gartner, the blueprint for SASE must be focused on business outcomes to ensure a successful journey. This isn’t just a technology story or even a networking-security convergence story. An essential ingredient in selecting a SASE platform for the long journey is business context—of users, devices, location, apps, risk, data, etc. to enable the right users to reach the right data and drive their businesses forward. When you reach that, you’re delivering on the promise of SASE.