In the first part of this blog series, I took a look at how an understanding of digital strategy and digital risk is key to starting a security transformation journey. In this post, I am digging further into how a secure access service edge (SASE) architecture with security service edge (SSE) capabilities and zero trust principles can help mitigate the types of digital risk I outlined in part one.
SASE: a core component of security transformation
A core element of security transformation is the secure access service edge (SASE) architectural framework, coined by Gartner in 2019 to refer to a cloud-based architecture that delivers network and security services meant to protect users, applications, and data.
SASE, as an architecture, creates a highly resilient, highly performant security cloud that allows organizations and security teams to re-architect how data and information assets have traditionally been protected with every user and every device accessing services and data via a SASE framework. This cloud-based architecture sees the traditional controls that we are familiar with, move the controls closer to the data—the critical asset.
The technology and platform that implements the security components of SASE is referred to as security service edge (SSE). The core components of SSE include threat protection, cloud and SaaS security posture management (CSPM & SSPM), data leakage protection (DLP), remote browser isolation (RBI), Next Gen Secure Web Gateway (NG-SWG), cloud firewall (CFW), and zero trust network access (ZTNA). The networking side of SASE is called WAN Edge, and is primarily powered by software defined WAN, or SD-WAN.
SSE and SASE allow security teams to holistically support the digital objectives of their organization and play a key role in managing those three top level digital risks I discussed in my previous post. Here’s how:
Digital Operational Risk
The very nature of the highly resilient, highly performant security cloud upon which a SASE framework is built, clearly addresses the risk of disruption of digital services stemming from technology failure or human errors. Furthermore, the inclusion of threat protection works to prevent disruption via cyber threats.
Cyber Risk
The core SSE controls and capabilities enable security teams to adapt traditional approaches to managing cyber risk to support cloud adoption and the organization’s digital transformation. Traditional controls are still relevant but they need to be cloud-native,, which means these controls have moved closer to the data and users.
Digital Value Creation Risk
It is also worth taking a moment to consider how value is created from data through digital services. Value is created in a number ways, for example:
- Streamlining and automating existing processes and taking cost out of the business
- Faster onboarding and faster delivery of services, providing superior customer experience
- Enabling users to access digital services and data sources required to collaborate and share data with third parties, exchange information with customers, conduct research, enrich data from external sources, all of which are required to gain greater business insights, allows a deeper understanding of the cu