If you joined us for Netskope’s SASE Week, you’ll know that we covered quite a bit of ground with our talks and programming. For a relatively new concept, there’s still so much potential to explore and discuss that we could probably talk about it for much longer than just a week.
Netskope customers, large and small, are seeing the cost and business benefits of moving to a cloud-native control point, with the security posture and risk management tools they need.
With that in mind, it’s still understandable to have questions and want clarity about SASE (secure access secure edge) as a concept.
Below are some key themes from the many Netskope conversations happening in the market and what they mean to your business:
Which legacy technologies are being made obsolete by SASE?
Appliance-based solutions for SASE architecture capabilities are being made obsolete in favor of a cloud-hosted security service edge and software-defined network fabric. A few prime examples of the technologies being made obsolete are secure web gateway (SWG) appliances, sandboxing appliances, virtual private networking (VPN) appliances, and branch office firewall appliances.
How is SASE different from existing cloud-based web gateways?
The most important difference is web traffic is only one of five types of user traffic that a secure access service edge (SASE) architecture analyzes. Beyond web traffic, SASE also covers managed SaaS, unmanaged SaaS, public cloud services, and custom apps in the public cloud with data and threat protection defenses alongside granular policy controls. Data context becomes key in these granular policies controls for conditional and contextual access control, real-time coaching to users, and detecting anomalies. Web gateways focus primarily on access and threat detection and are weak on the data context required for a successful SASE architecture.
What security solutions within SASE architecture are going through the most change?
SASE architecture is driving a cloud native single pass security edge that consolidates defenses while optimizing user experience. Secure web gateways (SWG) will experience significant changes from a web-only inspection point focused on access and web threat protection defenses, to expand to include apps, cloud services, data protection, and advanced DLP. Single-pass SASE architecture requires user, app, and data context for both data and threat protection, and this naturally consolidates inline cloud and web proxy technologies. Legacy SWG appliances will not only migrate to cloud services, but they will also need to provide cloud data context. Traditional DLP will also migrate from its enterprise roots into cloud data protection as more data, apps, and users leverage apps and cloud services. A relevant example is when organizations analyze the data risks of managed apps and unmanaged apps (Shadow IT), they conclude inline cloud defenses are required and end up participating in the SWG replacement or upgrade project with networking and securi