- Security must follow the data
- Security must be able to decode cloud traffic
- Security must be able to understand the context surrounding data access
- Security can’t slow down the network
In an earlier era of security, firewalls, on-premises web proxies, sandboxes, SIEMs, and endpoint security tools were the most important security inspection points. But as we all know, more and more data is beyond the enterprise firewall, which can’t understand cloud traffic anyway. If you couple that with the fact that more endpoints connecting to the web, corporate resources, and accessing data are BYOD, well, our important, but legacy control points three important control points aren’t exactly reliable for a comprehensive picture of what’s happening with our data.
If we usefully organize how SSE solves what security must do in this newer world of keeping data safe in the cloud, several principles guide our discussion.
Principle #1: Security must follow the data
We now have lots of traffic that a traditional web proxy or firewall can’t understand, and can’t really even see. We have users who are now everywhere, apps that are in multiple clouds, and data being accessed from anywhere. Given this, you have to have a security inspection point that follows data everywhere it goes. And if that inspection point non-negotiably needs to follow the data, that means the inspection point needs to be in the cloud so that its benefits can be delivered to users and delivered to the apps.
Principle #2: Security must be able to decode cloud traffic
Decoding cloud traffic means security must be able to see and interpret API JSON traffic, which web proxies and firewalls can’t do.
Principle #3: Security must be able to understand the context surrounding data access
We must go beyond merely controlling who has access to information and move toward continuous, real-time access and policy controls that adapt on an ongoing basis based on a number of factors, including the users themselves, the devices they’re operating, the apps they’re accessing, activity, app instance (company vs personal), data sensitivity, environmental signals like geo-location and time of day, and the threats that are present. All of this is part of understanding, in real-time, the context with which they’re attempting to access data.
Principle #4: Security can’t slow down the network
The user needs to get their data fast, and the network has to be reliable. If security is slowing down access or operability, productivity suffers, and teams dangerously begin trading off security controls for network speed and reliability. One might think that this is as simple as moving the security controls to the cloud. It’s not as simple as that. Ultimately the cloud ends up traversing a dirty place—called the internet— that can cause a whole slew of issues in routing and exposure. This is where private networks come into play so that we can ensure a smooth and efficient path from the end user to their destination, and back again.
Learn More: What is a CASB?