- Security must track data from various sources
- Security must be able to decode and analyze cloud traffic
- Security must provide adaptive data access
- Security can’t slow down the network
The early era of cybersecurity relied on firewalls, on-premises web proxies, sandboxing, SIEMs, and endpoint security, all of which aren’t equipped for a cloud-dominated space. These days more and more data is moving outside the network perimeter, beyond the reach of firewalls which aren’t equipped to read cloud traffic anyway. Couple this with the growing number of endpoints connecting to enterprise networks are BYOD. In totality, you have a recipe for extremely unreliable oversight of company data.
For example, safe usage of generative AI, such as the wildly popular ChatGPT app, requires an application connector to enable real-time user coaching, data protection of what is uploaded, and application activity controls.
If we usefully organize how the SSE platform solves what security must do in this newer world of keeping data safe in the cloud, several principles guide our discussion.
SSE Component #1: Security must track data from various sources
We now have lots of traffic that a traditional web proxy or firewall can’t understand, and can’t really even see. We have users who are now everywhere, apps that are in multiple clouds, and data being accessed from anywhere. Given this, you have to have a security inspection point that follows data everywhere it goes. And if that inspection point non-negotiably needs to follow the data, that means the inspection point needs to be in the cloud so that its benefits can be delivered to users and delivered to the apps.
SSE Component #2: Security must be able to decode and analyze cloud traffic
Decoding cloud traffic means security must be able to see and interpret API JSON traffic, which web proxies and firewalls can’t do.
SSE Component #3: Security must provide adaptive data access
We must go beyond merely controlling who has access to information and move toward continuous, real-time access and policy controls that adapt on an ongoing basis based on a number of factors, including the users themselves, the devices they’re operating, the apps they’re accessing, activity, app instance (company vs personal), data sensitivity, environmental signals like geo-location and time of day, and the threats that are present. All of this is part of understanding, in real-time, the context with which they’re attempting to access data.
SSE Component #4: Security can’t slow down the network
The user needs to get their data fast, and the network has to be reliable. If security is slowing down access or operability, productivity suffers, and teams dangerously begin trading off security controls for network speed and reliability. One might think that this is as simple as moving the security controls to the cloud. It’s not as simple as that. Ultimately the cloud ends up traversing a dirty place—called the internet— that can cause a whole slew of issues in routing and exposure. This is where private networks come into play so that we can ensure a smooth and efficient path from the end user to their destination, and back again.
Learn More: What is a CASB?