Why does Solutel recommend implementing the SASE model in cloud security?Maria Cruz Alcocer
Why does Solutel recommend implementing the SASE model in cloud security?
We all know that the pandemic has forced millions of people to work from home. Thanks to home broadband Internet access, corporate VPNs, and collaboration tools, we have been able to continue many of our businesses. Users have been able to carry out their work effectively from home. This situation has not been easy for many of the IT departments. IT has had to deploy and support users to enable remote work and the level of difficulty has depended on the network architecture and services model that the organizations had defined at that time. At this point is where the concept SASE in cloud security benefits businesses.
First we define “Secure Access Service Edge” ( SASE ). It is a concept described by Gartner in a 2019 report that promises to be the pillars of cybersecurity. It is basically a combination of security services that are delivered through the cloud.
SASE consists of bringing the security perimeter built around our company to the cloud. What do we get out of this? Bring security to everything and everyone. Give security to all users, give security to all applications and that it can be managed from anywhere.
With this approach, it enables companies to enforce secure access policies no matter where their users, applications, or devices are located.
The architecture SASE It is a native platform in the cloud, which provides the company with security processing that was previously done in corporate facilities. With this architecture, each location runs an SD-WAN device that carries traffic to the cloud. SASE . This traffic is then sent to a local point of presence (POP), where it is analyzed and processed until it is so secure that it can now be forwarded to its final destination. The architecture SASE In this way, it blocks possible attacks with malicious software and lateral attacks, making life more complicated for cybercriminals who seek to insert malicious code into corporate networks.
The benefits of this model are many, the main one being end-to-end security. From the server to the end user, the entire infrastructure is protected against threats that become increasingly plural and diversified. This also facilitates the identification and correction of eventual specific gaps in the infrastructure, something that cannot be done in a service without this degree of flexibility.
CISCO SASE Products
The secure gateway to the Internet (SIG) by Umbrella where all security services are integrated into a single cloud native software stack. These services include:
1) Cisco SD-WAN for routing and other networking functions used by Umbrella. As previously indicated, the POPs in this case are the nodes at the edge of the network where the SASE services are processed. Cisco has scaled the POPs configured for Umbrella to more effectively manage traffic to the GIS and to firewalls.
2) Domain Name System (DNS) security: Umbrella’s DNS security element provides companies with all the necessary visibility into cloud applications and how their employees use them.
3) A full proxy secure web gateway (SWG): Scans and neutralizes malware on all files that are uploaded and downloaded to and from the cloud.
4) A firewall running in the cloud: It allows visibility of the traffic passing both the corporate network and the Internet through all ports and protocols at Layer 3 and Layer 4.
5) DUO and Zero Trust access: Zero Trust is a security approach that considers all traffic and all traffic sources as suspicious items by default. Cisco Umbrella is integrated with Duo Security’s Zero Trust technology.
How does the CISCO SASE security model help businesses?
- By reducing costs and complexity, using a single platform reduces IT costs and resources and minimizes the number of security products.
- Providing centralized orchestration and optimization of applications in real time. Increasing the effectiveness of network and security personnel.
- Helping to ensure perfect access for users.
- Enabling more secure mobile and remote access.
- Restricting access based on the identity of the user, device and application.
- Improving security by applying a consistent policy.
Other advantages offered by the model SASE :
- Flexibility – You can offer security services such as threat prevention, web filtering, DNS security, credential theft prevention, data loss prevention, next-generation firewall policies, and more.
- Higher performance – easily connect to wherever your resources are.
- Zero Trust: complete session protection, regardless of whether a user is inside or outside the corporate network.
- Threat Prevention – Full content inspection built in.
- Data protection: prevent unauthorized access and abuse of confidential data.
In summary, SASE helps simplify network cybersecurity management by offering highly customizable policy-based control. It can be tailored to user identity, session context, and application needs for performance and security, and is delivered from the cloud.
Finally, comment that moving to a SASE model will be a gradual process as IT reconsiders how to connect a remote workforce to the distributed information resources they need. There is also likely to be a growing demand for “as a service” procurement models that offer more flexibility. This implies a tactical change and rethinking how to implement IT in a different way that allows a user to have correct security wherever they are.