Just as the meteorite impact on the earth millions of years ago ensured that the earth’s surface was no longer the same and led to the extinction of the dinosaurs, fundamental changes can currently be observed in the IT world.
These IT processes also have to do with adjustments to changing environmental conditions, just as they were forced on the animal and plant world at the time. Even if these modernizations in IT had already been initiated by moving applications to the cloud, the pandemic can be equated with the impetus from outside. In an unprecedented way, companies were forced to adapt their IT landscapes to the new conditions around the world at unprecedented transformation speeds. But which of the traditional infrastructures will sooner or later be left behind in this process?
As evidence of the upheaval, Gartner is helping to set the course for the reorganization of the IT infrastructure with its new security paradigm of the Security Service Edge (SSE). The new quadrant, with its unification of security parameters as a service function, represents the natural evolution of the SASE framework (Secure Access Service Edge). By eliminating the “A” for – Access – the decreasing importance of the security stack at the network perimeter becomes transparent, the previously regulated the access authorizations to the company network and thus ensured IT security within the sealed borders. The network itself is no longer viewed as part of the security watchdog, but simply as a means of transporting data flows towards a new security model.
The classic network is losing importance
SSE thus reflects the circumstances that have gained relevance in companies over the past two years. Employees have left the secure network in favor of new working environments (and due to ordered contact restrictions) and have accessed their applications from anywhere. The applications have already found a new home in cloud environments for a decade, gradually reducing the importance of the data center. Driven by the pandemic, however, the procrastinators have also made their way to the cloud. But if neither applications nor employees are located within the corporate network, then what is the point of a security stack at the network edge? The Security Service Edge provides the answer to the reorientation of the security infrastructure.
In modern work environments, securing the direct path from the user to his application plays a decisive role – without the intermediate step of a network perimeter. And it is precisely this core idea that revolves around a Security Service Edge approach, with Zero Trust being the cornerstone of implementation. When a user needs access to an application or service, that access must be role-defined and continuously monitored. Regardless of where the applications are hosted, security must be inline between the user and the application. This control instance is best taken over by a cloud function that offers the necessary agility and flexibility for a wide variety of application scenarios.
A working model becomes a reality that is no longer tied to a network for access to applications, but offers universal access based on user identity, regardless of the user’s location. The least privileged access shows its strengths in all modules of the SSE and accordingly also forms the basis for CASB or DLP. Because the focus is always on policy-based access rights, be it for access to permitted applications, web services or at the level of individual documents.
Universal access for future scenarios
To keep up with the changes, IT departments are now tasked with choosing the right tool for the job. Applied to IT security, this means that they have to take the step away from network appliances as gatekeepers for security tasks and follow a new approach with SSE, which switches security directly between the user and application or service. At the same time, the IT departments are paving the way for companies to take the next steps towards digitization. Because Zero Trust not only shows its strengths for user access authorizations, but can also be used for devices or workloads.
With applications that are outsourced to the edge or IIoT and operational technology (OT), the next digital applications are in the starting blocks, which also want to be secured. Then it is no longer just the cloud that represents the connective tissue for access, but the Internet or, in the next step, even the wireless connection via the next-generation radio standard. Because 5G already enables completely new application scenarios beyond the classic network, whose data transmission and access authorizations should also be secured. And this is where cloud-based security can come into play as well. In this way, companies not only pave the way for today’s security requirements of employees on their applications, but also bring in the full potential of the cloud in a future-oriented manner. The classic network is completely unhinged by edge computing.