Start Your Zero Trust Journey With the Gartner® SASE Roadmap

TL; DR:

Here’s the reality: hybrid and remote work are here to stay. This means access to your corporate data can now come from anywhere, on any device and any network. In order to tackle this new norm, Gartner has defined a new cybersecurity framework called Secure Access Service Edge (SASE).

The idea is that organizations should deploy one converged solution for security and access that is software defined and delivered from the cloud. As per Gartner, ”SASE offerings replace the implicit trust in legacy networking models with explicit, continuously assessed adaptive risk and trust levels based on identity and context for all connections — remote, on campus, in a branch or in the headquarters.” This enables organizations to mitigate against advanced threats and significantly reduce the cost of security operations.

But a complete transition is no simple feat. As Lookout Head of IT Joel Perkins said in a recent blog, deploying SASE is a journey. A full implementation would require organization-wide coordination and the phasing out of existing investments.

The 2021 Gartner Strategic Roadmap for SASE Convergence guides organizations through this potentially lengthy transition. I believe this report is a great tool for anyone looking for guidance about how to start their SASE journey. To get you started, here are some of my key takeaways.

Why SASE?

Cybersecurity requirements have changed

While the adoption of mobile devices and cloud applications began years ago, COVID-19 accelerated digital transformation. With the work-from-anywhere initiatives at the forefront — where employees are increasingly using unmanaged devices — organizational access requirements have been turned inside out.

Rather than data centers being the focal point for access needs, most users endpoints, apps and data now live outside of office perimeters. This means the internet has replaced internal networks, and organizations no longer have visibility into how their data is handled nor do they have the controls needed to secure them.

Legacy tools have become inadequate

As outlined by Gartner, “a mix of legacy perimeter-based security hardware, the use of different vendors for CASB, SWG, ZTNA and SD-WAN functions, and separate organizational structures for networking security and networking have created a complex and unmanageable collection of vendors, agents, consoles and traffic hairpinning.” 

But as productivity becomes more agile, so should security. I believe this is why Gartner created the SASE model. The idea is to leverage integrated solutions that are cloud-delivered so that organizations can have Zero Trust secure access capabilities regardless of where work is happening. SASE provides a scalable and easy-to-deploy framework that takes security to where it needs to be.

Embrace Zero Trust and the SASE convergence with a plan

In the SASE Roadmap, Gartner recognizes that “enterprise transition to a complete SASE model will take time.” It also references the fact that larger organizations have to break down walls between siloed security and operations teams. The report provides detailed guidelines on short term, mid term and long term goals. Here are a few ideas that stuck with me:

Move from VPNs to ZTNAs

Virtual private networks (VPNs) deployments are where implicit trust is happening. To move away from that, Gartner recommends the deployment of “ zero trust network access (ZTNA) to augment or replace legacy VPN for remote users, especially for high-risk use cases.” Unlike VPNs, which connects a user to the entire enterprise network, ZTNA is a technology that connects the user only to the apps they need for work. This eliminates the possibility of an insider threat or compromised account from compromising an entire infrastructure by moving laterally. The report says to immediately deploy ZTNA for remote workers and high risk use cases, with the goal of eventually moving everyone onto ZTNA, including those inside office perimeters.

Lookout ZTNA simplifies secure access by understanding content sensitivity as well as the context by which access is occurring, such as the fluctuating risk levels of endpoints and users. As a result we’re able to make smart Zero Trust access decisions that safeguards data without hindering productivity. Check out this blog by Lookout CTO of SASE Products, Sundaram Lakshmanan, to learn more about why ZTNAs address requirements VPNs cannot.

Transition to integrated solutions

One of the pillars of SASE is to cut down on complexity and reduce costs by deploying converged solutions that have capabilities previously delivered by multiple products — such as data loss prevention (DLP). Gartner recommends organizations to “inventory equipment and contracts to implement a multiyear phase out of on-premises perimeter and branch hardware in favor of cloud-based delivery of SASE capabilities.” While this may take several years, the end goal is to only have one or two closely integrated vendors that can deploy Zero Trust.

Create dedicated secure access teams

To break down the walls that were built for legacy security and network practices, Gartner recommends the creation of “a dedicated team of security and networking experts with a shared responsibility for secure access engineering spanning on-premises, remote workers, branch offices and edge locations” 

I also recommend including the cloud application architecture experts as part of this. As organizations increasingly rely on cloud capabilities as a service — software, infrastructure, platform and function — it is critical that your dedicated secure access team incorporate comprehensive security within their tactical and the strategy goals.

Get started with the Gartner SASE Roadmap

The SASE implementation process is a journey that has the end goal of enabling organizations to stay agile and secure data no matter where it goes. Here at Lookout, we have built an integrated platform that does just that. By taking into account the context and threat levels by which access is occurring, as well as the sensitivity level of the data being accessed, we enable organizations to make intelligent Zero Trust access decisions that don't hinder productivity.

To get started on your SASE journey today, download a complimentary copy of the 2021 Gartner Strategic Roadmap for SASE Convergence.

Gartner, 2021 Strategic Roadmap for SASE Convergence, Neil MacDonald, Nat Smith, Lawrence Orans, Joe Skorupa, 25 March 2021

Gartner is a registered trademark of Gartner, Inc. and/or its affiliates in the U.S. and internationally and is used herein with permission. All rights reserved

TAGS

Lookout delivers endpoint-to-cloud Security