Cloud Vulnerability and Secure Access Service Edge (SASE)

The concept of the cloud became a mainstream phenomenon in the mid-2000s when companies like Google, Amazon, and Microsoft released their own cloud computing platforms. As with any change to the norm, organizations were, at first, apprehensive to the adoption of this foreign concept. Yet despite hesitation, now in the year 2022, “according to Right Scale’s annual State of the Cloud Report” (WebTribunal), 94% of enterprises are utilizing the cloud within their environment. Whether via a hybrid model or pure cloudification, companies are recognizing the benefits of virtualization and establishing them internally. Yet while cloud providers offer a layer of protection from their own repertoire of security tools, organizations need to be prepared to address cloud-based risks that may come from both internal and external sources.

With changing environments comes changing risks and responsibilities, a notion that SecurityScorecard published in a post titled Top 5 Security Risks of Cloud Computing. “Cloud computing introduces another element in that the responsibility of addressing and mitigating…risk is split between the cloud service provider (CSP) and the organization.” Well, if we’re going to understand the actions necessary to mitigate risks, we must first understand what risks are present within the cloud computing environment.

Many companies, like KPMG, suggest that one of the most imminent threats present in the cloud is the risk of data security and regulatory risk. “This can cause business interruption, loss of revenue, loss of reputation, or regulatory incompliance” (KPMG). As previously mentioned, CSPs do have their own set of protections for their users. However, their customer organizations have limited visibility over their controls. Additional worries stem from “unauthorized data access by a service provider and/or less control over who sees what data” (KPMG). Other concerns such as potential data leakage have similarly arisen.

So, with risks that seem to be multiplying despite efforts to quell threats via cloudification, how is an organization to ward off said threats? A more traditional route of protection might be for organizations to mature processes and programs such as Data Loss Prevention (DLP) and Regulatory Compliance. Ensuring policies and procedures are in place that define roles and responsibilities for the likes of prevention, detection, and response will enable businesses to utilize internal resourcing for impact minimization.

Furthermore, the performance of regular audits and/or assessments will provide organizations with the understanding of their gaps as compared to industry-standard or regulatory frameworks. These assessment outputs will enable companies to fill in the blanks and ensure their security programs are robust enough to ensure maximum preservation against old, new, and future risks and threats.

There are progressive solutions emerging in the cloud space such as SASE (Security Access Service Edge). “SASE is the convergence of wide area networking (WAN) and network security services like CASB, FWaaS, and Zero Trust, into a single cloud service model” (K logix). Essentially, the baseline benefits of SASE lie in its ability to cut “complexity and cost” (NetworkWorld). Utilizing a SASE model also allows for the condensing of vendors present within an entity’s environment, easing burdens and threats posed by the existence of too many vendors. In addition to the aforementioned benefits of SASE, benefits include the application of least privilege access, enhancement in staff efficiency due to “centralized, role-based management” (Versa), and optimized performance. As is apparent, since its inception in 2019, SASE has provided companies with significant benefits that extend beyond those included in this discussion. As such, it is recommended that a consolidated platform such as SASE be considered by businesses globally.

With the outbreak of COVID-19, organizations saw a dramatic shift to remote work, disabling the ability to directly oversee employee activity. The move to a work-from-home model also brought about challenges such as network interruptions. Other benefits of procuring SASE include increased security utilizing policies. Said policy setting “also simplifies authentication processes by applying appropriate policies for whatever resources the user seeks based on the initial sign-in” (NetworkWorld). In other words, SASE allows for heightened access security regardless of user or device location.

As the security world moves away from traditional methods of data protection and environmental security, the existence of the cloud is gaining accelerated relevance. While most organizations have prepared for or already enabled cloud-based digitalization, the cloudified world is one step ahead, forcing organizations to now consider the benefits of various types of cloud computing. SASE is just one of the many solutions that will become continuously more prevalent over the coming years. The time is now for organizations to begin to bolster cloud security through the use of these new and improving models, staying ahead of the curve and ensuring minimal impact to environments.

Interested in SASE?

K logix provides comprehensive technology and program advisory services to help organizations determine their SASE maturity and actionable/prioritized steps to meet their SASE goals. Our experienced team of researchers have analyzed SASE vendors and their capabilities, enabling customers to align their requirements and determine the best fit SASE vendors. If you are interested in learning more about K logix’s SASE offerings, reach out to one of our experts: info@klogixsecurity.com.  

By Sydney Gelb, Senior Information Security Consultant, K logix

Sources:

https://webtribunal.net/blog/cloud-adoption-statistics/#gref

https://securityscorecard.com/blog/top-security-risks-of-cloud-computing

https://assets.kpmg/content/dam/kpmg/ca/pdf/2018/03/cloud-computing-risks-canada.pdf

https://www.klogixsecurity.com/blog/k-logix-a-year-in-review-2021

https://versa-networks.com/sase/benefits.php