Bridging the Network-Security Divide with SASE Thinking

The many business benefits made possible by digital transformation are undoubtedly making waves across industries. Data is the raw material that drives smarter decision-making, and as such, drives value for organizations, but things quickly get challenging when you start to consider how all that data will be used—and who has access to it, when. It was easier for security teams when all this data was housed inside the perimeter of the data center environment over which the organization had total control. Now, however, the business relies on remote workers and extensive collaboration with third-parties, leveraging  SaaS and cloud-based tool providers who can only deliver results when provided with this critical data.

Starting to think with SASE

How can we protect and share the rapidly expanding pool of data powering digital transformation? This is the crux of the challenge facing network and security teams, and the only way to solve it is by working together. We need to take a holistic and converged approach to how we approach this problem with both the network speed and performance characteristics being hand-in-glove with the data security requirements. Otherwise, we’ll never get to a seamless, secure flow of data businesses expect digitalization to provide.  

That’s what makes the SASE concept so important. In the modern, cloud-first world there is no more “inside” and “outside.” Data is being used in multiple environments and the associated risks are no longer neatly divisible between internal and external security needs. Businesses need to interact with customers and third-parties and it isn’t confined to just the data center.  Business needs to go where its requirements lead. Period.  

SASE architecture, when properly implemented, protects data and users wherever they are in the cloud, however they choose to use data. By putting a security cloud between users and the applications and data they access–at the point of access, with proper context considered every time— organization’sregain control without thwarting choice and collaboration, or hurting the user experience. A security function can then enable the business to innovate without creating undue risk.

Converging networking and security needs

There’s a critical element to getting SASE right that isn’t discussed as often as the definition of the SASE framework itself. SASE isn’t the driver for transformation, it is just one component of what makes it possible to safely meet those needs. SASE enables those with security and network responsibilities to give answers that support the needs of the business. 

This is important because key decision-makers like CIOs and CISOs aren’t squarely focused on technology. They care about risk, requirements, and standards. SASE lets network and security better participate in the shared mission of managing risk while meeting business needs. The transparency of SASE—with Zero Trust principles applied at every point data is accessed—reveals where the data is flowing, who is using the data, and how the data is being controlled. That, in turn, helps security teams implement the right level of controls commensurate with the business’ appetite for risk and risk mitigation expectations, and helps networking teams optimize connectivity, uptime, and business resilience. 

Don’t underestimate how important this convergence is. The neat divide between network and security teams that functioned in the past is now stifling collaboration. Before, network people built the roads the business needed to go on to get things done. Then the security team had the job of erecting the guardrails and manning the barriers on that road to keep data, people, and systems safe.

That separation in the pre-SASE world resulted in conflicting or misaligned priorities. When the network teams are obsessed with performance and the security teams are obsessed with protection, individual team needs might be met, but the user experience suffers and therefore, so does the business. Everything feels unwieldy. 

These issues continue to be reflected in organizations that are being slowed or stopped altogether as they try to migrate to cloud services and applications. More worrisome is when organizations accept higher levels of risk because they must conduct business digitally but lack the means for controlling the process appropriately. Perhaps this is most obvious when the inefficiencies of disjointed infrastructure force security and/or network people to say no when the business is trying to execute steps toward a goal.

Alignment in complex business activities such as security and networking is never automatic or easy. But in my experience, there are a few rules that can guide SASE implementations and lead to a secure and unchained business. If you’re stuck on alignment, ask your teams to review and adhere to these:

• To avoid conflicting priorities and optimizations, network and security teams should agree on a common set of metrics for digital risk, network performance, and user experience. Each action taken should be evaluated with respect to the unified set of metrics and these goals are jointly owned—they are equally accountable
• To increase awareness of business enablement, network and security teams should use the increased telemetry delivered by a mature SASE platform to create a new set of metrics that reveal the reality of business activity and processes, and the potential to identify opportunities for business growth. The constant focus on learning how business is operating, and understanding end-user actions, behaviours and processes, will help manage digital risk in addition to identifying performance uplifts.
• The network and security teams should seek to use the greater visibility delivered by SASE and the metrics identified in the first two rules to identify emerging risks and develop strategies to manage these within risk appetite. This allows development of business, network, and security roadmap that gets ahead of threats in a unified way, which is one of the promises of SASE.

SASE is important because it harmonizes security and network functions to create a single, coherent perspective that is focused on the same achievements as the rest of the organization. Its impact is tangible to the entire business because there is a newfound capability to respond quickly to new requirements and achieve new business objectives, while also having the instrumentation necessary to monitor and maintain activities within the boundaries of the organization’s risk appetite, reducing friction for customers and employees in the process.