Industry Insights with Kate MacLean

Endpoint Security , Open XDR

Hybrid Work Means SASE: Rethinking Traditional Network and Security Architecture

Having a VPN Isn't Enough Anymore
Hybrid Work Means SASE: Rethinking Traditional Network and Security Architecture

The events of the past year have redefined the world of work, with millions working and collaborating remotely instead of being tethered to a physical office.

Remote work isn't a new thing for everyone and eventually a large number of the people working from home will be able to return to offices, but not all will return. When things open up, it's likely that some organizations will not require people to go into the office the same way they used to. This situation will create a Hybrid Work model.

Hybrid Work is about having the choice and the ability to work from an office location or from anywhere else, and it's likely that a good number of companies will embrace that approach.

The Hybrid Work model doesn't just change the physical location of where employees work. It also has an impact on how organizations enable security across a distributed, borderless network architecture. With users both in and out of the office, using applications that are located in an enterprise data center as well as SaaS (Software-as-a-Service) applications in the cloud, the traditional network architecture is no longer sufficient.

Traditional Network Security Falls Short for Hybrid Work

In a traditional network security architecture, users in an enterprise sit behind a firewall and an IDP/IPS (Intrusion Detection/Intrusion Protection System) with perhaps some form of local access control. Remote workers connect into the enterprise with a VPN, which tunnels all the traffic so the user benefits from the protection of the enterprise network security deployment.

But what happens when users aren't on the VPN? How is traffic secured for SaaS? What about visibility for users who are not on the enterprise network?

Without visibility, there is a gap for both users and the organizations they work for, and that's a risk. Attackers are aggressively going after unsecured endpoints as they follow the path of least resistance.

Simply put, without visibility across the Hybrid Work landscape, how do you know if you haven't already been compromised?

It's a SASE Hybrid Work World

An emerging model for security in the Hybrid Work world is a concept known as the Secure Access Service Edge, more commonly referred to by its catchy acronym - SASE (pronounced "sassy").

SASE is all about networking and security coming together. The term SASE was coined by analyst firm Gartner in 2019 to describe a movement that was already starting to occur. Firewalls were adding secure web gateway features, including URL filtering, AV inspection and more. Cloud Access Security Broker (CASB) functionality was increasingly being converged into Secure Web Gateway technology. And it was all ultimately being delivered as a cloud service.

SASE goes beyond just bringing security tools together. It provides a convergence of both security and networking capabilities to enable people to work from anywhere with the performance that they need and the security that the modern threat landscape demands.

The Path to SASE

SASE is not a single product but a spectrum of capabilities that can be used by organizations to help improve networking and security for users, no matter where they are.

A SASE approach can include SD-WAN for networking connectivity, cloud-based security tools, "zero trust" access control technology and even VPN capabilities where needed.

Most people already spend the majority of their time online in a web browser that provides access to any number of different types of business and personal applications. These applications may reside in a public cloud, a private cloud or enterprise data centers. Some organizations may look to move away from traditional VPN technology in favor of a zero trust framework to provide secure access to internal apps. VPN capabilities will evolve, but they will continue to enable secure access to enterprise networks, apps and data for years to come and should be considered a component of SASE and the hybrid world of work.

While some technologies might be branded as being SASE, the path to SASE will be a journey for vendors and customers alike. Adopting SASE is truly about finding ways to simplify your networking and security stack by converging technologies and adopting more cloud-managed and cloud-delivered capabilities.

If your organization is already using the cloud to manage different networking or security capabilities, you're already somewhere on the path to SASE. Look at what you have, consider your users and applications and then begin to consolidate vendors and move more and more to the cloud.

The network and security architectures that are traditional today were once new and were deployed over time. The same will be true of the new world of Hybrid Work as SASE takes its place to enable an era of improved network performance and security.

About the Author

Kate MacLean

Kate MacLean

Sr Manager, Product & Content Marketing, Cloud Security

Kate MacLean is a marketing leader and member of the Cloud Security product team at Cisco. She brings more than a decade of security experience, with a specialization in SaaS, product packaging and go-to-market strategy. As a busy mom, Kate know the importance of reducing risk, triaging situations and securing the limitless perimeter of life. Kate holds an undergraduate degree from Bentley University and her MBA from Boston University.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.