“The wise adapt themselves to circumstances, as water moulds itself to the pitcher.” – Chinese Proverb.
The way we work, socialise, and consume information has changed exponentially over the last few years. This has been driven owing to global macro and micro events, such as world health emergencies or the continued march of technological innovation. The result is our ability to understand, publish and consume information has changed radically.
Governments and businesses need to keep pace with the changing landscape of how society uses these evolutions and in doing so need to adapt their business models, security efficacy and accessibility for their users.
One such example is the explosion of remote work, coupled with the continued march towards ‘cloud-first’ technology consumption. Resulting in expectations from both internal and external stakeholders that services should always be accessible, fast, and secure. This presents a challenge: How do we secure such a disparate infrastructure where sensitive information is stored in various places, from datacentres to SaaS Services like Microsoft 365 and personal end-user devices?
Securing the user from the endpoint through to the application itself has become a key battleground in the protection of information, detection of data exfiltration, shadow IT, even network and endpoint health for pre-emptive troubleshooting. Typically, organisations need to retro-fit controls, tools, and policies into systems with varying levels of technical debt resulting in a disjointed approach. The culmination of this approach often sees multiple point tools with little-to-no integration being deployed. Ultimately presenting their own set of challenges to the organisation.
Another approach organisations are taking is to centralise security and network within one platform. This is called Secure Access Service Edge or SASE (for those of you wondering, it’s pronounced SASY). Simply put, SASE is a cloud-delivered, centrally managed security solution that encompasses network-level capability in a Software Defined Wide Area Network (SD-WAN). Both Gartner and Forrester have released their respective analysis on who they believe to be the players in SD-WAN and SASE.
Figure 1: SASE Architecture
A SASE architecture has the potential to enable organisations to design flexibility and scalability into their operational model without compromising security or user experience. The integrated nature of the platform means it is a strong launch pad for the adoption of granular Zero-Trust Access (ZTA) controls to organisations’ data and that of their customers.
The effective implementation of a SASE Architecture involves a deep understanding of the network, security, and end-user requirements to be successful. Typically, this means engaging multiple different teams in the organisation to clearly define requirements as well as what is supported. Next, we need to engage operational teams to define what they need to see to be able to support the organisation. For example, Digital Experience Monitoring (DEM), network-level events and logs. This may sound daunting, but doing this early on can mean the organisation can have a clearly defined roadmap for the adoption of a single technology that can cater for a multitude of different use cases from one platform. This drives down the Total Cost of Ownership (TCO) to the organisation using a common set of tools and skills within the respective teams.
Fortinet’s approach to SASE looks to extend far further than the current solutions, coining the term Universal SASE. Imagine an architecture where a single platform can secure and provide actionable intelligence for the network, endpoint, SaaS services, experience monitoring, IoT/OT equipment and even branch switches and access points. “A pipe dream”, I hear you shouting? Well, with Fortinet this is quickly becoming possible through the centralised management ethos and world-class security capabilities from FortiGuard Labs.
Figure 2: Some features and benefits of the Fortinet SASE solution
For a lot of organisations, the move from a traditional siloed network and security ecosystem is not a simple endeavour. Therefore, we need to map out a journey to get organisations to a point where they can utilise this flexible security and network method with ease. This is what a world-class cybersecurity partner can do for you.
Let us recall that proverb: The wise adapt themselves to circumstances. Find out more about how Fortinet is helping guide organisations to adopt a SASE architecture at the International Cyber Expo at Stand P70. Come and listen to my product innovation session at the Tech Hub stage called ‘The Journey to Secure Access Service Edge (SASE)’ at 13:25-13:45 on the 26th of September.
By Dan Kendal, Senior Systems Engineer, Central Government, Fortinet UK