It’s safe to say that workplace cybersecurity is complicated. Hybrid work is the norm, with millions of remote workers connecting to applications and resources from places all over the globe every day, as well as contractors and vendors logging on from unmanaged devices. Even the definition of the user has expanded. Not all users are human, for instance. IoT devices like remote printers, sensors in industrial locations, and plenty of other smart devices connect to corporate networks every day.
And, most businesses are deep into the transition to a multi-cloud world, where IaaS resources and SaaS applications dominate. With each of these trends and transitions, complexity increases, and potential gaps in security open. The attack surface that bad actors exploit has expanded across billions of connections between people, devices, and apps. In short, the challenges in delivering necessary connectivity – securely – are outpacing the human scale and skills we’ve been using to date.
Delivering a seamless and secure experience is hard, and the stakes are high
It’s not just global workplace and technology trends driving the difficulties.
- Shadow IT: High use of unsanctioned apps increases risk because those apps aren’t vetted to ensure they can adequately protect sensitive customer and business data. Breaches often stem from unsanctioned apps.
- Vendor sprawl: More tools mean high integration effort, reduced ability to correlate threat data across tools, etc.
- Not enough highly trained security personnel: Organizations struggle to find and keep the highly skilled security professionals required, which makes the previously mentioned challenges even worse.
And the business risk is real, with the average cost of a data breach hovering around 4.35 million dollars and the average time to discover and contain a breach at 277 days.
The SSE promise
Security service edge (SSE) represents a new converged, cloud-centric approach that delivers a unified set of security capabilities that provide secure access to the web, cloud services, and private applications. It combines capabilities like secure web gateway (SWG), zero-trust network access (ZTNA), firewall-as-a-service technologies, and cloud access security broker (CASB) into one cloud-delivered service. SSE can protect your organization from threats, can scale easily, and can reduce complexity — no matter where employees log in. In many ways, it’s the answer to the security challenges of a dynamic, hybrid workplace.
Where SSE is today
SSE has delivered some great outcomes, but there are still some shortcomings where there’s room for improvement:
- Efficacy: SSE solutions today focus on a handful of security capabilities, such as SWG, CASB, etc. These are vital, no question. Yet in many cases, they’re not enough. Other capabilities like DNS-layer security, remote browser isolation (RBI), and extended detection and response (XDR) increase the protection. If these aren’t part of the SSE solution, organizations will add other products, increasing integration and orchestration challenges. When multiple vendors are involved, these challenges grow further, leading to inconsistency in security policy definition and enforcement which opens security gaps.
- Complex IT user experience: IT leaders are plagued with the challenges of integrating solutions from different vendors, such as juggling multiple management consoles and many agents/clients. They struggle to define and enforce policies consistently when managing multiple vendors and solutions. Providing secure access to private apps often requires multiple approaches, likely VPN alongside ZTNA, to enable the protection of all (not just some) apps.
- Inconsistent end-user experience: Users expect the same experience and performance when they access the apps and data they need to do their jobs, from wherever they work, whether it’s the office or the airport. Yet with most SSE solutions today, users must use multiple access methods, deal with inconsistent connectivity processes, and may get poor performance from some locations. This leads to frustration and lack of productivity, yet traditionally, end-user experience concerns haven’t been high on the SSE priority list.
Cisco’s way: Reaching the full potential of SSE
Deeply encoded in Cisco’s DNA is a drive to push past the fundamentals and dig deep into what’s possible. As we develop SSE solutions, we are constantly pushing ourselves to think beyond just delivering the basics of SSE. We wrestle with questions that push us to design solutions that are better for users, easier for IT, and safer for everyone. Here are a few core thoughts that we think are essential.
- SSE is a crucial part of a much bigger picture: Connectivity and security are two sides of the same coin, which is why SD-WAN cloud networking and a secure access service edge (SASE) architecture are often talked about as the fully realized version of modern security and networking.
- It is about convergence, but in a much wider sense: Converging security functionality in the cloud, in a single service, improves security while simplifying management. But it’s more than this. Vendor consolidation further streamlines and simplifies the security landscape by deepening integration, increasing coordination of threat detection and response, and simplifying management via centralized approaches.
- Looking beyond traditional SSE: For a product to be an SSE solution, it has to include a handful of core functionality. But why stop there? How much simpler and safer would security be if you could also deliver XDR, EDR, RBI, pervasive threat intelligence, end-to-end visibility, and even more from one security cloud platform?
- Secure access you can trust across every point of service: Our goal isn’t just to deliver a certain set of security capabilities, but true secure access across the whole ecosystem. Our global cloud architecture delivers high performance and low latency for users while processing more than 5 billion web reputation requests per day and blocking more than 170 million malicious DNS queries per day. Our security efficacy is part of why we’re trusted by 100% of the Fortune 100.
- Driving customer outcomes: As a technology company, we can create solutions with dozens of capabilities, but if we’re not solving real issues and protecting organizations from actual threats, then we haven’t been successful. Hitachi, for instance, was looking to secure a hypermobile workforce of 167,000 employees, along with an abundance of devices, systems, and data inside and outside of their corporate network. With Cisco, they were able to build a scalable zero-trust architecture with behavior detection and access control on computers, smartphones, factory devices, and networks.
Whether your security challenges include the need to protect all site locations and roaming users, flexibly pivot with business shifts, or simplify and integrate across your security environment, SSE can help you achieve the security resilience needed today and into the future.
Learn more about SSE
Source: blogs.cisco.com Credit@ Yuval Yatskan