Industry Trends

A CISOs Guide to Secure Access Service Edge (SASE)

CISO on CISO Perspectives

With networks expanding beyond traditional edges and to account for changes in location of remote workforces (which today is anywhere and everywhere), SASE has become top of mind for CISOs. Fortinet Field CISOs Alain Sanchez, Jim Richberg, and Joe Robertson joined us to discuss the challenges CISOs are facing when it comes to SASE and how CISOs can identify the right SASE solution for their organization. 

What are some of the challenges facing CISOs when it comes to finding and implementing SASE solutions? How can they be addressed?

Jim – One of the things CISOs may be asking themselves is whether SASE is something they should be investing in now. It is a relatively new concept in the security world but is constructed from familiar parts; why the urgency to adopt? 

While organizations have made major strides in securing hybrid work models over the last year, there is still a lot to be done. Workforces will likely remain hybrid in some respect long-term and security must adapt alongside that. Employees are accessing data and applications from more devices and locations than ever, and this will persist as part of the ‘new normal’ working environment for many organizations post-pandemic. ‘People are the new perimeter’ for such organizations, and SASE enables them to provide secure access for employees, customers, and partners across operating environments and use cases. A SASE solution can enable that by securing any user, anywhere on the network. 

Beyond that, the adoption of SASE may not be all that difficult if you are with a vendor that provides an integrated cybersecurity platform. Integration and maturity of capability are key. 

Alain – Because SASE is still relatively new, there are a lot of different approaches when it comes to SASE. Some vendors are saying that the cloud alone is the future and we must shift all our resources to that, and then on the other side some vendors are saying the same about on-prem. 

What I hear from my fellow CISOs these days is both the cloud and on-prem are to remain a significant part of our operational architectures. That is why I am much in favor of a SASE solution that integrates in hybrid environments —and this includes the LAN, WAN, 5G, and cloud edges. 

The other important notion is to secure applications, as these are the components that actually create the added value in any digital innovation. As enterprises accelerate their digital transformation, they realize that the first generation of SASE solutions based on explicit proxy can be bypassed at local level. I would suggest to favor the use of a local client that encrypts all traffic, then applies the firewall rules and is fully integrated in the Operating System. This solution cannot be bypassed. 

We talk a lot about the convergence of security and networking—how does SASE help drive a Security-driven Networking strategy? Why is this important to CISOs?

Joe - Today, users require uninterrupted access to the network and cloud-based resources from anywhere. The reality of this is that with 5G, cloud migrations, sustained work from home, and similar outcomes from digital innovation, the traditional network has transformed, leaving us with many network edges that organizations are struggling to secure.

Organizations now require the convergence of traditional and cloud-based security, as well as deep integration between security and fundamental networking elements. By leading with a security-driven networking strategy, organizations can ensure high performance and security anywhere. Such a strategy should be focused on flexibility and choosing the right solution for the right situation: SASE will play a key role in this framework moving forward, particularly as it relates to the cloud, but one size does not fit all. CISOs should look to work with partners that can provide a variety of access solutions, including but not limited to SASE. Secure SD-WAN and ZTNA solutions should be part of the mix. 

Jim – As with the concept of security-driven networking, for SASE to work well each of its components need to interoperate as a single system – connectivity, networking, and security elements alike. Every component needs to be designed to interoperate and needs to seamlessly integrate with the larger corporate security framework. It's not good enough to have capabilities that are kludged together—the integration needs to be tight, comprehensive, and with a level of performance that is both high and can be independently verified. 

In the era of cloud connectivity and digital innovation, networking and security must converge. We cannot rely on siloed architectures to provide the performance and security that today’s networks require.

What core elements should CISOs be looking for when a SASE vendor is presented to them?

Joe - SASE is intended to address the control and security needs of distributed and dynamic networks—whether on-premises or in the cloud. However, very few SASE vendors are qualified to provide a comprehensive solution with the level of security and WAN integration organizations actually need. 

To ensure their vendor is able to address the current and future requirements of their network, CISOs should look for vendors that offer a SASE solution that is part of a larger integrated security platform, one that goes beyond mere access to address edges, applications, clouds and SaaS as a unified whole. Further, a SASE solution should provide enterprise-grade security informed by advanced threat intelligence.

Alain - SASE is probably going to be foundational to securing remote work, as we move progressively out of the lockdowns. This said, a long-term approach needs to embrace OT and the incremental risks associated to it. Such active risk management strategy has to be integrated into a company-wide mitigation approach. And this is where the CISO has a role to play, not only as a technology advisor but as part of an overall security maturity strategy. 

In this context, SASE is one piece of a larger strategy. CISOs should be the catalysts of a holistic business and technology solution. Their dual technology and business acumen enable them to architect a larger security strategy. 

Learn more about how SASE is the future of security and networking. From SD-WAN, ZTNA, CASB, and NGFW, the Fortinet platform provides complete readiness for embracing SASE.