What Is Secure Access Service Edge?
SASE is a complete shift in network security philosophy. It throws out the old paradigm in which a user’s access to resources is limited by location and adopts an approach that makes access dependent on the user’s identity. Rather than enforcing restrictions specific to location, SASE aims to deliver a secure network connection to authorized users of the network wherever they are in the world.
Implementing SASE requires building out a suite of integrated technologies that can provide a secure end-user experience over untrusted connections. It’s an approach that requires vision and planning, and is typically executed gradually over several years.
SASE is strongly compatible with cloud technology. In fact, many people consider SASE itself to be a cloud service offering. SASE also enables the prolific use of other cloud services by incorporating technology that allows organizations to extend their own security policies into the cloud, deploying cloud service configurations that comply with security and privacy requirements.
Understanding the Core Components of a SASE Architecture
As an integrated cybersecurity philosophy, SASE touches virtually every component of an organization’s security program. From a technology architecture perspective, this means ensuring that the organization has a robust set of tools that cover endpoints, network devices, cloud services and other components of the technology stack.
Let’s inspect the core components of a SASE architecture:
- Identity and access management platforms form the core of a SASE approach. After all, a security philosophy that depends on a user’s identity can only work if the organization is confident of each user’s identity. A modern IAM platform should enable multifactor authentication and provide robust authorization controls across enterprise systems and cloud services.
- Firewalls remain important in a SASE-enabled environment. They continue to enforce perimeter restrictions, keeping outsiders off the network and allowing approved SASE connections to access services.
- VPNs provide the secure data transport required to deliver a SASE connection over the internet. They offer secure, encrypted tunnels that allow users to reach into the corporate network while keeping their traffic safe.
- Intrusion prevention systems offer cybersecurity teams assurance that their networks are protected from attack by monitoring network activity and blocking potentially malicious connection attempts.
- Secure web gateway solutions provide end users with a secure web browsing experience by blocking malicious sites and enforcing content-based security policies. Some organizations may go further and adopt remote browser isolation technology that places web browsing in a virtualized sandbox environment.
- Cloud access security brokers integrate with the many cloud service providers used by an organization and allow administrators to centrally define security policies and then enforce those policies across many different services.
- Data loss prevention platforms watch for attempts to remove sensitive data from approved environments through a combination of watermarking and pattern recognition, and then block such transfers before protected health information can leave the safety of the organization’s network.
- Endpoint protection technologies guard endpoints (such as desktops, laptops and mobile devices) from compromise by combining robust anti-malware protection with detection and response capabilities that enable cybersecurity teams to react immediately to potential attacks.
Fortunately, most organizations already have many of these technologies in place. As they adopt a SASE approach, healthcare systems should move to upgrade and integrate these solutions.
Moving Toward a SASE Strategy in Healthcare
SASE is on the short-term horizon for organizations across all industries. A recent Gartner survey showed that 40 percent of organizations expect to have an explicit SASE strategy by 2024. Given the complexity of implementing SASE, the time is now to begin planning an organization’s next-generation cybersecurity architecture.
Cybersecurity leaders should approach all technology modernization efforts with an eye toward enabling a SASE approach. Making SASE-conscious decisions today will save a healthcare organization significant time and money down the road.